Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/ATRAOS.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.08.2012, 23:06   #1
Locke85
 
TR/ATRAOS.Gen - Standard

TR/ATRAOS.Gen



Hallo habe etwas installiert und habe danach nun die Meldung vom Virus TR/ATRAPS.Gen und TR/ATRAPS.Gen2.
Der Ordner ist C:\Windows\Installer\...\800000.@ oder .... 8000xxxx.@

Nun habe ich einige scans durchgeführt, nach einer Anleitung im Board..
Jedoch weiss ich nicht wie ich den mist vom PC bekomme...

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KURDI :: OMAR-TOSH [Administrator]

10.08.2012 16:46:37
mbam-log-2012-08-10 (16-46-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 327223
Laufzeit: 43 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000032.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bd503790d8927f49b5275aaa45448e44
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-10 08:47:43
# local_time=2012-08-10 10:47:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1392223 1392223 0 0
# compatibility_mode=5893 16776574 66 94 5109286 96257044 0 0
# compatibility_mode=8192 67108863 100 0 17074 17074 0 0
# scanned=138653
# found=6
# cleaned=0
# scan_time=4468
C:\Users\KURDI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TST2QXT4\firstload_com[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000008.@	Win64/Agent.BA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\000000cb.@	Win64/Conedex.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000000.@	Win64/Sirefef.AP trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000032.@	a variant of Win32/Sirefef.FD trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Sirefef.EZ trojan	00000000000000000000000000000000	I
         

AdwCleaner
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/10/2012 at 22:55:38
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : KURDI - OMAR-TOSH
# Running from : C:\Users\KURDI\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\KURDI\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\KURDI\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\KURDI\AppData\Roaming\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\DataMngr
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\DataMngr_Toolbar
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=NT_ss&mntrId=e249378800000000000082ca9491c296

-\\ Google Chrome v21.0.1180.75

File : C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "homepage": "hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=[...]
Found :    "homepage": "hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e24[...]

*************************

AdwCleaner[R1].txt - [2256 octets] - [10/08/2012 22:52:59]
AdwCleaner[R2].txt - [2197 octets] - [10/08/2012 22:55:38]

########## EOF - C:\AdwCleaner[R2].txt - [2325 octets] ##########
         

OTL
Code:
ATTFilter
OTL logfile created on: 8/10/2012 11:07:25 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\KURDI\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.98 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 64.85% Memory free
11.96 Gb Paging File | 9.45 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.34 Gb Total Space | 94.94 Gb Free Space | 40.86% Space Free | Partition Type: NTFS
Drive D: | 233.03 Gb Total Space | 97.95 Gb Free Space | 42.03% Space Free | Partition Type: NTFS
 
Computer Name: OMAR-TOSH | User Name: KURDI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/10 17:53:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KURDI\Desktop\OTL.exe
PRC - [2012/08/10 12:57:16 | 001,697,312 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/08/08 21:11:39 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/24 22:36:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/06/13 18:15:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/20 07:37:00 | 001,204,224 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files (x86)\Athan\Athan.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/11 19:49:32 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/13 10:22:24 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/09/06 17:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2010/08/23 17:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/08/23 17:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/10 12:57:16 | 002,049,056 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/08/10 12:57:16 | 001,697,312 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/21 05:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/03/08 21:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files (x86)\Athan\vbp.dll
MOD - [2004/12/25 12:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files (x86)\Athan\vbh.dll
MOD - [2004/03/20 13:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files (x86)\Athan\vbq.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/03/02 16:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/08/10 12:57:16 | 001,697,312 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/08/03 03:05:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/24 22:36:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/05/11 19:49:32 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/12/20 19:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/12 11:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/31 16:39:59 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/07/08 18:06:08 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/10 18:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/27 13:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/20 11:26:46 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/12/17 20:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/29 12:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 11:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/11/08 13:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 15:14:02 | 000,042,096 | R--- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/30 11:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/18 17:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/04/26 12:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296
IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1995847068-316696525-3899958384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/13 18:15:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/15 23:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/18 20:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/08/10 12:57:16 | 000,000,000 | ---D | M]
 
[2012/06/18 20:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KURDI\AppData\Roaming\mozilla\Extensions
[2012/08/10 12:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/18 03:49:08 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\KURDI\APPDATA\ROAMING\THUNDERBIRD\PROFILES\NB0KNH0R.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2012/06/18 20:50:54 | 000,564,663 | ---- | M] () (No name found) -- C:\USERS\KURDI\APPDATA\ROAMING\THUNDERBIRD\PROFILES\NB0KNH0R.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=090812_ppc_3212_6&babsrc=HP_ss&mntrId=e249378800000000000082ca9491c296
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\KURDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012/08/10 15:15:00 | 000,444,061 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15250 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1995847068-316696525-3899958384-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1995847068-316696525-3899958384-1000..\Run: [TLH_PTFBPro] C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe (Technology Lighthouse)
O4 - HKU\S-1-5-21-1995847068-316696525-3899958384-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{958C2FB5-8907-4338-A84A-8ACB0086B20B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5FD0D3F-C049-4A48-BA0A-C576C92281C0}: DhcpNameServer = 50.30.0.51
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22565~1.25\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{521f015c-b0f1-11e1-b98a-047d7b132b9a}\Shell - "" = AutoRun
O33 - MountPoints2\{521f015c-b0f1-11e1-b98a-047d7b132b9a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/10 18:41:13 | 000,000,000 | ---D | C] -- C:\PFiles
[2012/08/10 17:53:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\KURDI\Desktop\OTL.exe
[2012/08/10 17:26:58 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4F0CAF5F-5975-4EBD-9A4D-93016F681A22}
[2012/08/10 17:26:46 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{67459004-6208-4848-92DB-AF8837E94037}
[2012/08/10 16:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/10 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Malwarebytes
[2012/08/10 15:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/10 15:36:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/10 15:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/10 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/10 15:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/08/10 15:24:43 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/08/10 13:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/10 13:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/10 13:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/10 12:57:23 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Technology Lighthouse
[2012/08/10 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Start Menu
[2012/08/10 12:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/08/10 12:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/08/10 12:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/08/10 12:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTFB Pro
[2012/08/10 12:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Technology Lighthouse
[2012/08/10 12:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/10 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Desktop\HIER
[2012/08/09 18:50:31 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Desktop\RemoteKeys
[2012/08/09 14:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPro
[2012/08/09 14:16:14 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Desktop\pwrpro42
[2012/08/08 22:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/08 14:11:28 | 000,000,000 | ---D | C] -- C:\Users\KURDI\.gigaflat
[2012/08/08 14:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaflat - Free Usenet
[2012/08/08 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigaflat
[2012/08/07 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{40DC9924-0FBE-47C4-B5AB-9CBB303BF799}
[2012/08/07 11:34:59 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{3EBD11F6-8B3A-48EA-9ACD-27BCB063155A}
[2012/08/07 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{6A455C10-85FC-4A66-A4F6-0E906A333116}
[2012/08/06 21:55:37 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{DEA1EBD7-4AF8-4E92-BD9C-FB5F22A9CD70}
[2012/08/06 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{A4EBC6D0-8782-4E4D-90B2-BFE57457DE37}
[2012/08/06 00:39:40 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7C479B4B-DADB-4F15-AEAF-C8952A522F43}
[2012/08/06 00:39:29 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{3AF8415C-62F4-4BF6-9568-4373B327E195}
[2012/08/05 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Documents\My Games
[2012/08/05 16:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\THQ
[2012/08/05 15:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/08/05 12:39:01 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{C33817FF-A1FE-470F-860A-326B4FB76C18}
[2012/08/05 12:38:50 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{A155B56B-23AA-4269-98D7-B33718FDC57D}
[2012/08/05 00:07:52 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7556D116-4037-481D-B241-70FEF6992455}
[2012/08/05 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{E5D638DD-DCEB-42EC-B3AC-DC0000816D8F}
[2012/08/04 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{9CCA39A2-15D9-45CF-92B7-E1C14E73556F}
[2012/08/04 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{9340F964-B30F-4599-9FF0-E2BF328AAE5A}
[2012/08/04 00:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
[2012/08/04 00:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scavenger 3.2
[2012/08/04 00:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/04 00:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
[2012/08/03 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0A0DDEDE-CA9B-4230-9001-5C0A00DE2B27}
[2012/08/02 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{325B218C-5C0B-46CE-9BBB-BDE7C7769A7F}
[2012/08/02 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{40166BAF-881A-4B95-943B-29C7B5C6A853}
[2012/08/02 15:00:20 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\Grewe
[2012/08/02 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon
[2012/08/02 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\preispilot
[2012/08/02 10:39:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0632BBD3-6B52-4325-A94C-7131D848AE50}
[2012/08/01 22:38:32 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{1A4B71CB-19AC-4A7B-AE01-51421BBDBC8E}
[2012/08/01 22:38:20 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7DF0CF9D-85A7-478E-8EA1-E521CD470DE5}
[2012/07/30 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{55619F1B-C1C2-4112-B11F-79E46F1AEF8C}
[2012/07/30 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4FF9D0FE-8C4F-4129-B5D6-26AF5CD9BB99}
[2012/07/29 22:43:02 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{571F4E58-4C05-4B4E-8108-2FD5F41A9119}
[2012/07/29 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{69B1CC7B-D084-4FEF-9B49-0734681AF3C6}
[2012/07/28 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4DE141D0-D7FB-4F7D-ACE4-1C92817177E3}
[2012/07/28 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{ECAA62B2-FBA7-4A81-95C8-D8C7D72D8014}
[2012/07/28 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{08CBDCC8-EC6B-4EC2-B4E6-444DAC36D15A}
[2012/07/28 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{E87F9441-9FF8-4D19-ADE8-31FB45D89749}
[2012/07/27 10:53:44 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{4D9CC555-674B-4EBE-98AA-3BA48B4FBA2E}
[2012/07/27 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0FF5AB1D-FD7D-4C28-9314-4F86C88D8D66}
[2012/07/27 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{5E7FD2B4-E6F4-451D-82BA-80D8F36BEC44}
[2012/07/25 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/07/25 18:55:10 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Avira
[2012/07/25 18:49:33 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/07/25 18:49:33 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/25 18:49:33 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/07/25 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/07/25 18:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/07/25 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/25 18:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/25 18:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/07/25 17:56:28 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\Ubisoft Game Launcher
[2012/07/25 17:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012/07/25 03:30:57 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{D7D37B75-546F-4276-BC81-F9CA09663444}
[2012/07/25 03:30:44 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{2998FF12-9539-4539-A0C6-64B4412C5D20}
[2012/07/24 22:36:38 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\PunkBuster
[2012/07/22 23:01:45 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{936D8730-3118-49A3-AC69-E20C63A94714}
[2012/07/22 23:01:33 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{F6856A72-59C6-4B7C-A109-D10A3590A1BF}
[2012/07/22 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\MotioninJoy
[2012/07/22 20:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012/07/22 20:00:54 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2012/07/22 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012/07/22 17:48:30 | 000,000,000 | ---D | C] -- C:\Users\KURDI\Documents\atari
[2012/07/22 17:36:17 | 000,000,000 | ---D | C] -- C:\Spiele
[2012/07/22 11:01:03 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{F0C36C20-FBA6-4860-86B2-7687A671A566}
[2012/07/22 11:00:51 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{98211096-6902-47CF-AD8F-E76AFC2F8A68}
[2012/07/21 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{0B7B9E4B-6330-44D6-B9FD-FF09B2EC0E45}
[2012/07/21 23:00:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{2D86AAC6-A0D7-4012-BB0A-45FF72479AA1}
[2012/07/21 10:59:34 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{6E791330-202B-4D8D-A0DA-2EE3A8A07AA3}
[2012/07/21 10:59:21 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{897118B4-03BD-4D4F-9480-FE6EAB2766CF}
[2012/07/21 03:22:59 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012/07/21 03:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan
[2012/07/21 03:22:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\athan
[2012/07/21 03:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Athan
[2012/07/20 22:58:40 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{77FEA659-05BC-4CB0-87E2-4784C4EAE1DB}
[2012/07/20 22:58:28 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{8775650E-35AC-469F-9F0E-73EB8AD7E839}
[2012/07/20 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\RealNetworks
[2012/07/20 10:58:12 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{384DB5F8-EF73-490E-A589-C62444FA4BD0}
[2012/07/20 10:58:01 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{133EA7ED-A684-470A-B3FA-DC8E9133F8C1}
[2012/07/19 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{3897316C-1638-4D5B-A053-5EFC62DAFD6C}
[2012/07/19 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{19E6B077-B799-4E01-9A08-EAF4234BF46C}
[2012/07/19 01:04:23 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{38478AD7-0552-48F0-BAF8-E70D7891856E}
[2012/07/19 01:04:12 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{8078CDED-C314-4AFE-9C6F-8832FE9CED51}
[2012/07/18 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\WinRAR
[2012/07/18 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{7CD6FAD2-88F5-4D56-BE0C-C8850B37583A}
[2012/07/18 01:00:57 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{C05ED91D-BB43-45A7-9EBB-30F9726B9915}
[2012/07/17 12:59:55 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{F4466B53-B282-4A04-B0AA-CBCEF0A58664}
[2012/07/17 00:58:17 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{75C826D0-57E8-4E89-B059-157E7A94F6F4}
[2012/07/16 12:57:39 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{89ACC6F4-F928-48FF-A411-F1D233A3F951}
[2012/07/16 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{EE8AEB87-D45E-4B5E-AA02-97DA4E6045CD}
[2012/07/16 09:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/07/16 00:56:46 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{8719C048-B473-4D56-93C5-C7197BC9F5BC}
[2012/07/16 00:56:34 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{BDECECF1-A19B-4F6F-9D3A-6777C7405977}
[2012/07/15 23:32:43 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\DDMSettings
[2012/07/15 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Roaming\DivX
[2012/07/15 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/07/15 23:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/07/15 23:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/07/15 23:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/07/15 23:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/07/15 23:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/07/15 12:56:08 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{9722E627-B96C-4723-B329-85E6C3C9386B}
[2012/07/15 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{DC6CCE89-A037-4B64-8FF4-0D8E79104F33}
[2012/07/14 11:57:54 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{43F61E0A-E0CB-4CC4-9663-91F1E88508A0}
[2012/07/14 11:57:43 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{27B2CE8F-520B-4CBF-B047-7BDF516D8731}
[2012/07/13 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{39FD0AE7-E9B0-4D96-9082-6F80CF73E98D}
[2012/07/13 14:12:41 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{1CEDF3C5-A80F-4F65-B3C8-71338E96ABE8}
[2012/07/13 02:12:16 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{1C3EF71C-2F7C-4B54-B5E7-CC69CC6E3126}
[2012/07/13 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{BBF17FDD-0B78-4378-83F0-3FFF3D4634A7}
[2012/07/12 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{EFF4FC93-A896-4822-8FB3-F27607CF51EB}
[2012/07/12 14:11:37 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{24BE9219-B27C-4440-AECF-AFA1FF709963}
[2012/07/12 00:51:29 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{6E6083AA-97CC-4D9F-A03D-F43007020A55}
[2012/07/12 00:51:17 | 000,000,000 | ---D | C] -- C:\Users\KURDI\AppData\Local\{FF6C4432-4E98-417C-A502-D19C321A213B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/10 23:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/10 22:15:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 17:53:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KURDI\Desktop\OTL.exe
[2012/08/10 17:51:51 | 000,614,903 | ---- | M] () -- C:\Users\KURDI\Desktop\adwcleaner.exe
[2012/08/10 16:04:36 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 16:04:36 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 16:01:24 | 000,002,042 | ---- | M] () -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/08/10 15:58:08 | 000,000,000 | ---- | M] () -- C:\Users\KURDI\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
[2012/08/10 15:57:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 15:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 15:56:51 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 15:24:43 | 000,001,271 | ---- | M] () -- C:\Users\KURDI\Desktop\Revo Uninstaller.lnk
[2012/08/10 15:15:00 | 000,444,061 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/10 12:57:09 | 000,000,315 | ---- | M] () -- C:\user.js
[2012/08/09 19:51:11 | 000,088,567 | ---- | M] () -- C:\Users\KURDI\Desktop\Vorgehen_Backgroundcheck_Level0.pdf
[2012/08/09 19:51:04 | 000,088,102 | ---- | M] () -- C:\Users\KURDI\Desktop\Einverständniserklärung für Backgroundcheck.pdf
[2012/08/06 21:04:55 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012/08/06 15:59:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 15:59:10 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/06 15:59:10 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 15:59:10 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/06 15:59:10 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 13:24:05 | 001,118,336 | ---- | M] () -- C:\Users\KURDI\Desktop\109.mp3
[2012/08/03 13:23:42 | 000,835,712 | ---- | M] () -- C:\Users\KURDI\Desktop\110.mp3
[2012/08/03 13:23:06 | 001,050,752 | ---- | M] () -- C:\Users\KURDI\Desktop\111.mp3
[2012/08/03 13:22:18 | 000,817,280 | ---- | M] () -- C:\Users\KURDI\Desktop\113.mp3
[2012/08/03 13:21:48 | 000,561,280 | ---- | M] () -- C:\Users\KURDI\Desktop\112.mp3
[2012/08/03 13:21:19 | 000,983,168 | ---- | M] () -- C:\Users\KURDI\Desktop\114.mp3
[2012/08/03 11:40:15 | 000,626,816 | ---- | M] () -- C:\Users\KURDI\Desktop\108.mp3
[2012/08/03 11:39:18 | 001,241,216 | ---- | M] () -- C:\Users\KURDI\Desktop\001.mp3
[2012/08/02 15:14:59 | 007,184,557 | ---- | M] () -- C:\Users\KURDI\Desktop\Omar Karadaghi.jpg
[2012/08/02 14:59:21 | 000,845,790 | ---- | M] () -- C:\Users\KURDI\Desktop\ScannerInterface 3 Installer.zip
[2012/08/02 14:33:30 | 000,078,804 | ---- | M] () -- C:\Users\KURDI\Desktop\C3000fax.tif
[2012/08/02 11:36:32 | 000,766,464 | ---- | M] () -- C:\Users\KURDI\Desktop\the-beauty-of-mathematics.pps
[2012/07/31 16:39:59 | 000,121,416 | ---- | M] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2012/07/25 18:35:41 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012/07/24 22:36:49 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/24 22:36:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/24 03:36:05 | 000,022,586 | ---- | M] () -- C:\Users\KURDI\Desktop\WHS-Formular_Attest_Amtsarzt.pdf
[2012/07/22 20:04:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/07/22 20:04:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/07/22 17:43:05 | 000,000,752 | ---- | M] () -- C:\Users\KURDI\Desktop\Fahrenheit.lnk
[2012/07/16 20:06:35 | 000,076,971 | ---- | M] () -- C:\Users\KURDI\Desktop\Bewerbungsbogen FPS Fahrer 2011_1.pdf
[2012/07/16 02:06:27 | 000,428,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 11:29:49 | 000,000,026 | ---- | M] () -- C:\Users\KURDI\Desktop\Radio_Sarchnar.wax
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/10 18:14:26 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000032.@
[2012/08/10 18:14:26 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000064.@
[2012/08/10 18:14:25 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\80000000.@
[2012/08/10 17:51:50 | 000,614,903 | ---- | C] () -- C:\Users\KURDI\Desktop\adwcleaner.exe
[2012/08/10 17:36:35 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000008.@
[2012/08/10 17:36:02 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\000000cb.@
[2012/08/10 17:01:38 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\U\00000004.@
[2012/08/10 15:24:43 | 000,001,271 | ---- | C] () -- C:\Users\KURDI\Desktop\Revo Uninstaller.lnk
[2012/08/10 13:11:50 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\L\00000004.@
[2012/08/10 12:57:23 | 000,000,000 | ---- | C] () -- C:\Users\KURDI\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
[2012/08/10 12:57:08 | 000,000,315 | ---- | C] () -- C:\user.js
[2012/08/09 19:51:11 | 000,088,567 | ---- | C] () -- C:\Users\KURDI\Desktop\Vorgehen_Backgroundcheck_Level0.pdf
[2012/08/09 19:51:04 | 000,088,102 | ---- | C] () -- C:\Users\KURDI\Desktop\Einverständniserklärung für Backgroundcheck.pdf
[2012/08/03 13:23:58 | 001,118,336 | ---- | C] () -- C:\Users\KURDI\Desktop\109.mp3
[2012/08/03 13:23:38 | 000,835,712 | ---- | C] () -- C:\Users\KURDI\Desktop\110.mp3
[2012/08/03 13:22:58 | 001,050,752 | ---- | C] () -- C:\Users\KURDI\Desktop\111.mp3
[2012/08/03 13:22:17 | 000,817,280 | ---- | C] () -- C:\Users\KURDI\Desktop\113.mp3
[2012/08/03 13:21:39 | 000,561,280 | ---- | C] () -- C:\Users\KURDI\Desktop\112.mp3
[2012/08/03 13:21:10 | 000,983,168 | ---- | C] () -- C:\Users\KURDI\Desktop\114.mp3
[2012/08/03 11:40:12 | 000,626,816 | ---- | C] () -- C:\Users\KURDI\Desktop\108.mp3
[2012/08/03 11:39:18 | 001,241,216 | ---- | C] () -- C:\Users\KURDI\Desktop\001.mp3
[2012/08/02 15:14:54 | 007,184,557 | ---- | C] () -- C:\Users\KURDI\Desktop\Omar Karadaghi.jpg
[2012/08/02 14:57:23 | 000,845,790 | ---- | C] () -- C:\Users\KURDI\Desktop\ScannerInterface 3 Installer.zip
[2012/08/02 14:33:29 | 000,078,804 | ---- | C] () -- C:\Users\KURDI\Desktop\C3000fax.tif
[2012/08/02 11:36:31 | 000,766,464 | ---- | C] () -- C:\Users\KURDI\Desktop\the-beauty-of-mathematics.pps
[2012/08/02 10:51:57 | 110,501,987 | ---- | C] () -- C:\Users\KURDI\Desktop\3527703969PhyDum.pdf
[2012/07/24 22:36:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/24 22:36:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/24 03:36:17 | 000,022,586 | ---- | C] () -- C:\Users\KURDI\Desktop\WHS-Formular_Attest_Amtsarzt.pdf
[2012/07/22 20:04:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/07/22 20:04:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/07/22 17:43:05 | 000,000,752 | ---- | C] () -- C:\Users\KURDI\Desktop\Fahrenheit.lnk
[2012/07/16 20:06:34 | 000,076,971 | ---- | C] () -- C:\Users\KURDI\Desktop\Bewerbungsbogen FPS Fahrer 2011_1.pdf
[2012/07/16 09:28:31 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012/07/16 09:28:31 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012/07/16 09:28:31 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/07/12 11:29:47 | 000,000,026 | ---- | C] () -- C:\Users\KURDI\Desktop\Radio_Sarchnar.wax
[2012/06/05 11:29:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\@
[2012/06/05 11:29:20 | 000,002,048 | -HS- | C] () -- C:\Users\KURDI\AppData\Local\{c4c0e541-2a21-3ae3-79f2-4a550137480f}\@
[2011/11/22 05:50:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012/08/02 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon
[2012/06/12 11:47:48 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\EasyDuplicateFinder
[2012/07/22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\MotioninJoy
[2012/06/05 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\pdfforge
[2012/06/04 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Picofactory
[2012/07/24 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\PunkBuster
[2012/06/04 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\stickies
[2012/08/10 12:57:23 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Technology Lighthouse
[2012/06/18 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Thunderbird
[2012/06/07 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Toshiba
[2012/06/04 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\TOSHIBA Online Product Information
[2012/06/14 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WildTangent
[2012/06/05 11:37:07 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WinBatch
[2009/07/14 07:08:49 | 000,028,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/06/05 11:06:39 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Adobe
[2012/07/25 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Avira
[2012/08/02 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon
[2012/07/18 22:39:52 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\DivX
[2012/06/12 11:47:48 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\EasyDuplicateFinder
[2012/06/04 21:08:02 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Identities
[2012/06/08 00:35:12 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\InstallShield
[2012/06/04 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Macromedia
[2012/08/10 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Malwarebytes
[2012/06/30 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\MathematicaPlayer
[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Media Center Programs
[2012/08/04 00:28:42 | 000,000,000 | --SD | M] -- C:\Users\KURDI\AppData\Roaming\Microsoft
[2012/07/22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\MotioninJoy
[2012/06/18 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Mozilla
[2012/06/04 21:40:04 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Nero
[2012/06/05 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\pdfforge
[2012/06/04 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Picofactory
[2012/07/24 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\PunkBuster
[2012/08/03 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Real
[2012/07/20 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\RealNetworks
[2012/06/04 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\stickies
[2012/08/10 12:57:23 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Technology Lighthouse
[2012/06/18 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Thunderbird
[2012/06/07 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\Toshiba
[2012/06/04 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\TOSHIBA Online Product Information
[2012/08/07 06:24:57 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\vlc
[2012/06/14 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WildTangent
[2012/06/05 11:37:07 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WinBatch
[2012/07/25 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\KURDI\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/08/02 14:58:31 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\KURDI\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012/08/10 12:56:30 | 007,226,248 | ---- | M] (Technology Lighthouse                                       ) -- C:\Users\KURDI\AppData\Roaming\Microsoft\Windows\Templates\ptfbsetup.exe
[2012/07/31 16:39:57 | 000,104,768 | ---- | M] (www.motioninjoy.com) -- C:\Users\KURDI\AppData\Roaming\MotioninJoy\DS3tool\update\DS3_Tool.exe
[2011/02/17 22:39:13 | 000,835,440 | R--- | M] () -- C:\Users\KURDI\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2012/06/14 11:28:18 | 000,000,177 | ---- | M] () -- C:\Users\KURDI\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-toshiba.exe_filedata
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
<           >

< End of report >
         

Geändert von Locke85 (10.08.2012 um 23:31 Uhr)

Alt 15.08.2012, 17:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/ATRAOS.Gen - Standard

TR/ATRAOS.Gen



Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu TR/ATRAOS.Gen
00000008.@, 4d36e972-e325-11ce-bfc1-08002be10318, administrator, anti-malware, appdata, application/pdf:, autostart, browser manager, code, dateien, desktop, document, downloader, escan, explorer, gelöscht, google, home, homepage, lightning, logfile, microsoft, opera, ordner, registry, roaming, safer networking, software, tr/atraps.gen, tracker, variant, virus, wildtangent games, win32/sirefef.ez, win32/sirefef.fd, windows




Zum Thema TR/ATRAOS.Gen - Hallo habe etwas installiert und habe danach nun die Meldung vom Virus TR/ATRAPS.Gen und TR/ATRAPS.Gen2. Der Ordner ist C:\Windows\Installer\...\800000.@ oder .... 8000xxxx.@ Nun habe ich einige scans durchgeführt, nach einer - TR/ATRAOS.Gen...
Archiv
Du betrachtest: TR/ATRAOS.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.