| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAOS.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.08.2012, 22:06
| #1 |
| |  TR/ATRAOS.Gen Hallo habe etwas installiert und habe danach nun die Meldung vom Virus TR/ATRAPS.Gen und TR/ATRAPS.Gen2. Der Ordner ist C:\Windows\Installer\...\800000.@ oder .... 8000xxxx.@ Nun habe ich einige scans durchgeführt, nach einer Anleitung im Board.. Jedoch weiss ich nicht wie ich den mist vom PC bekomme... Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 KURDI :: OMAR-TOSH [Administrator] 10.08.2012 16:46:37 mbam-log-2012-08-10 (16-46-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 327223 Laufzeit: 43 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000032.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bd503790d8927f49b5275aaa45448e44
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-10 08:47:43
# local_time=2012-08-10 10:47:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1392223 1392223 0 0
# compatibility_mode=5893 16776574 66 94 5109286 96257044 0 0
# compatibility_mode=8192 67108863 100 0 17074 17074 0 0
# scanned=138653
# found=6
# cleaned=0
# scan_time=4468
C:\Users\KURDI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TST2QXT4\firstload_com[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\000000cb.@ Win64/Conedex.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000000.@ Win64/Sirefef.AP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Sirefef.EZ trojan 00000000000000000000000000000000 I
AdwCleaner Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/10/2012 at 22:55:38
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : KURDI - OMAR-TOSH
# Running from : C:\Users\KURDI\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\KURDI\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\KURDI\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\KURDI\AppData\Roaming\pdfforge
***** [Registry] *****
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\DataMngr
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\DataMngr_Toolbar
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Software
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=NT_ss&mntrId=e249378800000000000082ca9491c296
-\\ Google Chrome v21.0.1180.75
File : C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "homepage": "hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=[...]
Found : "homepage": "hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e24[...]
*************************
AdwCleaner[R1].txt - [2256 octets] - [10/08/2012 22:52:59]
AdwCleaner[R2].txt - [2197 octets] - [10/08/2012 22:55:38]
########## EOF - C:\AdwCleaner[R2].txt - [2325 octets] ##########
OTL Code:
ATTFilter OTL logfile created on: 8/10/2012 11:07:25 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\KURDI\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.98 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 64.85% Memory free 11.96 Gb Paging File | 9.45 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.34 Gb Total Space | 94.94 Gb Free Space | 40.86% Space Free | Partition Type: NTFS Drive D: | 233.03 Gb Total Space | 97.95 Gb Free Space | 42.03% Space Free | Partition Type: NTFS Computer Name: OMAR-TOSH | User Name: KURDI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/10 17:53:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KURDI\Desktop\OTL.exe PRC - [2012/08/10 12:57:16 | 001,697,312 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012/08/08 21:11:39 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/07/24 22:36:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/06/13 18:15:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/20 07:37:00 | 001,204,224 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files (x86)\Athan\Athan.exe PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/05/11 19:49:32 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/01/13 10:22:24 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/12/03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010/09/06 17:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2010/08/23 17:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2010/08/23 17:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2012/08/10 12:57:16 | 002,049,056 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012/08/10 12:57:16 | 001,697,312 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010/11/21 05:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/03/08 21:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files (x86)\Athan\vbp.dll MOD - [2004/12/25 12:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files (x86)\Athan\vbh.dll MOD - [2004/03/20 13:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files (x86)\Athan\vbq.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2011/03/02 16:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2012/08/10 12:57:16 | 001,697,312 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012/08/03 03:05:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/24 22:36:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2011/05/11 19:49:32 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/04/12 11:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/31 16:39:59 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2011/07/08 18:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/10 18:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/01/27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2011/01/27 13:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/01/20 11:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/29 12:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/11 11:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2010/11/08 13:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/18 15:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010/08/30 11:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2010/06/18 17:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2010/04/26 12:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem) DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296 IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/13 18:15:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/15 23:29:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/18 20:50:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/08/10 12:57:16 | 000,000,000 | ---D | M] [2012/06/18 20:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KURDI\AppData\Roaming\mozilla\Extensions [2012/08/10 12:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/07/18 03:49:08 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\KURDI\APPDATA\ROAMING\THUNDERBIRD\PROFILES\NB0KNH0R.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103} [2012/06/18 20:50:54 | 000,564,663 | ---- | M] () (No name found) -- C:\USERS\KURDI\APPDATA\ROAMING\THUNDERBIRD\PROFILES\NB0KNH0R.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012/08/10 15:15:00 | 000,444,061 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15250 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-1995847068-316696525-3899958384-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1995847068-316696525-3899958384-1000..\Run: [TLH_PTFBPro] C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe (Technology Lighthouse) O4 - HKU\S-1-5-21-1995847068-316696525-3899958384-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{958C2FB5-8907-4338-A84A-8ACB0086B20B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FD0D3F-C049-4A48-BA0A-C576C92281C0}: DhcpNameServer = 50.30.0.51 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20 - AppInit_DLLs: (c:\progra~3\browse~1\22565~1.25\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{521f015c-b0f1-11e1-b98a-047d7b132b9a}\Shell - "" = AutoRun O33 - MountPoints2\{521f015c-b0f1-11e1-b98a-047d7b132b9a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/08/10 18:41:13 | 000,000,000 | ---D | C] -- C:\PFiles [2012/08/10 17:53:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\KURDI\Desktop\OTL.exe [2012/08/10 17:26:58 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4F0CAF5F-5975-4EBD-9A4D-93016F681A22} [2012/08/10 17:26:46 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{67459004-6208-4848-92DB-AF8837E94037} [2012/08/10 16:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/08/10 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Malwarebytes [2012/08/10 15:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/10 15:36:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/10 15:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/10 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/10 15:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/08/10 15:24:43 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/08/10 13:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/08/10 13:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/08/10 13:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/08/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Technology Lighthouse [2012/08/10 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Start Menu [2012/08/10 12:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/08/10 12:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012/08/10 12:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012/08/10 12:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTFB Pro [2012/08/10 12:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Technology Lighthouse [2012/08/10 12:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/08/10 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Desktop\HIER [2012/08/09 18:50:31 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Desktop\RemoteKeys [2012/08/09 14:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPro [2012/08/09 14:16:14 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Desktop\pwrpro42 [2012/08/08 22:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/08/08 14:11:28 | 000,000,000 | ---D | C] -- C:\Users\KURDI\.gigaflat [2012/08/08 14:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaflat - Free Usenet [2012/08/08 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigaflat [2012/08/07 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{40DC9924-0FBE-47C4-B5AB-9CBB303BF799} [2012/08/07 11:34:59 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{3EBD11F6-8B3A-48EA-9ACD-27BCB063155A} [2012/08/07 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{6A455C10-85FC-4A66-A4F6-0E906A333116} [2012/08/06 21:55:37 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{DEA1EBD7-4AF8-4E92-BD9C-FB5F22A9CD70} [2012/08/06 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{A4EBC6D0-8782-4E4D-90B2-BFE57457DE37} [2012/08/06 00:39:40 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7C479B4B-DADB-4F15-AEAF-C8952A522F43} [2012/08/06 00:39:29 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{3AF8415C-62F4-4BF6-9568-4373B327E195} [2012/08/05 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Documents\My Games [2012/08/05 16:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\THQ [2012/08/05 15:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ [2012/08/05 12:39:01 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{C33817FF-A1FE-470F-860A-326B4FB76C18} [2012/08/05 12:38:50 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{A155B56B-23AA-4269-98D7-B33718FDC57D} [2012/08/05 00:07:52 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7556D116-4037-481D-B241-70FEF6992455} [2012/08/05 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{E5D638DD-DCEB-42EC-B3AC-DC0000816D8F} [2012/08/04 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{9CCA39A2-15D9-45CF-92B7-E1C14E73556F} [2012/08/04 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{9340F964-B30F-4599-9FF0-E2BF328AAE5A} [2012/08/04 00:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2 [2012/08/04 00:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scavenger 3.2 [2012/08/04 00:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/08/04 00:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2012/08/03 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0A0DDEDE-CA9B-4230-9001-5C0A00DE2B27} [2012/08/02 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{325B218C-5C0B-46CE-9BBB-BDE7C7769A7F} [2012/08/02 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{40166BAF-881A-4B95-943B-29C7B5C6A853} [2012/08/02 15:00:20 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\Grewe [2012/08/02 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon [2012/08/02 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\preispilot [2012/08/02 10:39:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0632BBD3-6B52-4325-A94C-7131D848AE50} [2012/08/01 22:38:32 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{1A4B71CB-19AC-4A7B-AE01-51421BBDBC8E} [2012/08/01 22:38:20 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7DF0CF9D-85A7-478E-8EA1-E521CD470DE5} [2012/07/30 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{55619F1B-C1C2-4112-B11F-79E46F1AEF8C} [2012/07/30 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4FF9D0FE-8C4F-4129-B5D6-26AF5CD9BB99} [2012/07/29 22:43:02 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{571F4E58-4C05-4B4E-8108-2FD5F41A9119} [2012/07/29 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{69B1CC7B-D084-4FEF-9B49-0734681AF3C6} [2012/07/28 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4DE141D0-D7FB-4F7D-ACE4-1C92817177E3} [2012/07/28 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{ECAA62B2-FBA7-4A81-95C8-D8C7D72D8014} [2012/07/28 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{08CBDCC8-EC6B-4EC2-B4E6-444DAC36D15A} [2012/07/28 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{E87F9441-9FF8-4D19-ADE8-31FB45D89749} [2012/07/27 10:53:44 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4D9CC555-674B-4EBE-98AA-3BA48B4FBA2E} [2012/07/27 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0FF5AB1D-FD7D-4C28-9314-4F86C88D8D66} [2012/07/27 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{5E7FD2B4-E6F4-451D-82BA-80D8F36BEC44} [2012/07/25 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012/07/25 18:55:10 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Avira [2012/07/25 18:49:33 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/07/25 18:49:33 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/07/25 18:49:33 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/07/25 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/07/25 18:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/07/25 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/07/25 18:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/07/25 18:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012/07/25 17:56:28 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\Ubisoft Game Launcher [2012/07/25 17:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012/07/25 03:30:57 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{D7D37B75-546F-4276-BC81-F9CA09663444} [2012/07/25 03:30:44 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{2998FF12-9539-4539-A0C6-64B4412C5D20} [2012/07/24 22:36:38 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\PunkBuster [2012/07/22 23:01:45 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{936D8730-3118-49A3-AC69-E20C63A94714} [2012/07/22 23:01:33 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{F6856A72-59C6-4B7C-A109-D10A3590A1BF} [2012/07/22 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\MotioninJoy [2012/07/22 20:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy [2012/07/22 20:00:54 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [2012/07/22 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy [2012/07/22 17:48:30 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Documents\atari [2012/07/22 17:36:17 | 000,000,000 | ---D | C] -- C:\Spiele [2012/07/22 11:01:03 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{F0C36C20-FBA6-4860-86B2-7687A671A566} [2012/07/22 11:00:51 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{98211096-6902-47CF-AD8F-E76AFC2F8A68} [2012/07/21 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0B7B9E4B-6330-44D6-B9FD-FF09B2EC0E45} [2012/07/21 23:00:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{2D86AAC6-A0D7-4012-BB0A-45FF72479AA1} [2012/07/21 10:59:34 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{6E791330-202B-4D8D-A0DA-2EE3A8A07AA3} [2012/07/21 10:59:21 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{897118B4-03BD-4D4F-9480-FE6EAB2766CF} [2012/07/21 03:22:59 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2012/07/21 03:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan [2012/07/21 03:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\athan [2012/07/21 03:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Athan [2012/07/20 22:58:40 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{77FEA659-05BC-4CB0-87E2-4784C4EAE1DB} [2012/07/20 22:58:28 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{8775650E-35AC-469F-9F0E-73EB8AD7E839} [2012/07/20 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\RealNetworks [2012/07/20 10:58:12 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{384DB5F8-EF73-490E-A589-C62444FA4BD0} [2012/07/20 10:58:01 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{133EA7ED-A684-470A-B3FA-DC8E9133F8C1} [2012/07/19 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{3897316C-1638-4D5B-A053-5EFC62DAFD6C} [2012/07/19 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{19E6B077-B799-4E01-9A08-EAF4234BF46C} [2012/07/19 01:04:23 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{38478AD7-0552-48F0-BAF8-E70D7891856E} [2012/07/19 01:04:12 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{8078CDED-C314-4AFE-9C6F-8832FE9CED51} [2012/07/18 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\WinRAR [2012/07/18 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7CD6FAD2-88F5-4D56-BE0C-C8850B37583A} [2012/07/18 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{C05ED91D-BB43-45A7-9EBB-30F9726B9915} [2012/07/17 12:59:55 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{F4466B53-B282-4A04-B0AA-CBCEF0A58664} [2012/07/17 00:58:17 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{75C826D0-57E8-4E89-B059-157E7A94F6F4} [2012/07/16 12:57:39 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{89ACC6F4-F928-48FF-A411-F1D233A3F951} [2012/07/16 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{EE8AEB87-D45E-4B5E-AA02-97DA4E6045CD} [2012/07/16 09:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012/07/16 00:56:46 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{8719C048-B473-4D56-93C5-C7197BC9F5BC} [2012/07/16 00:56:34 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{BDECECF1-A19B-4F6F-9D3A-6777C7405977} [2012/07/15 23:32:43 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\DDMSettings [2012/07/15 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\DivX [2012/07/15 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012/07/15 23:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2012/07/15 23:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2012/07/15 23:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2012/07/15 23:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2012/07/15 23:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2012/07/15 12:56:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{9722E627-B96C-4723-B329-85E6C3C9386B} [2012/07/15 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{DC6CCE89-A037-4B64-8FF4-0D8E79104F33} [2012/07/14 11:57:54 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{43F61E0A-E0CB-4CC4-9663-91F1E88508A0} [2012/07/14 11:57:43 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{27B2CE8F-520B-4CBF-B047-7BDF516D8731} [2012/07/13 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{39FD0AE7-E9B0-4D96-9082-6F80CF73E98D} [2012/07/13 14:12:41 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{1CEDF3C5-A80F-4F65-B3C8-71338E96ABE8} [2012/07/13 02:12:16 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{1C3EF71C-2F7C-4B54-B5E7-CC69CC6E3126} [2012/07/13 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{BBF17FDD-0B78-4378-83F0-3FFF3D4634A7} [2012/07/12 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{EFF4FC93-A896-4822-8FB3-F27607CF51EB} [2012/07/12 14:11:37 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{24BE9219-B27C-4440-AECF-AFA1FF709963} [2012/07/12 00:51:29 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{6E6083AA-97CC-4D9F-A03D-F43007020A55} [2012/07/12 00:51:17 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{FF6C4432-4E98-417C-A502-D19C321A213B} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/10 23:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/10 22:15:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/10 17:53:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KURDI\Desktop\OTL.exe [2012/08/10 17:51:51 | 000,614,903 | ---- | M] () -- C:\Users\KURDI\Desktop\adwcleaner.exe [2012/08/10 16:04:36 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/10 16:04:36 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/10 16:01:24 | 000,002,042 | ---- | M] () -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012/08/10 15:58:08 | 000,000,000 | ---- | M] () -- C:\Users\KURDI\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat [2012/08/10 15:57:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/10 15:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/10 15:56:51 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys [2012/08/10 15:24:43 | 000,001,271 | ---- | M] () -- C:\Users\KURDI\Desktop\Revo Uninstaller.lnk [2012/08/10 15:15:00 | 000,444,061 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/10 12:57:09 | 000,000,315 | ---- | M] () -- C:\user.js [2012/08/09 19:51:11 | 000,088,567 | ---- | M] () -- C:\Users\KURDI\Desktop\Vorgehen_Backgroundcheck_Level0.pdf [2012/08/09 19:51:04 | 000,088,102 | ---- | M] () -- C:\Users\KURDI\Desktop\Einverständniserklärung für Backgroundcheck.pdf [2012/08/06 21:04:55 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2012/08/06 15:59:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/06 15:59:10 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/08/06 15:59:10 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/06 15:59:10 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/08/06 15:59:10 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/03 13:24:05 | 001,118,336 | ---- | M] () -- C:\Users\KURDI\Desktop\109.mp3 [2012/08/03 13:23:42 | 000,835,712 | ---- | M] () -- C:\Users\KURDI\Desktop\110.mp3 [2012/08/03 13:23:06 | 001,050,752 | ---- | M] () -- C:\Users\KURDI\Desktop\111.mp3 [2012/08/03 13:22:18 | 000,817,280 | ---- | M] () -- C:\Users\KURDI\Desktop\113.mp3 [2012/08/03 13:21:48 | 000,561,280 | ---- | M] () -- C:\Users\KURDI\Desktop\112.mp3 [2012/08/03 13:21:19 | 000,983,168 | ---- | M] () -- C:\Users\KURDI\Desktop\114.mp3 [2012/08/03 11:40:15 | 000,626,816 | ---- | M] () -- C:\Users\KURDI\Desktop\108.mp3 [2012/08/03 11:39:18 | 001,241,216 | ---- | M] () -- C:\Users\KURDI\Desktop\001.mp3 [2012/08/02 15:14:59 | 007,184,557 | ---- | M] () -- C:\Users\KURDI\Desktop\Omar Karadaghi.jpg [2012/08/02 14:59:21 | 000,845,790 | ---- | M] () -- C:\Users\KURDI\Desktop\ScannerInterface 3 Installer.zip [2012/08/02 14:33:30 | 000,078,804 | ---- | M] () -- C:\Users\KURDI\Desktop\C3000fax.tif [2012/08/02 11:36:32 | 000,766,464 | ---- | M] () -- C:\Users\KURDI\Desktop\the-beauty-of-mathematics.pps [2012/07/31 16:39:59 | 000,121,416 | ---- | M] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [2012/07/25 18:35:41 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012/07/24 22:36:49 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/07/24 22:36:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/07/24 03:36:05 | 000,022,586 | ---- | M] () -- C:\Users\KURDI\Desktop\WHS-Formular_Attest_Amtsarzt.pdf [2012/07/22 20:04:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012/07/22 20:04:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2012/07/22 17:43:05 | 000,000,752 | ---- | M] () -- C:\Users\KURDI\Desktop\Fahrenheit.lnk [2012/07/16 20:06:35 | 000,076,971 | ---- | M] () -- C:\Users\KURDI\Desktop\Bewerbungsbogen FPS Fahrer 2011_1.pdf [2012/07/16 02:06:27 | 000,428,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/12 11:29:49 | 000,000,026 | ---- | M] () -- C:\Users\KURDI\Desktop\Radio_Sarchnar.wax [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/10 18:14:26 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000032.@ [2012/08/10 18:14:26 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000064.@ [2012/08/10 18:14:25 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000000.@ [2012/08/10 17:51:50 | 000,614,903 | ---- | C] () -- C:\Users\KURDI\Desktop\adwcleaner.exe [2012/08/10 17:36:35 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000008.@ [2012/08/10 17:36:02 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\000000cb.@ [2012/08/10 17:01:38 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000004.@ [2012/08/10 15:24:43 | 000,001,271 | ---- | C] () -- C:\Users\KURDI\Desktop\Revo Uninstaller.lnk [2012/08/10 13:11:50 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\L\00000004.@ [2012/08/10 12:57:23 | 000,000,000 | ---- | C] () -- C:\Users\KURDI\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat [2012/08/10 12:57:08 | 000,000,315 | ---- | C] () -- C:\user.js [2012/08/09 19:51:11 | 000,088,567 | ---- | C] () -- C:\Users\KURDI\Desktop\Vorgehen_Backgroundcheck_Level0.pdf [2012/08/09 19:51:04 | 000,088,102 | ---- | C] () -- C:\Users\KURDI\Desktop\Einverständniserklärung für Backgroundcheck.pdf [2012/08/03 13:23:58 | 001,118,336 | ---- | C] () -- C:\Users\KURDI\Desktop\109.mp3 [2012/08/03 13:23:38 | 000,835,712 | ---- | C] () -- C:\Users\KURDI\Desktop\110.mp3 [2012/08/03 13:22:58 | 001,050,752 | ---- | C] () -- C:\Users\KURDI\Desktop\111.mp3 [2012/08/03 13:22:17 | 000,817,280 | ---- | C] () -- C:\Users\KURDI\Desktop\113.mp3 [2012/08/03 13:21:39 | 000,561,280 | ---- | C] () -- C:\Users\KURDI\Desktop\112.mp3 [2012/08/03 13:21:10 | 000,983,168 | ---- | C] () -- C:\Users\KURDI\Desktop\114.mp3 [2012/08/03 11:40:12 | 000,626,816 | ---- | C] () -- C:\Users\KURDI\Desktop\108.mp3 [2012/08/03 11:39:18 | 001,241,216 | ---- | C] () -- C:\Users\KURDI\Desktop\001.mp3 [2012/08/02 15:14:54 | 007,184,557 | ---- | C] () -- C:\Users\KURDI\Desktop\Omar Karadaghi.jpg [2012/08/02 14:57:23 | 000,845,790 | ---- | C] () -- C:\Users\KURDI\Desktop\ScannerInterface 3 Installer.zip [2012/08/02 14:33:29 | 000,078,804 | ---- | C] () -- C:\Users\KURDI\Desktop\C3000fax.tif [2012/08/02 11:36:31 | 000,766,464 | ---- | C] () -- C:\Users\KURDI\Desktop\the-beauty-of-mathematics.pps [2012/08/02 10:51:57 | 110,501,987 | ---- | C] () -- C:\Users\KURDI\Desktop\3527703969PhyDum.pdf [2012/07/24 22:36:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/07/24 22:36:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/07/24 03:36:17 | 000,022,586 | ---- | C] () -- C:\Users\KURDI\Desktop\WHS-Formular_Attest_Amtsarzt.pdf [2012/07/22 20:04:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012/07/22 20:04:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2012/07/22 17:43:05 | 000,000,752 | ---- | C] () -- C:\Users\KURDI\Desktop\Fahrenheit.lnk [2012/07/16 20:06:34 | 000,076,971 | ---- | C] () -- C:\Users\KURDI\Desktop\Bewerbungsbogen FPS Fahrer 2011_1.pdf [2012/07/16 09:28:31 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012/07/16 09:28:31 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012/07/16 09:28:31 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012/07/12 11:29:47 | 000,000,026 | ---- | C] () -- C:\Users\KURDI\Desktop\Radio_Sarchnar.wax [2012/06/05 11:29:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\@ [2012/06/05 11:29:20 | 000,002,048 | -HS- | C] () -- C:\Users\KURDI\AppData\Local\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\@ [2011/11/22 05:50:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012/08/02 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon [2012/06/12 11:47:48 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\EasyDuplicateFinder [2012/07/22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\MotioninJoy [2012/06/05 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\pdfforge [2012/06/04 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Picofactory [2012/07/24 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\PunkBuster [2012/06/04 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\stickies [2012/08/10 12:57:23 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Technology Lighthouse [2012/06/18 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Thunderbird [2012/06/07 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Toshiba [2012/06/04 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\TOSHIBA Online Product Information [2012/06/14 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WildTangent [2012/06/05 11:37:07 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WinBatch [2009/07/14 07:08:49 | 000,028,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012/06/05 11:06:39 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Adobe [2012/07/25 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Avira [2012/08/02 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon [2012/07/18 22:39:52 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\DivX [2012/06/12 11:47:48 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\EasyDuplicateFinder [2012/06/04 21:08:02 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Identities [2012/06/08 00:35:12 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\InstallShield [2012/06/04 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Macromedia [2012/08/10 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Malwarebytes [2012/06/30 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\MathematicaPlayer [2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Media Center Programs [2012/08/04 00:28:42 | 000,000,000 | --SD | M] -- C:\Users\KURDI\AppData\Roaming\Microsoft [2012/07/22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\MotioninJoy [2012/06/18 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Mozilla [2012/06/04 21:40:04 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Nero [2012/06/05 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\pdfforge [2012/06/04 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Picofactory [2012/07/24 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\PunkBuster [2012/08/03 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Real [2012/07/20 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\RealNetworks [2012/06/04 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\stickies [2012/08/10 12:57:23 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Technology Lighthouse [2012/06/18 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Thunderbird [2012/06/07 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Toshiba [2012/06/04 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\TOSHIBA Online Product Information [2012/08/07 06:24:57 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\vlc [2012/06/14 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WildTangent [2012/06/05 11:37:07 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WinBatch [2012/07/25 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012/08/02 14:58:31 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2012/08/10 12:56:30 | 007,226,248 | ---- | M] (Technology Lighthouse ) -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Templates\ptfbsetup.exe [2012/07/31 16:39:57 | 000,104,768 | ---- | M] (www.motioninjoy.com) -- C:\Users\KURDI\AppData\Roaming\MotioninJoy\DS3tool\update\DS3_Tool.exe [2011/02/17 22:39:13 | 000,835,440 | R--- | M] () -- C:\Users\KURDI\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe [2012/06/14 11:28:18 | 000,000,177 | ---- | M] () -- C:\Users\KURDI\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-toshiba.exe_filedata < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010/11/21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll < > < End of report > Geändert von Locke85 (10.08.2012 um 22:31 Uhr) |
|
15.08.2012, 16:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/ATRAOS.Gen Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
