Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virusbefall - alle Dateien umgeschrieben/locked

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2012, 15:32   #1
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Hallo,

ich bitte um Hilfe, habe schon seit einiger Zeit nen Gema Virus(Ich soll bezahlen wegen Verstoße xyz), der immer wieder mal mein Rechner geblockt hat. Im Abgesicherten Modus --> MSConfig habe ich den dann aber immer wieder unter Startprogramme deaktiviert, dort schlummern jetzt ne menge deaktivierter Programme mit ominösen namen, teilweise auch Russisch.

Vor einer Woche hatte mein Rechenr plötzlich stark gearbeitet obwohl ich nichts großes gemacht habe. Er hat fast alle Dateien umgeschreiben/unlocked welche sich jetzt nicht mehr öffnen lassen. Auch Bewerbungen etc..
z.B. locked-DSCF3040.JPG.vgrg

Ich hoffe ihr könnt mir helfen!?
Danke im vorraus.

In Avira habe ich auch noch 3 Dateien in Quarantäne

Gruß

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: HUBI [Administrator]

Schutz: Aktiviert

13.06.2012 14:18:36
mbam-log-2012-06-13 (15-20-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373734
Laufzeit: 1 Stunde(n), 1 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{XcGP2KlK-yYb9-SgBR-by0z-t15cbOOQlbbd} (Backdoor.Messa) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001ca6 (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Temp\pkg_0ll.exe (Trojan.XBuild) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Philipp\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

Geändert von Stonie44 (13.06.2012 um 16:03 Uhr)

Alt 15.06.2012, 19:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten!

Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________

__________________

Alt 16.06.2012, 14:23   #3
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Ok sorry, habe ich nachgeholt ist jetzt alles in Quarantäne!

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: HUBI [Administrator]

Schutz: Aktiviert

16.06.2012 13:17:13
mbam-log-2012-06-16 (13-17-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377580
Laufzeit: 57 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{XcGP2KlK-yYb9-SgBR-by0z-t15cbOOQlbbd} (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001ca6 (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 17.06.2012, 21:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2012, 14:49   #5
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Wie empfohlen.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 12:42:15
# local_time=2012-06-18 02:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 21181065 21181065 0 0
# compatibility_mode=5893 16776574 100 94 39036342 91648601 0 0
# compatibility_mode=8192 67108863 100 0 125 125 0 0
# scanned=180866
# found=5
# cleaned=0
# scan_time=4583
C:\Users\Philipp\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\Local\Temp\is1590112554\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe probably a variant of Win32/Adware.HLQFYSH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\Local\Temp\is1590112554\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5f949778-7b649df0 Java/Exploit.Agent.NCI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\54baa.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I


Alt 18.06.2012, 15:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Virusbefall - alle Dateien umgeschrieben/locked

Alt 18.06.2012, 17:37   #7
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



1. Ja der normale Modus läuft uneingeschränkt, abgesehen von den vielen Dateien die ich nicht mehr benutzen kann. Wobei z.B. Fifa12 noch geht aber mein altes Profil war nicht mehr verfügbar. Allerdings ist Fifa das kleinste Problem.

2. Im Startmenü fällt mir nichts ungewöhnliches auf.

Gruß

Und den Adobe Flash Player muss ich glaube neu installieren, ich habe zwar keine einschränkungen beim browsen aber z.B. bei Bild.de will er immer den Adobe installieren.

Alt 18.06.2012, 21:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2012, 22:12   #9
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Danke für deinen Einsatz!
Außerdem gab es noch eine Textdatei namens Extras.

Code:
ATTFilter
OTL logfile created on: 18.06.2012 21:54:35 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Philipp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,90% Memory free
7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 15,61 Gb Free Space | 10,48% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 112,80 Gb Free Space | 75,88% Space Free | Partition Type: NTFS
 
Computer Name: HUBI | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 21:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:50:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.06.03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.06.18 18:29:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 15:50:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:50:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.04.25 16:45:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 23:47:25 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{436E383C-0E08-48A1-A2C2-7023F2BF3EE3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.07 19:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.11.14 17:18:24 | 000,000,000 | ---D | M]
 
[2011.10.21 21:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.06.13 14:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions
[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com
[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com
[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi
[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz
[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy
[2011.10.26 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.08.06 13:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.09.20 14:28:30 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\locked-.egpa
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\locked-.nonq
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\locked-.qtjf
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.lslr
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE556F15-F563-422D-B023-7D818ACEEA86}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun
O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)
MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: UpgradeHelper - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{72D2FA70-A635-4482-AF23-546AD89A696B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koyote Soft Toolbar
[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.06.18 13:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.13 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.13 14:17:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.13 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.07 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PDF24
[2012.06.07 14:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.07 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.06.06 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Eric_Deutsch
[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2012.05.22 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011.10.21 21:16:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 17:40:41 | 001,558,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 17:40:41 | 000,684,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 17:40:41 | 000,625,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 17:40:41 | 000,139,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 17:40:41 | 000,115,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 17:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 12:32:49 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.16 19:27:52 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012.06.15 16:00:59 | 000,007,604 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012.06.14 17:19:06 | 000,000,193 | ---- | M] () -- C:\Users\Philipp\Desktop\Dokument1.rtf
[2012.06.14 17:06:19 | 000,324,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:17:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.13 14:07:23 | 000,000,359 | ---- | M] () -- C:\user.js
[2012.06.07 14:48:18 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.07 14:48:18 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.06 18:30:35 | 001,070,732 | ---- | M] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf
[2012.06.06 16:58:32 | 003,262,159 | ---- | M] () -- C:\Users\Philipp\locked-DSCF3040.JPG
[2012.06.06 16:57:21 | 003,490,686 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme2.odt.tqdf
[2012.06.06 16:57:21 | 000,058,949 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Unbenannt 1.odt.iibh
[2012.06.06 16:57:21 | 000,022,283 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Schlussund Vorwort.odt.srzh
[2012.06.06 16:57:21 | 000,011,030 | ---- | M] () -- C:\Users\Philipp\Documents\locked-selbständigkseitserklärung.odt.ywfy
[2012.06.06 16:57:21 | 000,003,141 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme.rtf.llgr
[2012.06.06 16:57:21 | 000,001,728 | ---- | M] () -- C:\Users\Philipp\Documents\locked-RK_KG.rtf.ddtx
[2012.06.06 16:56:48 | 000,043,297 | ---- | M] () -- C:\Users\Philipp\Documents\locked-HSV Dresden_Mitgliedsänderung.pdf.jdno
[2012.06.06 16:56:48 | 000,033,023 | ---- | M] () -- C:\Users\Philipp\Documents\locked-kalorien-verbrauch-tabelle.gif.wmcy
[2012.06.06 16:56:46 | 001,700,202 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Ganzseitiges Foto.pdf.aapv
[2012.06.06 16:56:39 | 005,681,929 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Flyer_BW.pdf.uueu
[2012.06.06 16:56:39 | 000,194,235 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.odt.rril
[2012.06.06 16:56:39 | 000,010,004 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.PDF
[2012.06.06 16:56:37 | 001,361,327 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner3.rtf.zslr
[2012.06.06 16:56:37 | 000,200,037 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner2.rtf.fjxt
[2012.06.06 16:56:37 | 000,003,079 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner4.rtf.aage
[2012.06.06 16:56:36 | 000,344,107 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit_Fertig.odt.rlle
[2012.06.06 16:56:36 | 000,200,486 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner.rtf.yycp
[2012.06.06 16:56:36 | 000,061,294 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_open_office.odt.zhzi
[2012.06.06 16:56:36 | 000,058,097 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad2.odt.wyyw
[2012.06.06 16:56:36 | 000,030,536 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina3.odt.puap
[2012.06.06 16:56:36 | 000,028,769 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Europa-SK.odt.eelu
[2012.06.06 16:56:36 | 000,018,784 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina.odt.kyfk
[2012.06.06 16:56:36 | 000,010,732 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina2.odt.ppyf
[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung.odt.pcmf
[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung - Kopie.odt.cyyc
[2012.06.06 16:56:36 | 000,007,192 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad.odt.qqjt
[2012.06.06 16:56:36 | 000,007,183 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-Ernährung.odt.vvua
[2012.06.06 16:56:36 | 000,002,803 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule.rtf.kywk
[2012.06.06 16:56:36 | 000,002,130 | ---- | M] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle
[2012.06.06 16:56:36 | 000,001,248 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn
[2012.06.06 16:56:35 | 000,023,040 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht.dot.xxtn
[2012.06.06 16:56:35 | 000,021,519 | ---- | M] () -- C:\Users\Philipp\Documents\locked-bundesvverfassungsgericht.odt.ftof
[2012.06.06 16:56:35 | 000,021,450 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_ohne_Lösungen.odt.ugeu
[2012.06.06 16:56:35 | 000,021,210 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_mit_Lösungen.odt.cwkc
[2012.06.06 16:56:35 | 000,021,077 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Die_Vermessung_der_Welt_Stilmittel.odt.yycy
[2012.06.06 16:56:34 | 028,906,460 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scotch - Samstag 2 (Nachgetreten) live @ Fahrenheit100 08.10.2011.avi.fonf
[2012.06.06 16:56:34 | 001,553,208 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-softonic_ggl_1.5.11.5.exe.nodq
[2012.06.06 16:56:34 | 000,507,904 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-video_converter.exe.zrrh
[2012.06.06 16:56:34 | 000,299,892 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20 x 25 cm (1).pdf.xtot
[2012.06.06 16:56:34 | 000,204,283 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-SX_110_Reflex_Active_c_h_509d.pdf.urel
[2012.06.06 16:56:34 | 000,045,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvss.png.fmyf
[2012.06.06 16:56:34 | 000,044,730 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvssd.png.lbnl
[2012.06.06 16:56:34 | 000,030,991 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xvvbdf.png.ppgl
[2012.06.06 16:56:34 | 000,027,502 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20120811_BAEHR_7FLAWP.pdf.nlhn
[2012.06.06 16:56:34 | 000,006,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Stchpunkte.odt.palg
[2012.06.06 16:56:34 | 000,000,984 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xetudebo.dlc.xxno
[2012.06.06 16:56:34 | 000,000,109 | ---- | M] () -- C:\Users\Philipp\Documents\locked-.~lock.Europa-SK.odt#.ffdx
[2012.06.06 16:56:33 | 000,009,928 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scheinheilig.odt.cfyy
[2012.06.06 16:56:32 | 081,683,527 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-KWaJZ-WathThr.rar.nxqj
[2012.06.06 16:56:32 | 025,315,962 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.avi.xnxt
[2012.06.06 16:56:32 | 013,644,588 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.mp4.otxq
[2012.06.06 16:56:32 | 001,328,939 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-NationalHarvestGuide.pdf.slsb
[2012.06.06 16:56:32 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Minecraft.exe.ywwk
[2012.06.06 16:56:32 | 000,131,349 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-kfz_unfallbericht.pdf.lpuv
[2012.06.06 16:56:32 | 000,078,401 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Lebenslauf.pdf.cmyk
[2012.06.06 16:56:32 | 000,064,303 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Deckblatt.pdf.ppul
[2012.06.06 16:56:32 | 000,013,903 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Bewerbung.pdf.kpcy
[2012.06.06 16:56:32 | 000,011,619 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nic-Nico.rar.jxqd
[2012.06.06 16:55:31 | 733,894,656 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-crcl-new.moon.xvid.avi.hhnr
[2012.06.06 16:55:31 | 003,193,666 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-cdrtfe-1.3.9.zip.lgel
[2012.06.06 16:55:31 | 002,110,084 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-facharbeiten.pdf.wwym
[2012.06.06 16:55:31 | 000,986,872 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-FreemakeVideoDownloaderSetup.exe.lrev
[2012.06.06 16:55:31 | 000,305,380 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Dok133.odt.ykyc
[2012.06.06 16:55:31 | 000,278,243 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.pdf.pymp
[2012.06.06 16:55:31 | 000,020,441 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-d vortrag 6.2.odt.reuv
[2012.06.06 16:55:31 | 000,016,412 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-dynamo dresden mein verein.odt.uleu
[2012.06.06 16:55:31 | 000,010,272 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung.odt.btno
[2012.06.06 16:55:31 | 000,009,905 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.odt.rrbi
[2012.06.06 16:55:31 | 000,009,031 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Die Presse.odt.ccyp
[2012.06.06 16:55:31 | 000,007,274 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-eng.odt.wmyf
[2012.06.06 16:55:31 | 000,005,572 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hangover.2.DVDRiP.LD.German.XViD-ExPERT-9lcoatlnw7r4.dlc.nnof
[2012.06.06 16:55:31 | 000,004,827 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hallo Herr Dietze.odt.cypm
[2012.06.06 16:55:29 | 132,632,576 | ---- | M] () -- C:\Users\Philipp\locked-DBFahrplaninfo.exe.glpg
[2012.06.06 16:55:29 | 000,043,679 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvmb.png.eulr
[2012.06.06 16:55:29 | 000,041,458 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvm.png.kkyf
[2012.06.06 16:55:29 | 000,008,312 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Ausbau des Armaturenbrettes beim Swift.pdf.pvul
[2012.06.06 16:55:28 | 000,447,636 | ---- | M] () -- C:\Users\Philipp\locked-BWL-Phillip2.pdf.mmpc
[2012.06.06 16:54:51 | 000,001,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf
[2012.06.06 16:54:41 | 000,007,859 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi
[2012.06.06 16:54:27 | 000,099,384 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb
[2012.06.06 16:54:23 | 000,306,688 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky
[2012.06.06 16:54:23 | 000,230,400 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc
[2012.06.06 16:54:00 | 000,007,601 | ---- | M] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 17:19:06 | 000,000,193 | ---- | C] () -- C:\Users\Philipp\Desktop\Dokument1.rtf
[2012.06.13 14:17:21 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.07 14:48:18 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.07 14:48:18 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.06 22:13:03 | 000,007,604 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012.06.06 18:30:30 | 001,070,732 | ---- | C] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf
[2012.06.06 17:35:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 20:46:53 | 000,002,130 | ---- | C] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle
[2012.05.23 16:30:40 | 000,007,601 | ---- | C] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu
[2012.05.21 20:32:53 | 000,001,248 | ---- | C] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn
[2012.05.18 13:30:19 | 000,230,400 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc
[2012.04.09 22:15:03 | 000,306,688 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky
[2011.11.09 21:41:16 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.09 21:41:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.21 21:26:25 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.10.21 21:26:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.10.21 21:16:38 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb
[2011.10.21 21:16:38 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi
[2011.10.21 21:16:38 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf
[2011.10.21 20:59:05 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.21 20:31:47 | 000,001,057 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf
[2011.10.06 17:51:15 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.08 16:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.26 19:11:33 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.22 00:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010.12.21 23:52:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== LOP Check ==========
 
[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous
[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH
[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph
[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo
[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited
[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia
[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu
[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson
[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter
[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro
[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith
[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon
[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot
[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit
[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense
[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster
[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland
[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc
[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba
[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software
[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso
[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch
[2012.03.25 09:09:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous
[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH
[2011.07.15 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe
[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph
[2011.10.17 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira
[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo
[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited
[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia
[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu
[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson
[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter
[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro
[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith
[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon
[2012.04.03 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Help
[2012.04.06 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities
[2011.03.22 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield
[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia
[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot
[2012.06.13 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs
[2012.05.18 13:15:17 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft
[2011.04.23 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla
[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2011.03.22 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nero
[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit
[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense
[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster
[2011.04.06 17:57:29 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM
[2012.06.13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype
[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland
[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc
[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba
[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software
[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE
[2012.06.06 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso
[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch
[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.06.06 16:54:10 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\.minecraft\Minecraft.exe
[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Geändert von Stonie44 (18.06.2012 um 22:18 Uhr)

Alt 18.06.2012, 22:13   #10
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Danke für deinen Einsatz!

Code:
ATTFilter
OTL logfile created on: 18.06.2012 21:54:35 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Philipp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,90% Memory free
7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 15,61 Gb Free Space | 10,48% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 112,80 Gb Free Space | 75,88% Space Free | Partition Type: NTFS
 
Computer Name: HUBI | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 21:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:50:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.06.03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.06.18 18:29:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 15:50:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:50:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.04.25 16:45:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 23:47:25 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{436E383C-0E08-48A1-A2C2-7023F2BF3EE3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.07 19:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.11.14 17:18:24 | 000,000,000 | ---D | M]
 
[2011.10.21 21:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.06.13 14:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions
[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com
[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com
[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi
[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz
[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy
[2011.10.26 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.08.06 13:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.09.20 14:28:30 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\locked-.egpa
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\locked-.nonq
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\locked-.qtjf
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.lslr
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE556F15-F563-422D-B023-7D818ACEEA86}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun
O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)
MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: UpgradeHelper - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{72D2FA70-A635-4482-AF23-546AD89A696B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koyote Soft Toolbar
[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.06.18 13:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.13 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.13 14:17:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.13 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.07 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PDF24
[2012.06.07 14:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.06.07 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.06.06 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Eric_Deutsch
[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2012.05.22 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011.10.21 21:16:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 17:40:41 | 001,558,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 17:40:41 | 000,684,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 17:40:41 | 000,625,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 17:40:41 | 000,139,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 17:40:41 | 000,115,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 17:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 12:32:49 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.16 19:27:52 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012.06.15 16:00:59 | 000,007,604 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012.06.14 17:19:06 | 000,000,193 | ---- | M] () -- C:\Users\Philipp\Desktop\Dokument1.rtf
[2012.06.14 17:06:19 | 000,324,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:17:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.13 14:07:23 | 000,000,359 | ---- | M] () -- C:\user.js
[2012.06.07 14:48:18 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.07 14:48:18 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.06 18:30:35 | 001,070,732 | ---- | M] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf
[2012.06.06 16:58:32 | 003,262,159 | ---- | M] () -- C:\Users\Philipp\locked-DSCF3040.JPG
[2012.06.06 16:57:21 | 003,490,686 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme2.odt.tqdf
[2012.06.06 16:57:21 | 000,058,949 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Unbenannt 1.odt.iibh
[2012.06.06 16:57:21 | 000,022,283 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Schlussund Vorwort.odt.srzh
[2012.06.06 16:57:21 | 000,011,030 | ---- | M] () -- C:\Users\Philipp\Documents\locked-selbständigkseitserklärung.odt.ywfy
[2012.06.06 16:57:21 | 000,003,141 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme.rtf.llgr
[2012.06.06 16:57:21 | 000,001,728 | ---- | M] () -- C:\Users\Philipp\Documents\locked-RK_KG.rtf.ddtx
[2012.06.06 16:56:48 | 000,043,297 | ---- | M] () -- C:\Users\Philipp\Documents\locked-HSV Dresden_Mitgliedsänderung.pdf.jdno
[2012.06.06 16:56:48 | 000,033,023 | ---- | M] () -- C:\Users\Philipp\Documents\locked-kalorien-verbrauch-tabelle.gif.wmcy
[2012.06.06 16:56:46 | 001,700,202 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Ganzseitiges Foto.pdf.aapv
[2012.06.06 16:56:39 | 005,681,929 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Flyer_BW.pdf.uueu
[2012.06.06 16:56:39 | 000,194,235 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.odt.rril
[2012.06.06 16:56:39 | 000,010,004 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.PDF
[2012.06.06 16:56:37 | 001,361,327 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner3.rtf.zslr
[2012.06.06 16:56:37 | 000,200,037 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner2.rtf.fjxt
[2012.06.06 16:56:37 | 000,003,079 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner4.rtf.aage
[2012.06.06 16:56:36 | 000,344,107 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit_Fertig.odt.rlle
[2012.06.06 16:56:36 | 000,200,486 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner.rtf.yycp
[2012.06.06 16:56:36 | 000,061,294 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_open_office.odt.zhzi
[2012.06.06 16:56:36 | 000,058,097 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad2.odt.wyyw
[2012.06.06 16:56:36 | 000,030,536 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina3.odt.puap
[2012.06.06 16:56:36 | 000,028,769 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Europa-SK.odt.eelu
[2012.06.06 16:56:36 | 000,018,784 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina.odt.kyfk
[2012.06.06 16:56:36 | 000,010,732 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina2.odt.ppyf
[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung.odt.pcmf
[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung - Kopie.odt.cyyc
[2012.06.06 16:56:36 | 000,007,192 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad.odt.qqjt
[2012.06.06 16:56:36 | 000,007,183 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-Ernährung.odt.vvua
[2012.06.06 16:56:36 | 000,002,803 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule.rtf.kywk
[2012.06.06 16:56:36 | 000,002,130 | ---- | M] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle
[2012.06.06 16:56:36 | 000,001,248 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn
[2012.06.06 16:56:35 | 000,023,040 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht.dot.xxtn
[2012.06.06 16:56:35 | 000,021,519 | ---- | M] () -- C:\Users\Philipp\Documents\locked-bundesvverfassungsgericht.odt.ftof
[2012.06.06 16:56:35 | 000,021,450 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_ohne_Lösungen.odt.ugeu
[2012.06.06 16:56:35 | 000,021,210 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_mit_Lösungen.odt.cwkc
[2012.06.06 16:56:35 | 000,021,077 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Die_Vermessung_der_Welt_Stilmittel.odt.yycy
[2012.06.06 16:56:34 | 028,906,460 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scotch - Samstag 2 (Nachgetreten) live @ Fahrenheit100 08.10.2011.avi.fonf
[2012.06.06 16:56:34 | 001,553,208 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-softonic_ggl_1.5.11.5.exe.nodq
[2012.06.06 16:56:34 | 000,507,904 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-video_converter.exe.zrrh
[2012.06.06 16:56:34 | 000,299,892 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20 x 25 cm (1).pdf.xtot
[2012.06.06 16:56:34 | 000,204,283 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-SX_110_Reflex_Active_c_h_509d.pdf.urel
[2012.06.06 16:56:34 | 000,045,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvss.png.fmyf
[2012.06.06 16:56:34 | 000,044,730 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvssd.png.lbnl
[2012.06.06 16:56:34 | 000,030,991 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xvvbdf.png.ppgl
[2012.06.06 16:56:34 | 000,027,502 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20120811_BAEHR_7FLAWP.pdf.nlhn
[2012.06.06 16:56:34 | 000,006,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Stchpunkte.odt.palg
[2012.06.06 16:56:34 | 000,000,984 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xetudebo.dlc.xxno
[2012.06.06 16:56:34 | 000,000,109 | ---- | M] () -- C:\Users\Philipp\Documents\locked-.~lock.Europa-SK.odt#.ffdx
[2012.06.06 16:56:33 | 000,009,928 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scheinheilig.odt.cfyy
[2012.06.06 16:56:32 | 081,683,527 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-KWaJZ-WathThr.rar.nxqj
[2012.06.06 16:56:32 | 025,315,962 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.avi.xnxt
[2012.06.06 16:56:32 | 013,644,588 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.mp4.otxq
[2012.06.06 16:56:32 | 001,328,939 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-NationalHarvestGuide.pdf.slsb
[2012.06.06 16:56:32 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Minecraft.exe.ywwk
[2012.06.06 16:56:32 | 000,131,349 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-kfz_unfallbericht.pdf.lpuv
[2012.06.06 16:56:32 | 000,078,401 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Lebenslauf.pdf.cmyk
[2012.06.06 16:56:32 | 000,064,303 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Deckblatt.pdf.ppul
[2012.06.06 16:56:32 | 000,013,903 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Bewerbung.pdf.kpcy
[2012.06.06 16:56:32 | 000,011,619 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nic-Nico.rar.jxqd
[2012.06.06 16:55:31 | 733,894,656 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-crcl-new.moon.xvid.avi.hhnr
[2012.06.06 16:55:31 | 003,193,666 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-cdrtfe-1.3.9.zip.lgel
[2012.06.06 16:55:31 | 002,110,084 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-facharbeiten.pdf.wwym
[2012.06.06 16:55:31 | 000,986,872 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-FreemakeVideoDownloaderSetup.exe.lrev
[2012.06.06 16:55:31 | 000,305,380 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Dok133.odt.ykyc
[2012.06.06 16:55:31 | 000,278,243 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.pdf.pymp
[2012.06.06 16:55:31 | 000,020,441 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-d vortrag 6.2.odt.reuv
[2012.06.06 16:55:31 | 000,016,412 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-dynamo dresden mein verein.odt.uleu
[2012.06.06 16:55:31 | 000,010,272 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung.odt.btno
[2012.06.06 16:55:31 | 000,009,905 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.odt.rrbi
[2012.06.06 16:55:31 | 000,009,031 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Die Presse.odt.ccyp
[2012.06.06 16:55:31 | 000,007,274 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-eng.odt.wmyf
[2012.06.06 16:55:31 | 000,005,572 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hangover.2.DVDRiP.LD.German.XViD-ExPERT-9lcoatlnw7r4.dlc.nnof
[2012.06.06 16:55:31 | 000,004,827 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hallo Herr Dietze.odt.cypm
[2012.06.06 16:55:29 | 132,632,576 | ---- | M] () -- C:\Users\Philipp\locked-DBFahrplaninfo.exe.glpg
[2012.06.06 16:55:29 | 000,043,679 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvmb.png.eulr
[2012.06.06 16:55:29 | 000,041,458 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvm.png.kkyf
[2012.06.06 16:55:29 | 000,008,312 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Ausbau des Armaturenbrettes beim Swift.pdf.pvul
[2012.06.06 16:55:28 | 000,447,636 | ---- | M] () -- C:\Users\Philipp\locked-BWL-Phillip2.pdf.mmpc
[2012.06.06 16:54:51 | 000,001,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf
[2012.06.06 16:54:41 | 000,007,859 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi
[2012.06.06 16:54:27 | 000,099,384 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb
[2012.06.06 16:54:23 | 000,306,688 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky
[2012.06.06 16:54:23 | 000,230,400 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc
[2012.06.06 16:54:00 | 000,007,601 | ---- | M] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 17:19:06 | 000,000,193 | ---- | C] () -- C:\Users\Philipp\Desktop\Dokument1.rtf
[2012.06.13 14:17:21 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.07 14:48:18 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.06.07 14:48:18 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.06.06 22:13:03 | 000,007,604 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012.06.06 18:30:30 | 001,070,732 | ---- | C] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf
[2012.06.06 17:35:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 20:46:53 | 000,002,130 | ---- | C] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle
[2012.05.23 16:30:40 | 000,007,601 | ---- | C] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu
[2012.05.21 20:32:53 | 000,001,248 | ---- | C] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn
[2012.05.18 13:30:19 | 000,230,400 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc
[2012.04.09 22:15:03 | 000,306,688 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky
[2011.11.09 21:41:16 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.09 21:41:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.21 21:26:25 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.10.21 21:26:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.10.21 21:16:38 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb
[2011.10.21 21:16:38 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi
[2011.10.21 21:16:38 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf
[2011.10.21 20:59:05 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.21 20:31:47 | 000,001,057 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf
[2011.10.06 17:51:15 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.08 16:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.26 19:11:33 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.22 00:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010.12.21 23:52:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== LOP Check ==========
 
[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous
[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH
[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph
[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo
[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited
[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia
[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu
[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson
[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter
[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro
[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith
[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon
[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot
[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit
[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense
[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster
[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland
[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc
[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba
[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software
[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso
[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch
[2012.03.25 09:09:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous
[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH
[2011.07.15 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe
[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph
[2011.10.17 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira
[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo
[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited
[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite
[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia
[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu
[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson
[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter
[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro
[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith
[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon
[2012.04.03 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Help
[2012.04.06 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities
[2011.03.22 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield
[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia
[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot
[2012.06.13 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs
[2012.05.18 13:15:17 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft
[2011.04.23 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla
[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2011.03.22 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nero
[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit
[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense
[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster
[2011.04.06 17:57:29 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM
[2012.06.13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype
[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland
[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc
[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer
[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba
[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software
[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE
[2012.06.06 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete
[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso
[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch
[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.06.06 16:54:10 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\.minecraft\Minecraft.exe
[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
Außerdem gab es noch eine Textdatei namens Extras.

Alt 18.06.2012, 22:51   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = http://ecosia.org/search.php?q={searchTerms}&addon=opensearch
IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}
[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com
[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com
[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi
[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz
[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun
O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found
[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy
[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2012, 23:19   #12
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Code:
ATTFilter
All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED903E4-F547-47C2-9B58-27034939F97E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ not found.
HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.
C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED903E4-F547-47C2-9B58-27034939F97E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1459C2E-C7D8-465B-996C-026655FAAC19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD5E67FA-532A-4AC9-95E2-80606420E225}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}\ not found.
Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ not found.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\defaults\preferences folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\defaults folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content folder moved successfully.
C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com folder moved successfully.
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi moved successfully.
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz moved successfully.
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08337871-0e50-4031-9110-3bd21ca3c065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
C:\Program Files (x86)\vShare\vshare_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.
File C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.
File C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.
File H:\Windows\CHECK\DriveNavigator.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.
File F:\raf-gta_tt.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\0ZL5KpKbdq59PFw\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\16EDDDE9\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ALYQ3CgTRBSYLwE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\d31ybB8YFv9cUxg\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Izbyikudur\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\lmfvMDBr3jNvGGM\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SkypeM\ not found.
C:\Users\Philipp\AppData\Roaming\Mwkcykwyy folder moved successfully.
C:\Users\Philipp\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Philipp\AppData\Roaming\Bandoo folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Philipp
->Temp folder emptied: 1670131914 bytes
->Temporary Internet Files folder emptied: 4512042325 bytes
->Java cache emptied: 485058 bytes
->FireFox cache emptied: 90274582 bytes
->Google Chrome cache emptied: 319715081 bytes
->Flash cache emptied: 57032 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119512783 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 1150298 bytes
 
Total Files Cleaned = 6.402,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Philipp
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.49.0 log created on 06182012_231220

Files\Folders moved on Reboot...
C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 19.06.2012, 08:48   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 14:11   #14
Stonie44
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



gemacht!

Code:
ATTFilter
13:57:16.0120 8660	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
13:57:16.0250 8660	============================================================
13:57:16.0250 8660	Current date / time: 2012/06/19 13:57:16.0250
13:57:16.0250 8660	SystemInfo:
13:57:16.0250 8660	
13:57:16.0250 8660	OS Version: 6.1.7601 ServicePack: 1.0
13:57:16.0250 8660	Product type: Workstation
13:57:16.0250 8660	ComputerName: HUBI
13:57:16.0250 8660	UserName: Philipp
13:57:16.0250 8660	Windows directory: C:\Windows
13:57:16.0250 8660	System windows directory: C:\Windows
13:57:16.0250 8660	Running under WOW64
13:57:16.0250 8660	Processor architecture: Intel x64
13:57:16.0250 8660	Number of processors: 2
13:57:16.0250 8660	Page size: 0x1000
13:57:16.0250 8660	Boot type: Normal boot
13:57:16.0250 8660	============================================================
13:57:17.0020 8660	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:57:17.0030 8660	============================================================
13:57:17.0030 8660	\Device\Harddisk0\DR0:
13:57:17.0030 8660	MBR partitions:
13:57:17.0030 8660	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
13:57:17.0030 8660	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
13:57:17.0030 8660	============================================================
13:57:17.0050 8660	C: <-> \Device\Harddisk0\DR0\Partition0
13:57:17.0080 8660	D: <-> \Device\Harddisk0\DR0\Partition1
13:57:17.0080 8660	============================================================
13:57:17.0080 8660	Initialize success
13:57:17.0080 8660	============================================================
13:58:55.0202 7944	============================================================
13:58:55.0202 7944	Scan started
13:58:55.0202 7944	Mode: Manual; SigCheck; TDLFS; 
13:58:55.0202 7944	============================================================
13:58:56.0792 7944	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:58:56.0872 7944	1394ohci - ok
13:58:56.0942 7944	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:58:56.0962 7944	ACPI - ok
13:58:56.0992 7944	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:58:57.0032 7944	AcpiPmi - ok
13:58:57.0132 7944	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:58:57.0142 7944	AdobeARMservice - ok
13:58:57.0322 7944	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:58:57.0332 7944	AdobeFlashPlayerUpdateSvc - ok
13:58:57.0392 7944	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:58:57.0422 7944	adp94xx - ok
13:58:57.0452 7944	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:58:57.0472 7944	adpahci - ok
13:58:57.0492 7944	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:58:57.0512 7944	adpu320 - ok
13:58:57.0542 7944	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:58:57.0602 7944	AeLookupSvc - ok
13:58:57.0692 7944	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:58:57.0742 7944	AFD - ok
13:58:57.0772 7944	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:58:57.0792 7944	agp440 - ok
13:58:57.0832 7944	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:58:57.0892 7944	ALG - ok
13:58:57.0912 7944	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:58:57.0922 7944	aliide - ok
13:58:57.0972 7944	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:58:57.0982 7944	amdide - ok
13:58:58.0002 7944	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:58:58.0052 7944	AmdK8 - ok
13:58:58.0052 7944	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:58:58.0102 7944	AmdPPM - ok
13:58:58.0142 7944	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:58:58.0152 7944	amdsata - ok
13:58:58.0212 7944	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:58:58.0232 7944	amdsbs - ok
13:58:58.0252 7944	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:58:58.0262 7944	amdxata - ok
13:58:58.0392 7944	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:58:58.0402 7944	AntiVirSchedulerService - ok
13:58:58.0462 7944	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:58:58.0472 7944	AntiVirService - ok
13:58:58.0522 7944	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:58:58.0582 7944	AppID - ok
13:58:58.0622 7944	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:58:58.0692 7944	AppIDSvc - ok
13:58:58.0742 7944	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:58:58.0782 7944	Appinfo - ok
13:58:58.0802 7944	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:58:58.0822 7944	arc - ok
13:58:58.0832 7944	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:58:58.0842 7944	arcsas - ok
13:58:58.0882 7944	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:58:58.0942 7944	AsyncMac - ok
13:58:59.0012 7944	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:58:59.0032 7944	atapi - ok
13:58:59.0132 7944	athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
13:58:59.0192 7944	athr - ok
13:58:59.0352 7944	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:58:59.0412 7944	AudioEndpointBuilder - ok
13:58:59.0432 7944	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:58:59.0482 7944	AudioSrv - ok
13:58:59.0562 7944	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:58:59.0582 7944	avgntflt - ok
13:58:59.0632 7944	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:58:59.0642 7944	avipbb - ok
13:58:59.0672 7944	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:58:59.0682 7944	avkmgr - ok
13:58:59.0722 7944	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:58:59.0752 7944	AxInstSV - ok
13:58:59.0812 7944	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:58:59.0862 7944	b06bdrv - ok
13:58:59.0892 7944	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:58:59.0922 7944	b57nd60a - ok
13:58:59.0972 7944	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:59:00.0022 7944	BDESVC - ok
13:59:00.0052 7944	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:59:00.0112 7944	Beep - ok
13:59:00.0192 7944	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:59:00.0242 7944	BFE - ok
13:59:00.0332 7944	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:59:00.0402 7944	BITS - ok
13:59:00.0454 7944	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:59:00.0484 7944	blbdrive - ok
13:59:00.0524 7944	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:59:00.0554 7944	bowser - ok
13:59:00.0574 7944	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:59:00.0604 7944	BrFiltLo - ok
13:59:00.0624 7944	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:59:00.0654 7944	BrFiltUp - ok
13:59:00.0714 7944	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:59:00.0764 7944	Browser - ok
13:59:00.0814 7944	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:59:00.0864 7944	Brserid - ok
13:59:00.0884 7944	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:59:00.0904 7944	BrSerWdm - ok
13:59:00.0924 7944	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:59:00.0954 7944	BrUsbMdm - ok
13:59:00.0994 7944	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:59:01.0024 7944	BrUsbSer - ok
13:59:01.0054 7944	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:59:01.0084 7944	BTHMODEM - ok
13:59:01.0114 7944	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:59:01.0164 7944	bthserv - ok
13:59:01.0214 7944	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:59:01.0254 7944	cdfs - ok
13:59:01.0314 7944	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:59:01.0344 7944	cdrom - ok
13:59:01.0374 7944	CeKbFilter      (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys
13:59:01.0384 7944	CeKbFilter - ok
13:59:01.0434 7944	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:59:01.0504 7944	CertPropSvc - ok
13:59:01.0634 7944	cfWiMAXService  (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
13:59:01.0644 7944	cfWiMAXService - ok
13:59:01.0664 7944	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:59:01.0704 7944	circlass - ok
13:59:01.0764 7944	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:59:01.0784 7944	CLFS - ok
13:59:01.0874 7944	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:59:01.0894 7944	clr_optimization_v2.0.50727_32 - ok
13:59:01.0914 7944	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:59:01.0924 7944	clr_optimization_v2.0.50727_64 - ok
13:59:02.0004 7944	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:59:02.0064 7944	clr_optimization_v4.0.30319_32 - ok
13:59:02.0104 7944	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:59:02.0114 7944	clr_optimization_v4.0.30319_64 - ok
13:59:02.0154 7944	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:59:02.0184 7944	CmBatt - ok
13:59:02.0204 7944	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:59:02.0224 7944	cmdide - ok
13:59:02.0284 7944	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:59:02.0314 7944	CNG - ok
13:59:02.0354 7944	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:59:02.0364 7944	Compbatt - ok
13:59:02.0414 7944	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:59:02.0434 7944	CompositeBus - ok
13:59:02.0444 7944	COMSysApp - ok
13:59:02.0554 7944	ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
13:59:02.0564 7944	ConfigFree Service - ok
13:59:02.0584 7944	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:59:02.0604 7944	crcdisk - ok
13:59:02.0654 7944	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:59:02.0684 7944	CryptSvc - ok
13:59:02.0834 7944	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:59:02.0864 7944	cvhsvc - ok
13:59:02.0934 7944	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:59:02.0994 7944	DcomLaunch - ok
13:59:03.0044 7944	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:59:03.0104 7944	defragsvc - ok
13:59:03.0194 7944	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:59:03.0244 7944	DfsC - ok
13:59:03.0304 7944	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:59:03.0354 7944	Dhcp - ok
13:59:03.0394 7944	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:59:03.0434 7944	discache - ok
13:59:03.0464 7944	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:59:03.0474 7944	Disk - ok
13:59:03.0504 7944	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:59:03.0544 7944	Dnscache - ok
13:59:03.0584 7944	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:59:03.0644 7944	dot3svc - ok
13:59:03.0664 7944	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:59:03.0724 7944	DPS - ok
13:59:03.0764 7944	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:59:03.0774 7944	drmkaud - ok
13:59:03.0824 7944	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:59:03.0844 7944	dtsoftbus01 - ok
13:59:03.0944 7944	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:59:03.0974 7944	DXGKrnl - ok
13:59:04.0004 7944	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:59:04.0064 7944	EapHost - ok
13:59:04.0294 7944	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:59:04.0374 7944	ebdrv - ok
13:59:04.0494 7944	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:59:04.0524 7944	EFS - ok
13:59:04.0684 7944	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:59:04.0754 7944	ehRecvr - ok
13:59:04.0784 7944	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:59:04.0814 7944	ehSched - ok
13:59:04.0894 7944	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:59:04.0914 7944	elxstor - ok
13:59:04.0984 7944	EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
13:59:05.0034 7944	EPSON_EB_RPCV4_04 - ok
13:59:05.0054 7944	EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
13:59:05.0074 7944	EPSON_PM_RPCV4_04 - ok
13:59:05.0114 7944	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:59:05.0144 7944	ErrDev - ok
13:59:05.0204 7944	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:59:05.0264 7944	EventSystem - ok
13:59:05.0304 7944	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:59:05.0364 7944	exfat - ok
13:59:05.0394 7944	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:59:05.0464 7944	fastfat - ok
13:59:05.0554 7944	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:59:05.0594 7944	Fax - ok
13:59:05.0624 7944	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:59:05.0644 7944	fdc - ok
13:59:05.0674 7944	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:59:05.0734 7944	fdPHost - ok
13:59:05.0774 7944	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:59:05.0824 7944	FDResPub - ok
13:59:05.0874 7944	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:59:05.0884 7944	FileInfo - ok
13:59:05.0904 7944	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:59:05.0964 7944	Filetrace - ok
13:59:06.0004 7944	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:59:06.0034 7944	flpydisk - ok
13:59:06.0094 7944	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:59:06.0114 7944	FltMgr - ok
13:59:06.0224 7944	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:59:06.0274 7944	FontCache - ok
13:59:06.0334 7944	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:59:06.0344 7944	FontCache3.0.0.0 - ok
13:59:06.0454 7944	Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
13:59:06.0474 7944	Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
13:59:06.0474 7944	Freemake Improver - detected UnsignedFile.Multi.Generic (1)
13:59:06.0524 7944	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:59:06.0544 7944	FsDepends - ok
13:59:06.0594 7944	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:59:06.0604 7944	Fs_Rec - ok
13:59:06.0664 7944	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:59:06.0684 7944	fvevol - ok
13:59:06.0694 7944	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:59:06.0714 7944	gagp30kx - ok
13:59:06.0794 7944	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:59:06.0854 7944	gpsvc - ok
13:59:06.0884 7944	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:59:06.0904 7944	hcw85cir - ok
13:59:06.0964 7944	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:59:07.0004 7944	HdAudAddService - ok
13:59:07.0034 7944	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:59:07.0064 7944	HDAudBus - ok
13:59:07.0124 7944	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:59:07.0134 7944	HECIx64 - ok
13:59:07.0164 7944	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:59:07.0184 7944	HidBatt - ok
13:59:07.0214 7944	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:59:07.0244 7944	HidBth - ok
13:59:07.0264 7944	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:59:07.0294 7944	HidIr - ok
13:59:07.0334 7944	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:59:07.0404 7944	hidserv - ok
13:59:07.0454 7944	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:59:07.0474 7944	HidUsb - ok
13:59:07.0524 7944	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:59:07.0584 7944	hkmsvc - ok
13:59:07.0634 7944	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:59:07.0664 7944	HomeGroupListener - ok
13:59:07.0714 7944	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:59:07.0744 7944	HomeGroupProvider - ok
13:59:07.0784 7944	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:59:07.0794 7944	HpSAMD - ok
13:59:07.0904 7944	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:59:07.0974 7944	HTTP - ok
13:59:08.0034 7944	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:59:08.0044 7944	hwpolicy - ok
13:59:08.0094 7944	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:59:08.0104 7944	i8042prt - ok
13:59:08.0174 7944	iaStor          (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
13:59:08.0194 7944	iaStor - ok
13:59:08.0254 7944	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:59:08.0274 7944	iaStorV - ok
13:59:08.0404 7944	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:59:08.0434 7944	idsvc - ok
13:59:09.0134 7944	igfx            (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:59:09.0404 7944	igfx - ok
13:59:09.0524 7944	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:59:09.0534 7944	iirsp - ok
13:59:09.0624 7944	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:59:09.0694 7944	IKEEXT - ok
13:59:09.0754 7944	Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
13:59:09.0784 7944	Impcd - ok
13:59:10.0014 7944	IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
13:59:10.0074 7944	IntcAzAudAddService - ok
13:59:10.0214 7944	IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:59:10.0244 7944	IntcDAud - ok
13:59:10.0294 7944	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:59:10.0314 7944	intelide - ok
13:59:10.0354 7944	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:59:10.0384 7944	intelppm - ok
13:59:10.0414 7944	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:59:10.0474 7944	IPBusEnum - ok
13:59:10.0514 7944	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:59:10.0574 7944	IpFilterDriver - ok
13:59:10.0634 7944	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:59:10.0694 7944	iphlpsvc - ok
13:59:10.0734 7944	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:59:10.0764 7944	IPMIDRV - ok
13:59:10.0804 7944	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:59:10.0864 7944	IPNAT - ok
13:59:10.0884 7944	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:59:10.0914 7944	IRENUM - ok
13:59:10.0964 7944	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:59:10.0974 7944	isapnp - ok
13:59:11.0004 7944	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:59:11.0024 7944	iScsiPrt - ok
13:59:11.0054 7944	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:59:11.0074 7944	kbdclass - ok
13:59:11.0094 7944	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:59:11.0114 7944	kbdhid - ok
13:59:11.0154 7944	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:59:11.0164 7944	KeyIso - ok
13:59:11.0184 7944	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:59:11.0194 7944	KSecDD - ok
13:59:11.0244 7944	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:59:11.0264 7944	KSecPkg - ok
13:59:11.0294 7944	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:59:11.0354 7944	ksthunk - ok
13:59:11.0404 7944	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:59:11.0474 7944	KtmRm - ok
13:59:11.0534 7944	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:59:11.0594 7944	LanmanServer - ok
13:59:11.0634 7944	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:59:11.0694 7944	LanmanWorkstation - ok
13:59:11.0744 7944	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:59:11.0794 7944	lltdio - ok
13:59:11.0844 7944	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:59:11.0904 7944	lltdsvc - ok
13:59:11.0924 7944	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:59:11.0964 7944	lmhosts - ok
13:59:12.0034 7944	LMS             (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:59:12.0044 7944	LMS - ok
13:59:12.0074 7944	LPCFilter       (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
13:59:12.0084 7944	LPCFilter - ok
13:59:12.0114 7944	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:59:12.0124 7944	LSI_FC - ok
13:59:12.0144 7944	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:59:12.0154 7944	LSI_SAS - ok
13:59:12.0164 7944	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:59:12.0174 7944	LSI_SAS2 - ok
13:59:12.0194 7944	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:59:12.0204 7944	LSI_SCSI - ok
13:59:12.0234 7944	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:59:12.0284 7944	luafv - ok
13:59:12.0344 7944	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:59:12.0354 7944	MBAMProtector - ok
13:59:12.0514 7944	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:59:12.0534 7944	MBAMService - ok
13:59:12.0584 7944	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:59:12.0614 7944	Mcx2Svc - ok
13:59:12.0634 7944	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:59:12.0644 7944	megasas - ok
13:59:12.0744 7944	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:59:12.0754 7944	MegaSR - ok
13:59:12.0784 7944	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:59:12.0844 7944	MMCSS - ok
13:59:12.0864 7944	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:59:12.0914 7944	Modem - ok
13:59:12.0974 7944	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:59:13.0004 7944	monitor - ok
13:59:13.0064 7944	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:59:13.0074 7944	mouclass - ok
13:59:13.0074 7944	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:59:13.0114 7944	mouhid - ok
13:59:13.0144 7944	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:59:13.0154 7944	mountmgr - ok
13:59:13.0194 7944	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:59:13.0204 7944	mpio - ok
13:59:13.0244 7944	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:59:13.0304 7944	mpsdrv - ok
13:59:13.0394 7944	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:59:13.0464 7944	MpsSvc - ok
13:59:13.0514 7944	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:59:13.0544 7944	MRxDAV - ok
13:59:13.0614 7944	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:59:13.0644 7944	mrxsmb - ok
13:59:13.0724 7944	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:59:13.0754 7944	mrxsmb10 - ok
13:59:13.0814 7944	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:59:13.0824 7944	mrxsmb20 - ok
13:59:13.0824 7944	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:59:13.0844 7944	msahci - ok
13:59:13.0874 7944	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:59:13.0884 7944	msdsm - ok
13:59:13.0914 7944	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:59:13.0954 7944	MSDTC - ok
13:59:13.0994 7944	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:59:14.0034 7944	Msfs - ok
13:59:14.0044 7944	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:59:14.0104 7944	mshidkmdf - ok
13:59:14.0124 7944	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:59:14.0134 7944	msisadrv - ok
13:59:14.0164 7944	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:59:14.0224 7944	MSiSCSI - ok
13:59:14.0224 7944	msiserver - ok
13:59:14.0234 7944	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:59:14.0284 7944	MSKSSRV - ok
13:59:14.0324 7944	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:59:14.0374 7944	MSPCLOCK - ok
13:59:14.0374 7944	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:59:14.0424 7944	MSPQM - ok
13:59:14.0484 7944	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:59:14.0504 7944	MsRPC - ok
13:59:14.0554 7944	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:59:14.0564 7944	mssmbios - ok
13:59:14.0574 7944	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:59:14.0634 7944	MSTEE - ok
13:59:14.0654 7944	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:59:14.0684 7944	MTConfig - ok
13:59:14.0724 7944	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:59:14.0734 7944	Mup - ok
13:59:14.0804 7944	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:59:14.0864 7944	napagent - ok
13:59:14.0904 7944	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:59:14.0934 7944	NativeWifiP - ok
13:59:15.0044 7944	NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) c:\Program Files (x86)\Nero\Update\NASvc.exe
13:59:15.0054 7944	NAUpdate - ok
13:59:15.0154 7944	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:59:15.0184 7944	NDIS - ok
13:59:15.0214 7944	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:59:15.0274 7944	NdisCap - ok
13:59:15.0304 7944	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:59:15.0344 7944	NdisTapi - ok
13:59:15.0394 7944	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:59:15.0434 7944	Ndisuio - ok
13:59:15.0464 7944	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:59:15.0514 7944	NdisWan - ok
13:59:15.0554 7944	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:59:15.0614 7944	NDProxy - ok
13:59:15.0634 7944	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:59:15.0684 7944	NetBIOS - ok
13:59:15.0764 7944	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:59:15.0814 7944	NetBT - ok
13:59:15.0864 7944	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:59:15.0874 7944	Netlogon - ok
13:59:15.0924 7944	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:59:15.0984 7944	Netman - ok
13:59:16.0034 7944	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:59:16.0104 7944	netprofm - ok
13:59:16.0154 7944	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:59:16.0164 7944	NetTcpPortSharing - ok
13:59:16.0194 7944	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:59:16.0214 7944	nfrd960 - ok
13:59:16.0284 7944	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:59:16.0334 7944	NlaSvc - ok
13:59:16.0384 7944	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:59:16.0424 7944	Npfs - ok
13:59:16.0444 7944	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:59:16.0494 7944	nsi - ok
13:59:16.0504 7944	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:59:16.0564 7944	nsiproxy - ok
13:59:16.0704 7944	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:59:16.0774 7944	Ntfs - ok
13:59:16.0864 7944	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:59:16.0924 7944	Null - ok
13:59:16.0954 7944	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:59:16.0974 7944	nvraid - ok
13:59:17.0004 7944	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:59:17.0014 7944	nvstor - ok
13:59:17.0054 7944	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:59:17.0064 7944	nv_agp - ok
13:59:17.0104 7944	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:59:17.0124 7944	ohci1394 - ok
13:59:17.0204 7944	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:59:17.0214 7944	ose - ok
13:59:17.0574 7944	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:59:17.0694 7944	osppsvc - ok
13:59:17.0794 7944	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:59:17.0844 7944	p2pimsvc - ok
13:59:17.0884 7944	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:59:17.0914 7944	p2psvc - ok
13:59:17.0964 7944	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:59:17.0974 7944	Parport - ok
13:59:18.0014 7944	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:59:18.0024 7944	partmgr - ok
13:59:18.0074 7944	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:59:18.0114 7944	PcaSvc - ok
13:59:18.0174 7944	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:59:18.0194 7944	pci - ok
13:59:18.0194 7944	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:59:18.0204 7944	pciide - ok
13:59:18.0244 7944	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:59:18.0254 7944	pcmcia - ok
13:59:18.0264 7944	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:59:18.0274 7944	pcw - ok
13:59:18.0334 7944	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:59:18.0404 7944	PEAUTH - ok
13:59:18.0484 7944	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:59:18.0514 7944	PerfHost - ok
13:59:18.0584 7944	PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
13:59:18.0594 7944	PGEffect - ok
13:59:18.0724 7944	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:59:18.0804 7944	pla - ok
13:59:18.0844 7944	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:59:18.0864 7944	PlugPlay - ok
13:59:18.0884 7944	PnkBstrA - ok
13:59:18.0914 7944	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:59:18.0944 7944	PNRPAutoReg - ok
13:59:18.0974 7944	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:59:18.0994 7944	PNRPsvc - ok
13:59:19.0064 7944	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:59:19.0134 7944	PolicyAgent - ok
13:59:19.0174 7944	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:59:19.0224 7944	Power - ok
13:59:19.0294 7944	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:59:19.0354 7944	PptpMiniport - ok
13:59:19.0394 7944	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:59:19.0414 7944	Processor - ok
13:59:19.0454 7944	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:59:19.0484 7944	ProfSvc - ok
13:59:19.0514 7944	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:59:19.0534 7944	ProtectedStorage - ok
13:59:19.0584 7944	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:59:19.0644 7944	Psched - ok
13:59:19.0764 7944	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:59:19.0804 7944	ql2300 - ok
13:59:19.0924 7944	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:59:19.0934 7944	ql40xx - ok
13:59:19.0974 7944	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:59:20.0014 7944	QWAVE - ok
13:59:20.0024 7944	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:59:20.0064 7944	QWAVEdrv - ok
13:59:20.0084 7944	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:59:20.0144 7944	RasAcd - ok
13:59:20.0184 7944	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:59:20.0234 7944	RasAgileVpn - ok
13:59:20.0254 7944	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:59:20.0304 7944	RasAuto - ok
13:59:20.0324 7944	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:59:20.0384 7944	Rasl2tp - ok
13:59:20.0434 7944	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:59:20.0494 7944	RasMan - ok
13:59:20.0504 7944	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:59:20.0544 7944	RasPppoe - ok
13:59:20.0564 7944	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:59:20.0614 7944	RasSstp - ok
13:59:20.0724 7944	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:59:20.0784 7944	rdbss - ok
13:59:20.0804 7944	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:59:20.0834 7944	rdpbus - ok
13:59:20.0864 7944	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:59:20.0914 7944	RDPCDD - ok
13:59:20.0934 7944	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:59:20.0994 7944	RDPENCDD - ok
13:59:21.0014 7944	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:59:21.0054 7944	RDPREFMP - ok
13:59:21.0104 7944	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:59:21.0134 7944	RDPWD - ok
13:59:21.0184 7944	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:59:21.0194 7944	rdyboost - ok
13:59:21.0224 7944	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:59:21.0274 7944	RemoteAccess - ok
13:59:21.0304 7944	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:59:21.0364 7944	RemoteRegistry - ok
13:59:21.0384 7944	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:59:21.0434 7944	RpcEptMapper - ok
13:59:21.0454 7944	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:59:21.0484 7944	RpcLocator - ok
13:59:21.0544 7944	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:59:21.0594 7944	RpcSs - ok
13:59:21.0634 7944	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:59:21.0694 7944	rspndr - ok
13:59:21.0744 7944	RSUSBSTOR       (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
13:59:21.0754 7944	RSUSBSTOR - ok
13:59:21.0794 7944	RTL8167         (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:59:21.0804 7944	RTL8167 - ok
13:59:21.0954 7944	rtl8192se       (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
13:59:21.0994 7944	rtl8192se - ok
13:59:22.0034 7944	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:59:22.0044 7944	SamSs - ok
13:59:22.0084 7944	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:59:22.0094 7944	sbp2port - ok
13:59:22.0134 7944	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:59:22.0184 7944	SCardSvr - ok
13:59:22.0224 7944	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:59:22.0274 7944	scfilter - ok
13:59:22.0374 7944	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:59:22.0444 7944	Schedule - ok
13:59:22.0484 7944	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:59:22.0524 7944	SCPolicySvc - ok
13:59:22.0534 7944	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:59:22.0584 7944	SDRSVC - ok
13:59:22.0634 7944	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:59:22.0694 7944	secdrv - ok
13:59:22.0734 7944	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:59:22.0784 7944	seclogon - ok
13:59:22.0814 7944	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:59:22.0874 7944	SENS - ok
13:59:22.0904 7944	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:59:22.0924 7944	SensrSvc - ok
13:59:22.0944 7944	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:59:22.0964 7944	Serenum - ok
13:59:22.0994 7944	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:59:23.0024 7944	Serial - ok
13:59:23.0064 7944	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:59:23.0074 7944	sermouse - ok
13:59:23.0124 7944	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:59:23.0184 7944	SessionEnv - ok
13:59:23.0194 7944	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:59:23.0224 7944	sffdisk - ok
13:59:23.0244 7944	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:59:23.0274 7944	sffp_mmc - ok
13:59:23.0294 7944	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:59:23.0334 7944	sffp_sd - ok
13:59:23.0374 7944	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:59:23.0404 7944	sfloppy - ok
13:59:23.0504 7944	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:59:23.0534 7944	Sftfs - ok
13:59:23.0664 7944	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:59:23.0684 7944	sftlist - ok
13:59:23.0714 7944	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:59:23.0724 7944	Sftplay - ok
13:59:23.0764 7944	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:59:23.0764 7944	Sftredir - ok
13:59:23.0804 7944	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:59:23.0814 7944	Sftvol - ok
13:59:23.0864 7944	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:59:23.0874 7944	sftvsa - ok
13:59:23.0944 7944	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:59:24.0004 7944	SharedAccess - ok
13:59:24.0054 7944	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:59:24.0114 7944	ShellHWDetection - ok
13:59:24.0144 7944	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:59:24.0154 7944	SiSRaid2 - ok
13:59:24.0184 7944	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:59:24.0194 7944	SiSRaid4 - ok
13:59:24.0234 7944	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:59:24.0254 7944	SkypeUpdate - ok
13:59:24.0274 7944	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:59:24.0324 7944	Smb - ok
13:59:24.0364 7944	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:59:24.0384 7944	SNMPTRAP - ok
13:59:24.0414 7944	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:59:24.0424 7944	spldr - ok
13:59:24.0494 7944	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:59:24.0544 7944	Spooler - ok
13:59:24.0804 7944	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:59:24.0914 7944	sppsvc - ok
13:59:25.0034 7944	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:59:25.0084 7944	sppuinotify - ok
13:59:25.0154 7944	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:59:25.0184 7944	srv - ok
13:59:25.0254 7944	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:59:25.0284 7944	srv2 - ok
13:59:25.0324 7944	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:59:25.0364 7944	srvnet - ok
13:59:25.0394 7944	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:59:25.0444 7944	SSDPSRV - ok
13:59:25.0464 7944	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:59:25.0504 7944	SstpSvc - ok
13:59:25.0534 7944	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:59:25.0544 7944	stexstor - ok
13:59:25.0634 7944	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:59:25.0674 7944	stisvc - ok
13:59:25.0714 7944	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:59:25.0724 7944	swenum - ok
13:59:25.0794 7944	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:59:25.0844 7944	swprv - ok
13:59:25.0894 7944	SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
13:59:25.0914 7944	SynTP - ok
13:59:26.0064 7944	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:59:26.0134 7944	SysMain - ok
13:59:26.0234 7944	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:59:26.0264 7944	TabletInputService - ok
13:59:26.0284 7944	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:59:26.0344 7944	TapiSrv - ok
13:59:26.0374 7944	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:59:26.0444 7944	TBS - ok
13:59:26.0604 7944	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:59:26.0654 7944	Tcpip - ok
13:59:26.0894 7944	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:59:26.0934 7944	TCPIP6 - ok
13:59:27.0084 7944	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:59:27.0154 7944	tcpipreg - ok
13:59:27.0204 7944	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:59:27.0214 7944	tdcmdpst - ok
13:59:27.0244 7944	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:59:27.0274 7944	TDPIPE - ok
13:59:27.0314 7944	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:59:27.0334 7944	TDTCP - ok
13:59:27.0374 7944	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:59:27.0434 7944	tdx - ok
13:59:27.0524 7944	TemproMonitoringService (40e154b3125e17ce6f2afad57afcfeb2) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
13:59:27.0534 7944	TemproMonitoringService - ok
13:59:27.0584 7944	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:59:27.0604 7944	TermDD - ok
13:59:27.0684 7944	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:59:27.0754 7944	TermService - ok
13:59:27.0784 7944	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:59:27.0804 7944	Themes - ok
13:59:27.0834 7944	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:59:27.0874 7944	THREADORDER - ok
13:59:27.0974 7944	TMachInfo       (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:59:27.0984 7944	TMachInfo - ok
13:59:28.0024 7944	TODDSrv         (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
13:59:28.0034 7944	TODDSrv - ok
13:59:28.0144 7944	TosCoSrv        (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:59:28.0164 7944	TosCoSrv - ok
13:59:28.0214 7944	TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:59:28.0234 7944	TOSHIBA eco Utility Service - ok
13:59:28.0284 7944	TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:59:28.0294 7944	TOSHIBA HDD SSD Alert Service - ok
13:59:28.0374 7944	TPCHSrv         (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:59:28.0404 7944	TPCHSrv - ok
13:59:28.0494 7944	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:59:28.0564 7944	TrkWks - ok
13:59:28.0636 7944	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:59:28.0686 7944	TrustedInstaller - ok
13:59:28.0776 7944	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:59:28.0826 7944	tssecsrv - ok
13:59:28.0896 7944	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:59:28.0946 7944	TsUsbFlt - ok
13:59:29.0166 7944	TuneUp.UtilitiesSvc (ee1bd87c9f470945d41f54585dbc989a) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
13:59:29.0216 7944	TuneUp.UtilitiesSvc - ok
13:59:29.0296 7944	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
13:59:29.0306 7944	TuneUpUtilitiesDrv - ok
13:59:29.0416 7944	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:59:29.0476 7944	tunnel - ok
13:59:29.0526 7944	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:59:29.0536 7944	TVALZ - ok
13:59:29.0576 7944	TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
13:59:29.0586 7944	TVALZFL - ok
13:59:29.0606 7944	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:59:29.0616 7944	uagp35 - ok
13:59:29.0666 7944	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:59:29.0736 7944	udfs - ok
13:59:29.0756 7944	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:59:29.0776 7944	UI0Detect - ok
13:59:29.0816 7944	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:59:29.0836 7944	uliagpkx - ok
13:59:29.0856 7944	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:59:29.0866 7944	umbus - ok
13:59:29.0896 7944	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:59:29.0926 7944	UmPass - ok
13:59:30.0146 7944	UNS             (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:59:30.0186 7944	UNS - ok
13:59:30.0316 7944	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:59:30.0376 7944	upnphost - ok
13:59:30.0446 7944	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:59:30.0476 7944	usbaudio - ok
13:59:30.0506 7944	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:59:30.0526 7944	usbccgp - ok
13:59:30.0566 7944	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:59:30.0586 7944	usbcir - ok
13:59:30.0626 7944	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:59:30.0656 7944	usbehci - ok
13:59:30.0696 7944	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:59:30.0726 7944	usbhub - ok
13:59:30.0756 7944	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:59:30.0786 7944	usbohci - ok
13:59:30.0806 7944	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:59:30.0836 7944	usbprint - ok
13:59:30.0876 7944	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:59:30.0886 7944	usbscan - ok
13:59:30.0936 7944	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:59:30.0976 7944	USBSTOR - ok
13:59:31.0006 7944	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:59:31.0036 7944	usbuhci - ok
13:59:31.0076 7944	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:59:31.0106 7944	usbvideo - ok
13:59:31.0146 7944	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:59:31.0206 7944	UxSms - ok
13:59:31.0236 7944	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:59:31.0256 7944	VaultSvc - ok
13:59:31.0266 7944	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:59:31.0276 7944	vdrvroot - ok
13:59:31.0356 7944	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:59:31.0406 7944	vds - ok
13:59:31.0426 7944	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:59:31.0446 7944	vga - ok
13:59:31.0466 7944	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:59:31.0526 7944	VgaSave - ok
13:59:31.0566 7944	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:59:31.0576 7944	vhdmp - ok
13:59:31.0596 7944	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:59:31.0606 7944	viaide - ok
13:59:31.0616 7944	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:59:31.0636 7944	volmgr - ok
13:59:31.0676 7944	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:59:31.0696 7944	volmgrx - ok
13:59:31.0716 7944	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:59:31.0736 7944	volsnap - ok
13:59:31.0766 7944	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:59:31.0786 7944	vsmraid - ok
13:59:31.0916 7944	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:59:31.0996 7944	VSS - ok
13:59:32.0116 7944	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:59:32.0146 7944	vwifibus - ok
13:59:32.0176 7944	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:59:32.0196 7944	vwififlt - ok
13:59:32.0206 7944	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:59:32.0226 7944	vwifimp - ok
13:59:32.0276 7944	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:59:32.0326 7944	W32Time - ok
13:59:32.0336 7944	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:59:32.0366 7944	WacomPen - ok
13:59:32.0386 7944	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:59:32.0436 7944	WANARP - ok
13:59:32.0446 7944	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:59:32.0488 7944	Wanarpv6 - ok
13:59:32.0578 7944	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:59:32.0629 7944	wbengine - ok
13:59:32.0710 7944	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:59:32.0740 7944	WbioSrvc - ok
13:59:32.0790 7944	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:59:32.0830 7944	wcncsvc - ok
13:59:32.0850 7944	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:59:32.0870 7944	WcsPlugInService - ok
13:59:32.0910 7944	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:59:32.0920 7944	Wd - ok
13:59:32.0980 7944	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:59:33.0000 7944	Wdf01000 - ok
13:59:33.0040 7944	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:59:33.0120 7944	WdiServiceHost - ok
13:59:33.0120 7944	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:59:33.0150 7944	WdiSystemHost - ok
13:59:33.0210 7944	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:59:33.0250 7944	WebClient - ok
13:59:33.0300 7944	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:59:33.0360 7944	Wecsvc - ok
13:59:33.0380 7944	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:59:33.0430 7944	wercplsupport - ok
13:59:33.0450 7944	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:59:33.0510 7944	WerSvc - ok
13:59:33.0580 7944	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:59:33.0620 7944	WfpLwf - ok
13:59:33.0640 7944	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:59:33.0660 7944	WIMMount - ok
13:59:33.0700 7944	WinDefend - ok
13:59:33.0700 7944	WinHttpAutoProxySvc - ok
13:59:33.0760 7944	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:59:33.0820 7944	Winmgmt - ok
13:59:34.0000 7944	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:59:34.0070 7944	WinRM - ok
13:59:34.0240 7944	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:59:34.0270 7944	WinUsb - ok
13:59:34.0370 7944	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:59:34.0420 7944	Wlansvc - ok
13:59:34.0490 7944	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:59:34.0500 7944	wlcrasvc - ok
13:59:34.0670 7944	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:59:34.0730 7944	wlidsvc - ok
13:59:34.0870 7944	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:59:34.0900 7944	WmiAcpi - ok
13:59:34.0950 7944	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:59:34.0990 7944	wmiApSrv - ok
13:59:35.0030 7944	WMPNetworkSvc - ok
13:59:35.0070 7944	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:59:35.0090 7944	WPCSvc - ok
13:59:35.0140 7944	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:59:35.0180 7944	WPDBusEnum - ok
13:59:35.0200 7944	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:59:35.0240 7944	ws2ifsl - ok
13:59:35.0270 7944	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:59:35.0300 7944	wscsvc - ok
13:59:35.0310 7944	WSearch - ok
13:59:35.0510 7944	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:59:35.0610 7944	wuauserv - ok
13:59:35.0742 7944	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:59:35.0802 7944	WudfPf - ok
13:59:35.0832 7944	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:59:35.0892 7944	WUDFRd - ok
13:59:35.0922 7944	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:59:35.0962 7944	wudfsvc - ok
13:59:36.0002 7944	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:59:36.0032 7944	WwanSvc - ok
13:59:36.0072 7944	xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
13:59:36.0082 7944	xusb21 - ok
13:59:36.0122 7944	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:59:36.0452 7944	\Device\Harddisk0\DR0 - ok
13:59:36.0482 7944	Boot (0x1200)   (5d09eac8a3124a0737d3fd080ea17ab3) \Device\Harddisk0\DR0\Partition0
13:59:36.0482 7944	\Device\Harddisk0\DR0\Partition0 - ok
13:59:36.0502 7944	Boot (0x1200)   (b91d3ce67c045843b5d3de6686d05578) \Device\Harddisk0\DR0\Partition1
13:59:36.0502 7944	\Device\Harddisk0\DR0\Partition1 - ok
13:59:36.0502 7944	============================================================
13:59:36.0502 7944	Scan finished
13:59:36.0502 7944	============================================================
13:59:36.0512 7940	Detected object count: 1
13:59:36.0512 7940	Actual detected object count: 1
14:09:14.0520 7940	Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
14:09:14.0520 7940	Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 19.06.2012, 15:36   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virusbefall - alle Dateien umgeschrieben/locked - Standard

Virusbefall - alle Dateien umgeschrieben/locked



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virusbefall - alle Dateien umgeschrieben/locked
administrator, anti-malware, appdata, autostart, avira, backdoor.messa, cache, dateien, dateisystem, geblockt, helper, heuristiks/extra, heuristiks/shuriken, microsoft, namen, nicht mehr, nicht mehr öffnen, pkg_0ll.exe, plötzlich, programme, pup.adware.installcore, pup.bundleinstaller.somoto, rechner, setup, software, speicher, startprogramme, temp, this, virus, öffnen



Ähnliche Themen: Virusbefall - alle Dateien umgeschrieben/locked


  1. Trojaner verschlüsselt Dateien ( Locked )
    Log-Analyse und Auswertung - 07.01.2014 (5)
  2. Locked-Dateien Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (5)
  3. Hab von Docmorris eine email mit Viren installiert. Alle Dateien unbrauchbar zum teil umgeschrieben
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (9)
  4. Bundestrojaner - Verschlüüselung der Dateien ohne Locked und Endung
    Log-Analyse und Auswertung - 01.09.2012 (1)
  5. locked dateien brauche original
    Log-Analyse und Auswertung - 27.07.2012 (1)
  6. Windows Verschlüsslungs Trojaner / keine .locked Dateien
    Log-Analyse und Auswertung - 13.06.2012 (1)
  7. Alle Daten mit locked gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (3)
  8. locked- , meine Dateien sind locked---virus- trojaner-würmer ?
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  9. Verschlüsselungstrojaner, alle Dateien "locked" Verfahrensweise?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (4)
  10. Dateien locked
    Log-Analyse und Auswertung - 30.05.2012 (1)
  11. Dateien locked
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (6)
  12. Trojaner/locked dateien
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  13. locked-Dateien - Verschlüsselungstrojaner?
    Log-Analyse und Auswertung - 03.05.2012 (1)
  14. In allen Laufwerken und alle Ordner sind geblockt - Verschlüsselt (Locked)
    Log-Analyse und Auswertung - 03.05.2012 (1)
  15. Trojaner? Rechnung.exe geöffnet aus Email, Dateien nun locked
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (12)
  16. (2x) Nach OTL alle Dateien auf dem Laptop locked und unbrauchbar
    Mülltonne - 26.04.2012 (1)
  17. explorer.exe und alle anderen starten nicht extremer virusbefall!!!
    Plagegeister aller Art und deren Bekämpfung - 07.08.2008 (5)

Zum Thema Virusbefall - alle Dateien umgeschrieben/locked - Hallo, ich bitte um Hilfe, habe schon seit einiger Zeit nen Gema Virus(Ich soll bezahlen wegen Verstoße xyz), der immer wieder mal mein Rechner geblockt hat. Im Abgesicherten Modus --> - Virusbefall - alle Dateien umgeschrieben/locked...
Archiv
Du betrachtest: Virusbefall - alle Dateien umgeschrieben/locked auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.