Trojaner-Board - Virusbefall - alle Dateien umgeschrieben/locked

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Virusbefall - alle Dateien umgeschrieben/locked (https://www.trojaner-board.de/117254-virusbefall-alle-dateien-umgeschrieben-locked.html)

Virusbefall - alle Dateien umgeschrieben/locked

Hallo,

ich bitte um Hilfe, habe schon seit einiger Zeit nen Gema Virus(Ich soll bezahlen wegen Verstoße xyz), der immer wieder mal mein Rechner geblockt hat. Im Abgesicherten Modus --> MSConfig habe ich den dann aber immer wieder unter Startprogramme deaktiviert, dort schlummern jetzt ne menge deaktivierter Programme mit ominösen namen, teilweise auch Russisch.

Vor einer Woche hatte mein Rechenr plötzlich stark gearbeitet obwohl ich nichts großes gemacht habe. Er hat fast alle Dateien umgeschreiben/unlocked welche sich jetzt nicht mehr öffnen lassen. Auch Bewerbungen etc..
z.B. locked-DSCF3040.JPG.vgrg

Ich hoffe ihr könnt mir helfen!?
Danke im vorraus.

In Avira habe ich auch noch 3 Dateien in Quarantäne

Gruß

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: HUBI [Administrator]

Schutz: Aktiviert

13.06.2012 14:18:36
mbam-log-2012-06-13 (15-20-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373734
Laufzeit: 1 Stunde(n), 1 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{XcGP2KlK-yYb9-SgBR-by0z-t15cbOOQlbbd} (Backdoor.Messa) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001ca6 (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Temp\pkg_0ll.exe (Trojan.XBuild) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Philipp\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten!

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Ok sorry, habe ich nachgeholt ist jetzt alles in Quarantäne!

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: HUBI [Administrator]

Schutz: Aktiviert

16.06.2012 13:17:13
mbam-log-2012-06-16 (13-17-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377580
Laufzeit: 57 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{XcGP2KlK-yYb9-SgBR-by0z-t15cbOOQlbbd} (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001ca6 (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Wie empfohlen.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 12:42:15
# local_time=2012-06-18 02:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 21181065 21181065 0 0
# compatibility_mode=5893 16776574 100 94 39036342 91648601 0 0
# compatibility_mode=8192 67108863 100 0 125 125 0 0
# scanned=180866
# found=5
# cleaned=0
# scan_time=4583
C:\Users\Philipp\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\Local\Temp\is1590112554\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe probably a variant of Win32/Adware.HLQFYSH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\Local\Temp\is1590112554\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5f949778-7b649df0 Java/Exploit.Agent.NCI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\54baa.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

1. Ja der normale Modus läuft uneingeschränkt, abgesehen von den vielen Dateien die ich nicht mehr benutzen kann. Wobei z.B. Fifa12 noch geht aber mein altes Profil war nicht mehr verfügbar. Allerdings ist Fifa das kleinste Problem.

2. Im Startmenü fällt mir nichts ungewöhnliches auf.

Gruß

Und den Adobe Flash Player muss ich glaube neu installieren, ich habe zwar keine einschränkungen beim browsen aber z.B. bei Bild.de will er immer den Adobe installieren.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Danke für deinen Einsatz!
Außerdem gab es noch eine Textdatei namens Extras.

Code:

OTL logfile created on: 18.06.2012 21:54:35 - Run 1

OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Philipp\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,90% Memory free

7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,04 Gb Total Space | 15,61 Gb Free Space | 10,48% Space Free | Partition Type: NTFS

Drive D: | 148,65 Gb Total Space | 112,80 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

 

Computer Name: HUBI | User Name: Philipp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.18 21:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe

PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 15:50:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

PRC - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.06.03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2012.06.18 18:29:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)

SRV - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)

SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 15:50:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 15:50:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.04.25 16:45:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.12.21 23:47:25 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.04.27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.02.20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010.02.03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{436E383C-0E08-48A1-A2C2-7023F2BF3EE3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.07 19:35:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.11.14 17:18:24 | 000,000,000 | ---D | M]

 

[2011.10.21 21:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions

[2012.06.13 14:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com

[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com

[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi

[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz

[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy

[2011.10.26 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.08.06 13:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2011.09.20 14:28:30 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\locked-.egpa

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\locked-.nonq

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\locked-.qtjf

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.lslr

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE556F15-F563-422D-B023-7D818ACEEA86}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)

MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: UpgradeHelper - hkey= - key= -  File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX:64bit: >{72D2FA70-A635-4482-AF23-546AD89A696B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)

Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)

Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)

Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koyote Soft Toolbar

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2012.06.18 13:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.13 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.13 14:17:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.13 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.06.07 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PDF24

[2012.06.07 14:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.06.07 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24

[2012.06.06 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Eric_Deutsch

[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.05.22 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011.10.21 21:16:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.18 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.18 17:40:41 | 001,558,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.18 17:40:41 | 000,684,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.18 17:40:41 | 000,625,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.18 17:40:41 | 000,139,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.18 17:40:41 | 000,115,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.18 17:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:32:49 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.16 19:27:52 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk

[2012.06.15 16:00:59 | 000,007,604 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.14 17:19:06 | 000,000,193 | ---- | M] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.14 17:06:19 | 000,324,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.13 14:17:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.13 14:07:23 | 000,000,359 | ---- | M] () -- C:\user.js

[2012.06.07 14:48:18 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 18:30:35 | 001,070,732 | ---- | M] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 16:58:32 | 003,262,159 | ---- | M] () -- C:\Users\Philipp\locked-DSCF3040.JPG

[2012.06.06 16:57:21 | 003,490,686 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme2.odt.tqdf

[2012.06.06 16:57:21 | 000,058,949 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Unbenannt 1.odt.iibh

[2012.06.06 16:57:21 | 000,022,283 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Schlussund Vorwort.odt.srzh

[2012.06.06 16:57:21 | 000,011,030 | ---- | M] () -- C:\Users\Philipp\Documents\locked-selbständigkseitserklärung.odt.ywfy

[2012.06.06 16:57:21 | 000,003,141 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme.rtf.llgr

[2012.06.06 16:57:21 | 000,001,728 | ---- | M] () -- C:\Users\Philipp\Documents\locked-RK_KG.rtf.ddtx

[2012.06.06 16:56:48 | 000,043,297 | ---- | M] () -- C:\Users\Philipp\Documents\locked-HSV Dresden_Mitgliedsänderung.pdf.jdno

[2012.06.06 16:56:48 | 000,033,023 | ---- | M] () -- C:\Users\Philipp\Documents\locked-kalorien-verbrauch-tabelle.gif.wmcy

[2012.06.06 16:56:46 | 001,700,202 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Ganzseitiges Foto.pdf.aapv

[2012.06.06 16:56:39 | 005,681,929 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Flyer_BW.pdf.uueu

[2012.06.06 16:56:39 | 000,194,235 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.odt.rril

[2012.06.06 16:56:39 | 000,010,004 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.PDF

[2012.06.06 16:56:37 | 001,361,327 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner3.rtf.zslr

[2012.06.06 16:56:37 | 000,200,037 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner2.rtf.fjxt

[2012.06.06 16:56:37 | 000,003,079 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner4.rtf.aage

[2012.06.06 16:56:36 | 000,344,107 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit_Fertig.odt.rlle

[2012.06.06 16:56:36 | 000,200,486 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner.rtf.yycp

[2012.06.06 16:56:36 | 000,061,294 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_open_office.odt.zhzi

[2012.06.06 16:56:36 | 000,058,097 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad2.odt.wyyw

[2012.06.06 16:56:36 | 000,030,536 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina3.odt.puap

[2012.06.06 16:56:36 | 000,028,769 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Europa-SK.odt.eelu

[2012.06.06 16:56:36 | 000,018,784 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina.odt.kyfk

[2012.06.06 16:56:36 | 000,010,732 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina2.odt.ppyf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung.odt.pcmf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung - Kopie.odt.cyyc

[2012.06.06 16:56:36 | 000,007,192 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad.odt.qqjt

[2012.06.06 16:56:36 | 000,007,183 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-Ernährung.odt.vvua

[2012.06.06 16:56:36 | 000,002,803 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule.rtf.kywk

[2012.06.06 16:56:36 | 000,002,130 | ---- | M] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.06.06 16:56:36 | 000,001,248 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.06.06 16:56:35 | 000,023,040 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht.dot.xxtn

[2012.06.06 16:56:35 | 000,021,519 | ---- | M] () -- C:\Users\Philipp\Documents\locked-bundesvverfassungsgericht.odt.ftof

[2012.06.06 16:56:35 | 000,021,450 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_ohne_Lösungen.odt.ugeu

[2012.06.06 16:56:35 | 000,021,210 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_mit_Lösungen.odt.cwkc

[2012.06.06 16:56:35 | 000,021,077 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Die_Vermessung_der_Welt_Stilmittel.odt.yycy

[2012.06.06 16:56:34 | 028,906,460 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scotch - Samstag 2 (Nachgetreten) live @ Fahrenheit100 08.10.2011.avi.fonf

[2012.06.06 16:56:34 | 001,553,208 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-softonic_ggl_1.5.11.5.exe.nodq

[2012.06.06 16:56:34 | 000,507,904 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-video_converter.exe.zrrh

[2012.06.06 16:56:34 | 000,299,892 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20 x 25 cm (1).pdf.xtot

[2012.06.06 16:56:34 | 000,204,283 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-SX_110_Reflex_Active_c_h_509d.pdf.urel

[2012.06.06 16:56:34 | 000,045,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvss.png.fmyf

[2012.06.06 16:56:34 | 000,044,730 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvssd.png.lbnl

[2012.06.06 16:56:34 | 000,030,991 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xvvbdf.png.ppgl

[2012.06.06 16:56:34 | 000,027,502 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20120811_BAEHR_7FLAWP.pdf.nlhn

[2012.06.06 16:56:34 | 000,006,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Stchpunkte.odt.palg

[2012.06.06 16:56:34 | 000,000,984 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xetudebo.dlc.xxno

[2012.06.06 16:56:34 | 000,000,109 | ---- | M] () -- C:\Users\Philipp\Documents\locked-.~lock.Europa-SK.odt#.ffdx

[2012.06.06 16:56:33 | 000,009,928 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scheinheilig.odt.cfyy

[2012.06.06 16:56:32 | 081,683,527 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-KWaJZ-WathThr.rar.nxqj

[2012.06.06 16:56:32 | 025,315,962 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.avi.xnxt

[2012.06.06 16:56:32 | 013,644,588 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.mp4.otxq

[2012.06.06 16:56:32 | 001,328,939 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-NationalHarvestGuide.pdf.slsb

[2012.06.06 16:56:32 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Minecraft.exe.ywwk

[2012.06.06 16:56:32 | 000,131,349 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-kfz_unfallbericht.pdf.lpuv

[2012.06.06 16:56:32 | 000,078,401 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Lebenslauf.pdf.cmyk

[2012.06.06 16:56:32 | 000,064,303 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Deckblatt.pdf.ppul

[2012.06.06 16:56:32 | 000,013,903 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Bewerbung.pdf.kpcy

[2012.06.06 16:56:32 | 000,011,619 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nic-Nico.rar.jxqd

[2012.06.06 16:55:31 | 733,894,656 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-crcl-new.moon.xvid.avi.hhnr

[2012.06.06 16:55:31 | 003,193,666 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-cdrtfe-1.3.9.zip.lgel

[2012.06.06 16:55:31 | 002,110,084 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-facharbeiten.pdf.wwym

[2012.06.06 16:55:31 | 000,986,872 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-FreemakeVideoDownloaderSetup.exe.lrev

[2012.06.06 16:55:31 | 000,305,380 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Dok133.odt.ykyc

[2012.06.06 16:55:31 | 000,278,243 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.pdf.pymp

[2012.06.06 16:55:31 | 000,020,441 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-d vortrag 6.2.odt.reuv

[2012.06.06 16:55:31 | 000,016,412 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-dynamo dresden mein verein.odt.uleu

[2012.06.06 16:55:31 | 000,010,272 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung.odt.btno

[2012.06.06 16:55:31 | 000,009,905 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.odt.rrbi

[2012.06.06 16:55:31 | 000,009,031 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Die Presse.odt.ccyp

[2012.06.06 16:55:31 | 000,007,274 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-eng.odt.wmyf

[2012.06.06 16:55:31 | 000,005,572 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hangover.2.DVDRiP.LD.German.XViD-ExPERT-9lcoatlnw7r4.dlc.nnof

[2012.06.06 16:55:31 | 000,004,827 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hallo Herr Dietze.odt.cypm

[2012.06.06 16:55:29 | 132,632,576 | ---- | M] () -- C:\Users\Philipp\locked-DBFahrplaninfo.exe.glpg

[2012.06.06 16:55:29 | 000,043,679 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvmb.png.eulr

[2012.06.06 16:55:29 | 000,041,458 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvm.png.kkyf

[2012.06.06 16:55:29 | 000,008,312 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Ausbau des Armaturenbrettes beim Swift.pdf.pvul

[2012.06.06 16:55:28 | 000,447,636 | ---- | M] () -- C:\Users\Philipp\locked-BWL-Phillip2.pdf.mmpc

[2012.06.06 16:54:51 | 000,001,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2012.06.06 16:54:41 | 000,007,859 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2012.06.06 16:54:27 | 000,099,384 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2012.06.06 16:54:23 | 000,306,688 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2012.06.06 16:54:23 | 000,230,400 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.06.06 16:54:00 | 000,007,601 | ---- | M] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.14 17:19:06 | 000,000,193 | ---- | C] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.13 14:17:21 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.07 14:48:18 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 22:13:03 | 000,007,604 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.06 18:30:30 | 001,070,732 | ---- | C] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 17:35:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.03 20:46:53 | 000,002,130 | ---- | C] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.05.23 16:30:40 | 000,007,601 | ---- | C] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[2012.05.21 20:32:53 | 000,001,248 | ---- | C] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.05.18 13:30:19 | 000,230,400 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.04.09 22:15:03 | 000,306,688 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2011.11.09 21:41:16 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.09 21:41:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.10.21 21:26:25 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.10.21 21:26:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.10.21 21:16:38 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2011.10.21 21:16:38 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2011.10.21 21:16:38 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf

[2011.10.21 20:59:05 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.21 20:31:47 | 000,001,057 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2011.10.06 17:51:15 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.06.08 16:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.03.26 19:11:33 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.22 00:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2010.12.21 23:52:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

 
 ========== LOP Check ==========

 

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.03.25 09:09:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.15 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2011.10.17 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2012.04.03 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Help

[2012.04.06 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities

[2011.03.22 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs

[2012.05.18 13:15:17 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft

[2011.04.23 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2011.03.22 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nero

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2011.04.06 17:57:29 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM

[2012.06.13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.06.06 16:54:10 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\.minecraft\Minecraft.exe

[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Danke für deinen Einsatz!

Code:

OTL logfile created on: 18.06.2012 21:54:35 - Run 1

OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Philipp\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,90% Memory free

7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,04 Gb Total Space | 15,61 Gb Free Space | 10,48% Space Free | Partition Type: NTFS

Drive D: | 148,65 Gb Total Space | 112,80 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

 

Computer Name: HUBI | User Name: Philipp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.18 21:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe

PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 15:50:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

PRC - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.06.03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2012.06.18 18:29:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)

SRV - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)

SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 15:50:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 15:50:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.04.25 16:45:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.12.21 23:47:25 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.04.27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.02.20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010.02.03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{436E383C-0E08-48A1-A2C2-7023F2BF3EE3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.07 19:35:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.11.14 17:18:24 | 000,000,000 | ---D | M]

 

[2011.10.21 21:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions

[2012.06.13 14:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com

[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com

[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi

[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz

[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy

[2011.10.26 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.08.06 13:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2011.09.20 14:28:30 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\locked-.egpa

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\locked-.nonq

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\locked-.qtjf

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.lslr

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE556F15-F563-422D-B023-7D818ACEEA86}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)

MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: UpgradeHelper - hkey= - key= -  File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX:64bit: >{72D2FA70-A635-4482-AF23-546AD89A696B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)

Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)

Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)

Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koyote Soft Toolbar

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2012.06.18 13:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.13 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.13 14:17:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.13 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.06.07 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PDF24

[2012.06.07 14:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.06.07 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24

[2012.06.06 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Eric_Deutsch

[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.05.22 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011.10.21 21:16:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.18 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.18 17:40:41 | 001,558,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.18 17:40:41 | 000,684,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.18 17:40:41 | 000,625,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.18 17:40:41 | 000,139,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.18 17:40:41 | 000,115,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.18 17:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:32:49 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.16 19:27:52 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk

[2012.06.15 16:00:59 | 000,007,604 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.14 17:19:06 | 000,000,193 | ---- | M] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.14 17:06:19 | 000,324,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.13 14:17:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.13 14:07:23 | 000,000,359 | ---- | M] () -- C:\user.js

[2012.06.07 14:48:18 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 18:30:35 | 001,070,732 | ---- | M] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 16:58:32 | 003,262,159 | ---- | M] () -- C:\Users\Philipp\locked-DSCF3040.JPG

[2012.06.06 16:57:21 | 003,490,686 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme2.odt.tqdf

[2012.06.06 16:57:21 | 000,058,949 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Unbenannt 1.odt.iibh

[2012.06.06 16:57:21 | 000,022,283 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Schlussund Vorwort.odt.srzh

[2012.06.06 16:57:21 | 000,011,030 | ---- | M] () -- C:\Users\Philipp\Documents\locked-selbständigkseitserklärung.odt.ywfy

[2012.06.06 16:57:21 | 000,003,141 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme.rtf.llgr

[2012.06.06 16:57:21 | 000,001,728 | ---- | M] () -- C:\Users\Philipp\Documents\locked-RK_KG.rtf.ddtx

[2012.06.06 16:56:48 | 000,043,297 | ---- | M] () -- C:\Users\Philipp\Documents\locked-HSV Dresden_Mitgliedsänderung.pdf.jdno

[2012.06.06 16:56:48 | 000,033,023 | ---- | M] () -- C:\Users\Philipp\Documents\locked-kalorien-verbrauch-tabelle.gif.wmcy

[2012.06.06 16:56:46 | 001,700,202 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Ganzseitiges Foto.pdf.aapv

[2012.06.06 16:56:39 | 005,681,929 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Flyer_BW.pdf.uueu

[2012.06.06 16:56:39 | 000,194,235 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.odt.rril

[2012.06.06 16:56:39 | 000,010,004 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.PDF

[2012.06.06 16:56:37 | 001,361,327 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner3.rtf.zslr

[2012.06.06 16:56:37 | 000,200,037 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner2.rtf.fjxt

[2012.06.06 16:56:37 | 000,003,079 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner4.rtf.aage

[2012.06.06 16:56:36 | 000,344,107 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit_Fertig.odt.rlle

[2012.06.06 16:56:36 | 000,200,486 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner.rtf.yycp

[2012.06.06 16:56:36 | 000,061,294 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_open_office.odt.zhzi

[2012.06.06 16:56:36 | 000,058,097 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad2.odt.wyyw

[2012.06.06 16:56:36 | 000,030,536 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina3.odt.puap

[2012.06.06 16:56:36 | 000,028,769 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Europa-SK.odt.eelu

[2012.06.06 16:56:36 | 000,018,784 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina.odt.kyfk

[2012.06.06 16:56:36 | 000,010,732 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina2.odt.ppyf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung.odt.pcmf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung - Kopie.odt.cyyc

[2012.06.06 16:56:36 | 000,007,192 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad.odt.qqjt

[2012.06.06 16:56:36 | 000,007,183 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-Ernährung.odt.vvua

[2012.06.06 16:56:36 | 000,002,803 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule.rtf.kywk

[2012.06.06 16:56:36 | 000,002,130 | ---- | M] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.06.06 16:56:36 | 000,001,248 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.06.06 16:56:35 | 000,023,040 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht.dot.xxtn

[2012.06.06 16:56:35 | 000,021,519 | ---- | M] () -- C:\Users\Philipp\Documents\locked-bundesvverfassungsgericht.odt.ftof

[2012.06.06 16:56:35 | 000,021,450 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_ohne_Lösungen.odt.ugeu

[2012.06.06 16:56:35 | 000,021,210 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_mit_Lösungen.odt.cwkc

[2012.06.06 16:56:35 | 000,021,077 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Die_Vermessung_der_Welt_Stilmittel.odt.yycy

[2012.06.06 16:56:34 | 028,906,460 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scotch - Samstag 2 (Nachgetreten) live @ Fahrenheit100 08.10.2011.avi.fonf

[2012.06.06 16:56:34 | 001,553,208 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-softonic_ggl_1.5.11.5.exe.nodq

[2012.06.06 16:56:34 | 000,507,904 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-video_converter.exe.zrrh

[2012.06.06 16:56:34 | 000,299,892 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20 x 25 cm (1).pdf.xtot

[2012.06.06 16:56:34 | 000,204,283 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-SX_110_Reflex_Active_c_h_509d.pdf.urel

[2012.06.06 16:56:34 | 000,045,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvss.png.fmyf

[2012.06.06 16:56:34 | 000,044,730 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvssd.png.lbnl

[2012.06.06 16:56:34 | 000,030,991 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xvvbdf.png.ppgl

[2012.06.06 16:56:34 | 000,027,502 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20120811_BAEHR_7FLAWP.pdf.nlhn

[2012.06.06 16:56:34 | 000,006,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Stchpunkte.odt.palg

[2012.06.06 16:56:34 | 000,000,984 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xetudebo.dlc.xxno

[2012.06.06 16:56:34 | 000,000,109 | ---- | M] () -- C:\Users\Philipp\Documents\locked-.~lock.Europa-SK.odt#.ffdx

[2012.06.06 16:56:33 | 000,009,928 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scheinheilig.odt.cfyy

[2012.06.06 16:56:32 | 081,683,527 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-KWaJZ-WathThr.rar.nxqj

[2012.06.06 16:56:32 | 025,315,962 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.avi.xnxt

[2012.06.06 16:56:32 | 013,644,588 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.mp4.otxq

[2012.06.06 16:56:32 | 001,328,939 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-NationalHarvestGuide.pdf.slsb

[2012.06.06 16:56:32 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Minecraft.exe.ywwk

[2012.06.06 16:56:32 | 000,131,349 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-kfz_unfallbericht.pdf.lpuv

[2012.06.06 16:56:32 | 000,078,401 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Lebenslauf.pdf.cmyk

[2012.06.06 16:56:32 | 000,064,303 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Deckblatt.pdf.ppul

[2012.06.06 16:56:32 | 000,013,903 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Bewerbung.pdf.kpcy

[2012.06.06 16:56:32 | 000,011,619 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nic-Nico.rar.jxqd

[2012.06.06 16:55:31 | 733,894,656 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-crcl-new.moon.xvid.avi.hhnr

[2012.06.06 16:55:31 | 003,193,666 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-cdrtfe-1.3.9.zip.lgel

[2012.06.06 16:55:31 | 002,110,084 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-facharbeiten.pdf.wwym

[2012.06.06 16:55:31 | 000,986,872 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-FreemakeVideoDownloaderSetup.exe.lrev

[2012.06.06 16:55:31 | 000,305,380 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Dok133.odt.ykyc

[2012.06.06 16:55:31 | 000,278,243 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.pdf.pymp

[2012.06.06 16:55:31 | 000,020,441 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-d vortrag 6.2.odt.reuv

[2012.06.06 16:55:31 | 000,016,412 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-dynamo dresden mein verein.odt.uleu

[2012.06.06 16:55:31 | 000,010,272 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung.odt.btno

[2012.06.06 16:55:31 | 000,009,905 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.odt.rrbi

[2012.06.06 16:55:31 | 000,009,031 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Die Presse.odt.ccyp

[2012.06.06 16:55:31 | 000,007,274 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-eng.odt.wmyf

[2012.06.06 16:55:31 | 000,005,572 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hangover.2.DVDRiP.LD.German.XViD-ExPERT-9lcoatlnw7r4.dlc.nnof

[2012.06.06 16:55:31 | 000,004,827 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hallo Herr Dietze.odt.cypm

[2012.06.06 16:55:29 | 132,632,576 | ---- | M] () -- C:\Users\Philipp\locked-DBFahrplaninfo.exe.glpg

[2012.06.06 16:55:29 | 000,043,679 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvmb.png.eulr

[2012.06.06 16:55:29 | 000,041,458 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvm.png.kkyf

[2012.06.06 16:55:29 | 000,008,312 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Ausbau des Armaturenbrettes beim Swift.pdf.pvul

[2012.06.06 16:55:28 | 000,447,636 | ---- | M] () -- C:\Users\Philipp\locked-BWL-Phillip2.pdf.mmpc

[2012.06.06 16:54:51 | 000,001,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2012.06.06 16:54:41 | 000,007,859 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2012.06.06 16:54:27 | 000,099,384 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2012.06.06 16:54:23 | 000,306,688 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2012.06.06 16:54:23 | 000,230,400 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.06.06 16:54:00 | 000,007,601 | ---- | M] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.14 17:19:06 | 000,000,193 | ---- | C] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.13 14:17:21 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.07 14:48:18 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 22:13:03 | 000,007,604 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.06 18:30:30 | 001,070,732 | ---- | C] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 17:35:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.03 20:46:53 | 000,002,130 | ---- | C] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.05.23 16:30:40 | 000,007,601 | ---- | C] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[2012.05.21 20:32:53 | 000,001,248 | ---- | C] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.05.18 13:30:19 | 000,230,400 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.04.09 22:15:03 | 000,306,688 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2011.11.09 21:41:16 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.09 21:41:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.10.21 21:26:25 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.10.21 21:26:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.10.21 21:16:38 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2011.10.21 21:16:38 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2011.10.21 21:16:38 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf

[2011.10.21 20:59:05 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.21 20:31:47 | 000,001,057 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2011.10.06 17:51:15 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.06.08 16:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.03.26 19:11:33 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.22 00:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2010.12.21 23:52:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

 
 ========== LOP Check ==========

 

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.03.25 09:09:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.15 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2011.10.17 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2012.04.03 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Help

[2012.04.06 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities

[2011.03.22 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs

[2012.05.18 13:15:17 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft

[2011.04.23 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2011.03.22 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nero

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2011.04.06 17:57:29 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM

[2012.06.13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.06.06 16:54:10 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\.minecraft\Minecraft.exe

[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Außerdem gab es noch eine Textdatei namens Extras.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = http://ecosia.org/search.php?q={searchTerms}&addon=opensearch

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com

[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com

[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi

[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz

[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy

O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found

[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

:Files

C:\Program Files (x86)\Common Files\Spigot

C:\Program Files (x86)\Application Updater

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Service Application Updater stopped successfully!

Service Application Updater deleted successfully!

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED903E4-F547-47C2-9B58-27034939F97E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ not found.

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.

C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll moved successfully.

HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED903E4-F547-47C2-9B58-27034939F97E}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1459C2E-C7D8-465B-996C-026655FAAC19}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD5E67FA-532A-4AC9-95E2-80606420E225}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ not found.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\defaults\preferences folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\defaults folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com folder moved successfully.

C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi moved successfully.

C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz moved successfully.

C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08337871-0e50-4031-9110-3bd21ca3c065}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

C:\Program Files (x86)\vShare\vshare_toolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.

File C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.

C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.

File C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.

C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.

File H:\Windows\CHECK\DriveNavigator.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.

File F:\raf-gta_tt.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\0ZL5KpKbdq59PFw\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\16EDDDE9\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ALYQ3CgTRBSYLwE\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\d31ybB8YFv9cUxg\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Izbyikudur\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\lmfvMDBr3jNvGGM\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SkypeM\ not found.

C:\Users\Philipp\AppData\Roaming\Mwkcykwyy folder moved successfully.

C:\Users\Philipp\AppData\Roaming\Babylon folder moved successfully.

C:\Users\Philipp\AppData\Roaming\Bandoo folder moved successfully.

========== FILES ==========

C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot folder moved successfully.

C:\Program Files (x86)\Application Updater folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Philipp

->Temp folder emptied: 1670131914 bytes

->Temporary Internet Files folder emptied: 4512042325 bytes

->Java cache emptied: 485058 bytes

->FireFox cache emptied: 90274582 bytes

->Google Chrome cache emptied: 319715081 bytes

->Flash cache emptied: 57032 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 119512783 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes

RecycleBin emptied: 1150298 bytes

 

Total Files Cleaned = 6.402,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Philipp

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.49.0 log created on 06182012_231220
 

Files\Folders moved on Reboot...

C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

gemacht!

Code:

13:57:16.0120 8660        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

13:57:16.0250 8660        ============================================================

13:57:16.0250 8660        Current date / time: 2012/06/19 13:57:16.0250

13:57:16.0250 8660        SystemInfo:

13:57:16.0250 8660        

13:57:16.0250 8660        OS Version: 6.1.7601 ServicePack: 1.0

13:57:16.0250 8660        Product type: Workstation

13:57:16.0250 8660        ComputerName: HUBI

13:57:16.0250 8660        UserName: Philipp

13:57:16.0250 8660        Windows directory: C:\Windows

13:57:16.0250 8660        System windows directory: C:\Windows

13:57:16.0250 8660        Running under WOW64

13:57:16.0250 8660        Processor architecture: Intel x64

13:57:16.0250 8660        Number of processors: 2

13:57:16.0250 8660        Page size: 0x1000

13:57:16.0250 8660        Boot type: Normal boot

13:57:16.0250 8660        ============================================================

13:57:17.0020 8660        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:57:17.0030 8660        ============================================================

13:57:17.0030 8660        \Device\Harddisk0\DR0:

13:57:17.0030 8660        MBR partitions:

13:57:17.0030 8660        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000

13:57:17.0030 8660        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000

13:57:17.0030 8660        ============================================================

13:57:17.0050 8660        C: <-> \Device\Harddisk0\DR0\Partition0

13:57:17.0080 8660        D: <-> \Device\Harddisk0\DR0\Partition1

13:57:17.0080 8660        ============================================================

13:57:17.0080 8660        Initialize success

13:57:17.0080 8660        ============================================================

13:58:55.0202 7944        ============================================================

13:58:55.0202 7944        Scan started

13:58:55.0202 7944        Mode: Manual; SigCheck; TDLFS; 

13:58:55.0202 7944        ============================================================

13:58:56.0792 7944        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:58:56.0872 7944        1394ohci - ok

13:58:56.0942 7944        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:58:56.0962 7944        ACPI - ok

13:58:56.0992 7944        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:58:57.0032 7944        AcpiPmi - ok

13:58:57.0132 7944        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:58:57.0142 7944        AdobeARMservice - ok

13:58:57.0322 7944        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:58:57.0332 7944        AdobeFlashPlayerUpdateSvc - ok

13:58:57.0392 7944        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:58:57.0422 7944        adp94xx - ok

13:58:57.0452 7944        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:58:57.0472 7944        adpahci - ok

13:58:57.0492 7944        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:58:57.0512 7944        adpu320 - ok

13:58:57.0542 7944        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:58:57.0602 7944        AeLookupSvc - ok

13:58:57.0692 7944        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:58:57.0742 7944        AFD - ok

13:58:57.0772 7944        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:58:57.0792 7944        agp440 - ok

13:58:57.0832 7944        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:58:57.0892 7944        ALG - ok

13:58:57.0912 7944        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:58:57.0922 7944        aliide - ok

13:58:57.0972 7944        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:58:57.0982 7944        amdide - ok

13:58:58.0002 7944        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:58:58.0052 7944        AmdK8 - ok

13:58:58.0052 7944        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:58:58.0102 7944        AmdPPM - ok

13:58:58.0142 7944        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:58:58.0152 7944        amdsata - ok

13:58:58.0212 7944        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:58:58.0232 7944        amdsbs - ok

13:58:58.0252 7944        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:58:58.0262 7944        amdxata - ok

13:58:58.0392 7944        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

13:58:58.0402 7944        AntiVirSchedulerService - ok

13:58:58.0462 7944        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

13:58:58.0472 7944        AntiVirService - ok

13:58:58.0522 7944        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:58:58.0582 7944        AppID - ok

13:58:58.0622 7944        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:58:58.0692 7944        AppIDSvc - ok

13:58:58.0742 7944        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:58:58.0782 7944        Appinfo - ok

13:58:58.0802 7944        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:58:58.0822 7944        arc - ok

13:58:58.0832 7944        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:58:58.0842 7944        arcsas - ok

13:58:58.0882 7944        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:58:58.0942 7944        AsyncMac - ok

13:58:59.0012 7944        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:58:59.0032 7944        atapi - ok

13:58:59.0132 7944        athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys

13:58:59.0192 7944        athr - ok

13:58:59.0352 7944        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:58:59.0412 7944        AudioEndpointBuilder - ok

13:58:59.0432 7944        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:58:59.0482 7944        AudioSrv - ok

13:58:59.0562 7944        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

13:58:59.0582 7944        avgntflt - ok

13:58:59.0632 7944        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

13:58:59.0642 7944        avipbb - ok

13:58:59.0672 7944        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

13:58:59.0682 7944        avkmgr - ok

13:58:59.0722 7944        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:58:59.0752 7944        AxInstSV - ok

13:58:59.0812 7944        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:58:59.0862 7944        b06bdrv - ok

13:58:59.0892 7944        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:58:59.0922 7944        b57nd60a - ok

13:58:59.0972 7944        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:59:00.0022 7944        BDESVC - ok

13:59:00.0052 7944        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:59:00.0112 7944        Beep - ok

13:59:00.0192 7944        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:59:00.0242 7944        BFE - ok

13:59:00.0332 7944        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

13:59:00.0402 7944        BITS - ok

13:59:00.0454 7944        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:59:00.0484 7944        blbdrive - ok

13:59:00.0524 7944        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:59:00.0554 7944        bowser - ok

13:59:00.0574 7944        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:59:00.0604 7944        BrFiltLo - ok

13:59:00.0624 7944        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:59:00.0654 7944        BrFiltUp - ok

13:59:00.0714 7944        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:59:00.0764 7944        Browser - ok

13:59:00.0814 7944        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:59:00.0864 7944        Brserid - ok

13:59:00.0884 7944        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:59:00.0904 7944        BrSerWdm - ok

13:59:00.0924 7944        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:59:00.0954 7944        BrUsbMdm - ok

13:59:00.0994 7944        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:59:01.0024 7944        BrUsbSer - ok

13:59:01.0054 7944        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:59:01.0084 7944        BTHMODEM - ok

13:59:01.0114 7944        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:59:01.0164 7944        bthserv - ok

13:59:01.0214 7944        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:59:01.0254 7944        cdfs - ok

13:59:01.0314 7944        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:59:01.0344 7944        cdrom - ok

13:59:01.0374 7944        CeKbFilter      (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys

13:59:01.0384 7944        CeKbFilter - ok

13:59:01.0434 7944        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:59:01.0504 7944        CertPropSvc - ok

13:59:01.0634 7944        cfWiMAXService  (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

13:59:01.0644 7944        cfWiMAXService - ok

13:59:01.0664 7944        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:59:01.0704 7944        circlass - ok

13:59:01.0764 7944        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:59:01.0784 7944        CLFS - ok

13:59:01.0874 7944        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:59:01.0894 7944        clr_optimization_v2.0.50727_32 - ok

13:59:01.0914 7944        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:59:01.0924 7944        clr_optimization_v2.0.50727_64 - ok

13:59:02.0004 7944        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:59:02.0064 7944        clr_optimization_v4.0.30319_32 - ok

13:59:02.0104 7944        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:59:02.0114 7944        clr_optimization_v4.0.30319_64 - ok

13:59:02.0154 7944        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:59:02.0184 7944        CmBatt - ok

13:59:02.0204 7944        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:59:02.0224 7944        cmdide - ok

13:59:02.0284 7944        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:59:02.0314 7944        CNG - ok

13:59:02.0354 7944        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:59:02.0364 7944        Compbatt - ok

13:59:02.0414 7944        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:59:02.0434 7944        CompositeBus - ok

13:59:02.0444 7944        COMSysApp - ok

13:59:02.0554 7944        ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

13:59:02.0564 7944        ConfigFree Service - ok

13:59:02.0584 7944        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:59:02.0604 7944        crcdisk - ok

13:59:02.0654 7944        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

13:59:02.0684 7944        CryptSvc - ok

13:59:02.0834 7944        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

13:59:02.0864 7944        cvhsvc - ok

13:59:02.0934 7944        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:59:02.0994 7944        DcomLaunch - ok

13:59:03.0044 7944        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:59:03.0104 7944        defragsvc - ok

13:59:03.0194 7944        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:59:03.0244 7944        DfsC - ok

13:59:03.0304 7944        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:59:03.0354 7944        Dhcp - ok

13:59:03.0394 7944        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:59:03.0434 7944        discache - ok

13:59:03.0464 7944        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:59:03.0474 7944        Disk - ok

13:59:03.0504 7944        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:59:03.0544 7944        Dnscache - ok

13:59:03.0584 7944        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:59:03.0644 7944        dot3svc - ok

13:59:03.0664 7944        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:59:03.0724 7944        DPS - ok

13:59:03.0764 7944        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:59:03.0774 7944        drmkaud - ok

13:59:03.0824 7944        dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:59:03.0844 7944        dtsoftbus01 - ok

13:59:03.0944 7944        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:59:03.0974 7944        DXGKrnl - ok

13:59:04.0004 7944        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:59:04.0064 7944        EapHost - ok

13:59:04.0294 7944        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:59:04.0374 7944        ebdrv - ok

13:59:04.0494 7944        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:59:04.0524 7944        EFS - ok

13:59:04.0684 7944        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:59:04.0754 7944        ehRecvr - ok

13:59:04.0784 7944        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:59:04.0814 7944        ehSched - ok

13:59:04.0894 7944        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:59:04.0914 7944        elxstor - ok

13:59:04.0984 7944        EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

13:59:05.0034 7944        EPSON_EB_RPCV4_04 - ok

13:59:05.0054 7944        EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

13:59:05.0074 7944        EPSON_PM_RPCV4_04 - ok

13:59:05.0114 7944        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:59:05.0144 7944        ErrDev - ok

13:59:05.0204 7944        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:59:05.0264 7944        EventSystem - ok

13:59:05.0304 7944        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:59:05.0364 7944        exfat - ok

13:59:05.0394 7944        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:59:05.0464 7944        fastfat - ok

13:59:05.0554 7944        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:59:05.0594 7944        Fax - ok

13:59:05.0624 7944        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:59:05.0644 7944        fdc - ok

13:59:05.0674 7944        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:59:05.0734 7944        fdPHost - ok

13:59:05.0774 7944        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:59:05.0824 7944        FDResPub - ok

13:59:05.0874 7944        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:59:05.0884 7944        FileInfo - ok

13:59:05.0904 7944        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:59:05.0964 7944        Filetrace - ok

13:59:06.0004 7944        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:59:06.0034 7944        flpydisk - ok

13:59:06.0094 7944        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:59:06.0114 7944        FltMgr - ok

13:59:06.0224 7944        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:59:06.0274 7944        FontCache - ok

13:59:06.0334 7944        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:59:06.0344 7944        FontCache3.0.0.0 - ok

13:59:06.0454 7944        Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

13:59:06.0474 7944        Freemake Improver ( UnsignedFile.Multi.Generic ) - warning

13:59:06.0474 7944        Freemake Improver - detected UnsignedFile.Multi.Generic (1)

13:59:06.0524 7944        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:59:06.0544 7944        FsDepends - ok

13:59:06.0594 7944        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:59:06.0604 7944        Fs_Rec - ok

13:59:06.0664 7944        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:59:06.0684 7944        fvevol - ok

13:59:06.0694 7944        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:59:06.0714 7944        gagp30kx - ok

13:59:06.0794 7944        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:59:06.0854 7944        gpsvc - ok

13:59:06.0884 7944        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:59:06.0904 7944        hcw85cir - ok

13:59:06.0964 7944        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:59:07.0004 7944        HdAudAddService - ok

13:59:07.0034 7944        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:59:07.0064 7944        HDAudBus - ok

13:59:07.0124 7944        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

13:59:07.0134 7944        HECIx64 - ok

13:59:07.0164 7944        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:59:07.0184 7944        HidBatt - ok

13:59:07.0214 7944        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:59:07.0244 7944        HidBth - ok

13:59:07.0264 7944        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:59:07.0294 7944        HidIr - ok

13:59:07.0334 7944        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:59:07.0404 7944        hidserv - ok

13:59:07.0454 7944        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:59:07.0474 7944        HidUsb - ok

13:59:07.0524 7944        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:59:07.0584 7944        hkmsvc - ok

13:59:07.0634 7944        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:59:07.0664 7944        HomeGroupListener - ok

13:59:07.0714 7944        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:59:07.0744 7944        HomeGroupProvider - ok

13:59:07.0784 7944        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:59:07.0794 7944        HpSAMD - ok

13:59:07.0904 7944        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:59:07.0974 7944        HTTP - ok

13:59:08.0034 7944        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:59:08.0044 7944        hwpolicy - ok

13:59:08.0094 7944        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:59:08.0104 7944        i8042prt - ok

13:59:08.0174 7944        iaStor          (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys

13:59:08.0194 7944        iaStor - ok

13:59:08.0254 7944        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:59:08.0274 7944        iaStorV - ok

13:59:08.0404 7944        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:59:08.0434 7944        idsvc - ok

13:59:09.0134 7944        igfx            (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys

13:59:09.0404 7944        igfx - ok

13:59:09.0524 7944        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:59:09.0534 7944        iirsp - ok

13:59:09.0624 7944        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:59:09.0694 7944        IKEEXT - ok

13:59:09.0754 7944        Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys

13:59:09.0784 7944        Impcd - ok

13:59:10.0014 7944        IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys

13:59:10.0074 7944        IntcAzAudAddService - ok

13:59:10.0214 7944        IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

13:59:10.0244 7944        IntcDAud - ok

13:59:10.0294 7944        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:59:10.0314 7944        intelide - ok

13:59:10.0354 7944        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:59:10.0384 7944        intelppm - ok

13:59:10.0414 7944        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:59:10.0474 7944        IPBusEnum - ok

13:59:10.0514 7944        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:59:10.0574 7944        IpFilterDriver - ok

13:59:10.0634 7944        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:59:10.0694 7944        iphlpsvc - ok

13:59:10.0734 7944        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:59:10.0764 7944        IPMIDRV - ok

13:59:10.0804 7944        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:59:10.0864 7944        IPNAT - ok

13:59:10.0884 7944        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:59:10.0914 7944        IRENUM - ok

13:59:10.0964 7944        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:59:10.0974 7944        isapnp - ok

13:59:11.0004 7944        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:59:11.0024 7944        iScsiPrt - ok

13:59:11.0054 7944        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:59:11.0074 7944        kbdclass - ok

13:59:11.0094 7944        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:59:11.0114 7944        kbdhid - ok

13:59:11.0154 7944        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:11.0164 7944        KeyIso - ok

13:59:11.0184 7944        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:59:11.0194 7944        KSecDD - ok

13:59:11.0244 7944        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:59:11.0264 7944        KSecPkg - ok

13:59:11.0294 7944        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:59:11.0354 7944        ksthunk - ok

13:59:11.0404 7944        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:59:11.0474 7944        KtmRm - ok

13:59:11.0534 7944        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

13:59:11.0594 7944        LanmanServer - ok

13:59:11.0634 7944        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:59:11.0694 7944        LanmanWorkstation - ok

13:59:11.0744 7944        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:59:11.0794 7944        lltdio - ok

13:59:11.0844 7944        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:59:11.0904 7944        lltdsvc - ok

13:59:11.0924 7944        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:59:11.0964 7944        lmhosts - ok

13:59:12.0034 7944        LMS             (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

13:59:12.0044 7944        LMS - ok

13:59:12.0074 7944        LPCFilter       (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys

13:59:12.0084 7944        LPCFilter - ok

13:59:12.0114 7944        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:59:12.0124 7944        LSI_FC - ok

13:59:12.0144 7944        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:59:12.0154 7944        LSI_SAS - ok

13:59:12.0164 7944        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:59:12.0174 7944        LSI_SAS2 - ok

13:59:12.0194 7944        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:59:12.0204 7944        LSI_SCSI - ok

13:59:12.0234 7944        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:59:12.0284 7944        luafv - ok

13:59:12.0344 7944        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:59:12.0354 7944        MBAMProtector - ok

13:59:12.0514 7944        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:59:12.0534 7944        MBAMService - ok

13:59:12.0584 7944        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:59:12.0614 7944        Mcx2Svc - ok

13:59:12.0634 7944        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:59:12.0644 7944        megasas - ok

13:59:12.0744 7944        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:59:12.0754 7944        MegaSR - ok

13:59:12.0784 7944        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:59:12.0844 7944        MMCSS - ok

13:59:12.0864 7944        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:59:12.0914 7944        Modem - ok

13:59:12.0974 7944        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:59:13.0004 7944        monitor - ok

13:59:13.0064 7944        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:59:13.0074 7944        mouclass - ok

13:59:13.0074 7944        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:59:13.0114 7944        mouhid - ok

13:59:13.0144 7944        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:59:13.0154 7944        mountmgr - ok

13:59:13.0194 7944        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:59:13.0204 7944        mpio - ok

13:59:13.0244 7944        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:59:13.0304 7944        mpsdrv - ok

13:59:13.0394 7944        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:59:13.0464 7944        MpsSvc - ok

13:59:13.0514 7944        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:59:13.0544 7944        MRxDAV - ok

13:59:13.0614 7944        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:59:13.0644 7944        mrxsmb - ok

13:59:13.0724 7944        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:59:13.0754 7944        mrxsmb10 - ok

13:59:13.0814 7944        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:59:13.0824 7944        mrxsmb20 - ok

13:59:13.0824 7944        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:59:13.0844 7944        msahci - ok

13:59:13.0874 7944        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:59:13.0884 7944        msdsm - ok

13:59:13.0914 7944        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:59:13.0954 7944        MSDTC - ok

13:59:13.0994 7944        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:59:14.0034 7944        Msfs - ok

13:59:14.0044 7944        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:59:14.0104 7944        mshidkmdf - ok

13:59:14.0124 7944        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:59:14.0134 7944        msisadrv - ok

13:59:14.0164 7944        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:59:14.0224 7944        MSiSCSI - ok

13:59:14.0224 7944        msiserver - ok

13:59:14.0234 7944        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:59:14.0284 7944        MSKSSRV - ok

13:59:14.0324 7944        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:59:14.0374 7944        MSPCLOCK - ok

13:59:14.0374 7944        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:59:14.0424 7944        MSPQM - ok

13:59:14.0484 7944        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:59:14.0504 7944        MsRPC - ok

13:59:14.0554 7944        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:59:14.0564 7944        mssmbios - ok

13:59:14.0574 7944        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:59:14.0634 7944        MSTEE - ok

13:59:14.0654 7944        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:59:14.0684 7944        MTConfig - ok

13:59:14.0724 7944        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:59:14.0734 7944        Mup - ok

13:59:14.0804 7944        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:59:14.0864 7944        napagent - ok

13:59:14.0904 7944        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:59:14.0934 7944        NativeWifiP - ok

13:59:15.0044 7944        NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) c:\Program Files (x86)\Nero\Update\NASvc.exe

13:59:15.0054 7944        NAUpdate - ok

13:59:15.0154 7944        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:59:15.0184 7944        NDIS - ok

13:59:15.0214 7944        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:59:15.0274 7944        NdisCap - ok

13:59:15.0304 7944        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:59:15.0344 7944        NdisTapi - ok

13:59:15.0394 7944        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:59:15.0434 7944        Ndisuio - ok

13:59:15.0464 7944        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:59:15.0514 7944        NdisWan - ok

13:59:15.0554 7944        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:59:15.0614 7944        NDProxy - ok

13:59:15.0634 7944        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:59:15.0684 7944        NetBIOS - ok

13:59:15.0764 7944        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:59:15.0814 7944        NetBT - ok

13:59:15.0864 7944        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:15.0874 7944        Netlogon - ok

13:59:15.0924 7944        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:59:15.0984 7944        Netman - ok

13:59:16.0034 7944        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:59:16.0104 7944        netprofm - ok

13:59:16.0154 7944        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:59:16.0164 7944        NetTcpPortSharing - ok

13:59:16.0194 7944        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:59:16.0214 7944        nfrd960 - ok

13:59:16.0284 7944        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:59:16.0334 7944        NlaSvc - ok

13:59:16.0384 7944        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:59:16.0424 7944        Npfs - ok

13:59:16.0444 7944        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:59:16.0494 7944        nsi - ok

13:59:16.0504 7944        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:59:16.0564 7944        nsiproxy - ok

13:59:16.0704 7944        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:59:16.0774 7944        Ntfs - ok

13:59:16.0864 7944        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:59:16.0924 7944        Null - ok

13:59:16.0954 7944        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:59:16.0974 7944        nvraid - ok

13:59:17.0004 7944        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:59:17.0014 7944        nvstor - ok

13:59:17.0054 7944        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:59:17.0064 7944        nv_agp - ok

13:59:17.0104 7944        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:59:17.0124 7944        ohci1394 - ok

13:59:17.0204 7944        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:59:17.0214 7944        ose - ok

13:59:17.0574 7944        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:59:17.0694 7944        osppsvc - ok

13:59:17.0794 7944        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:59:17.0844 7944        p2pimsvc - ok

13:59:17.0884 7944        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:59:17.0914 7944        p2psvc - ok

13:59:17.0964 7944        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:59:17.0974 7944        Parport - ok

13:59:18.0014 7944        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:59:18.0024 7944        partmgr - ok

13:59:18.0074 7944        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:59:18.0114 7944        PcaSvc - ok

13:59:18.0174 7944        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:59:18.0194 7944        pci - ok

13:59:18.0194 7944        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:59:18.0204 7944        pciide - ok

13:59:18.0244 7944        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:59:18.0254 7944        pcmcia - ok

13:59:18.0264 7944        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:59:18.0274 7944        pcw - ok

13:59:18.0334 7944        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:59:18.0404 7944        PEAUTH - ok

13:59:18.0484 7944        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:59:18.0514 7944        PerfHost - ok

13:59:18.0584 7944        PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys

13:59:18.0594 7944        PGEffect - ok

13:59:18.0724 7944        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:59:18.0804 7944        pla - ok

13:59:18.0844 7944        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:59:18.0864 7944        PlugPlay - ok

13:59:18.0884 7944        PnkBstrA - ok

13:59:18.0914 7944        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:59:18.0944 7944        PNRPAutoReg - ok

13:59:18.0974 7944        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:59:18.0994 7944        PNRPsvc - ok

13:59:19.0064 7944        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:59:19.0134 7944        PolicyAgent - ok

13:59:19.0174 7944        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:59:19.0224 7944        Power - ok

13:59:19.0294 7944        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:59:19.0354 7944        PptpMiniport - ok

13:59:19.0394 7944        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:59:19.0414 7944        Processor - ok

13:59:19.0454 7944        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

13:59:19.0484 7944        ProfSvc - ok

13:59:19.0514 7944        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:19.0534 7944        ProtectedStorage - ok

13:59:19.0584 7944        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:59:19.0644 7944        Psched - ok

13:59:19.0764 7944        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:59:19.0804 7944        ql2300 - ok

13:59:19.0924 7944        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:59:19.0934 7944        ql40xx - ok

13:59:19.0974 7944        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:59:20.0014 7944        QWAVE - ok

13:59:20.0024 7944        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:59:20.0064 7944        QWAVEdrv - ok

13:59:20.0084 7944        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:59:20.0144 7944        RasAcd - ok

13:59:20.0184 7944        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:59:20.0234 7944        RasAgileVpn - ok

13:59:20.0254 7944        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:59:20.0304 7944        RasAuto - ok

13:59:20.0324 7944        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:59:20.0384 7944        Rasl2tp - ok

13:59:20.0434 7944        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:59:20.0494 7944        RasMan - ok

13:59:20.0504 7944        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:59:20.0544 7944        RasPppoe - ok

13:59:20.0564 7944        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:59:20.0614 7944        RasSstp - ok

13:59:20.0724 7944        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:59:20.0784 7944        rdbss - ok

13:59:20.0804 7944        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:59:20.0834 7944        rdpbus - ok

13:59:20.0864 7944        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:59:20.0914 7944        RDPCDD - ok

13:59:20.0934 7944        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:59:20.0994 7944        RDPENCDD - ok

13:59:21.0014 7944        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:59:21.0054 7944        RDPREFMP - ok

13:59:21.0104 7944        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

13:59:21.0134 7944        RDPWD - ok

13:59:21.0184 7944        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:59:21.0194 7944        rdyboost - ok

13:59:21.0224 7944        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:59:21.0274 7944        RemoteAccess - ok

13:59:21.0304 7944        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:59:21.0364 7944        RemoteRegistry - ok

13:59:21.0384 7944        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:59:21.0434 7944        RpcEptMapper - ok

13:59:21.0454 7944        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:59:21.0484 7944        RpcLocator - ok

13:59:21.0544 7944        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:59:21.0594 7944        RpcSs - ok

13:59:21.0634 7944        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:59:21.0694 7944        rspndr - ok

13:59:21.0744 7944        RSUSBSTOR       (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys

13:59:21.0754 7944        RSUSBSTOR - ok

13:59:21.0794 7944        RTL8167         (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:59:21.0804 7944        RTL8167 - ok

13:59:21.0954 7944        rtl8192se       (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys

13:59:21.0994 7944        rtl8192se - ok

13:59:22.0034 7944        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:22.0044 7944        SamSs - ok

13:59:22.0084 7944        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:59:22.0094 7944        sbp2port - ok

13:59:22.0134 7944        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:59:22.0184 7944        SCardSvr - ok

13:59:22.0224 7944        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:59:22.0274 7944        scfilter - ok

13:59:22.0374 7944        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:59:22.0444 7944        Schedule - ok

13:59:22.0484 7944        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:59:22.0524 7944        SCPolicySvc - ok

13:59:22.0534 7944        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:59:22.0584 7944        SDRSVC - ok

13:59:22.0634 7944        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:59:22.0694 7944        secdrv - ok

13:59:22.0734 7944        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:59:22.0784 7944        seclogon - ok

13:59:22.0814 7944        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:59:22.0874 7944        SENS - ok

13:59:22.0904 7944        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:59:22.0924 7944        SensrSvc - ok

13:59:22.0944 7944        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:59:22.0964 7944        Serenum - ok

13:59:22.0994 7944        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:59:23.0024 7944        Serial - ok

13:59:23.0064 7944        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:59:23.0074 7944        sermouse - ok

13:59:23.0124 7944        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:59:23.0184 7944        SessionEnv - ok

13:59:23.0194 7944        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:59:23.0224 7944        sffdisk - ok

13:59:23.0244 7944        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:59:23.0274 7944        sffp_mmc - ok

13:59:23.0294 7944        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:59:23.0334 7944        sffp_sd - ok

13:59:23.0374 7944        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:59:23.0404 7944        sfloppy - ok

13:59:23.0504 7944        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

13:59:23.0534 7944        Sftfs - ok

13:59:23.0664 7944        sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

13:59:23.0684 7944        sftlist - ok

13:59:23.0714 7944        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

13:59:23.0724 7944        Sftplay - ok

13:59:23.0764 7944        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

13:59:23.0764 7944        Sftredir - ok

13:59:23.0804 7944        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

13:59:23.0814 7944        Sftvol - ok

13:59:23.0864 7944        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

13:59:23.0874 7944        sftvsa - ok

13:59:23.0944 7944        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:59:24.0004 7944        SharedAccess - ok

13:59:24.0054 7944        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:59:24.0114 7944        ShellHWDetection - ok

13:59:24.0144 7944        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:59:24.0154 7944        SiSRaid2 - ok

13:59:24.0184 7944        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:59:24.0194 7944        SiSRaid4 - ok

13:59:24.0234 7944        SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

13:59:24.0254 7944        SkypeUpdate - ok

13:59:24.0274 7944        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:59:24.0324 7944        Smb - ok

13:59:24.0364 7944        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:59:24.0384 7944        SNMPTRAP - ok

13:59:24.0414 7944        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:59:24.0424 7944        spldr - ok

13:59:24.0494 7944        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:59:24.0544 7944        Spooler - ok

13:59:24.0804 7944        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:59:24.0914 7944        sppsvc - ok

13:59:25.0034 7944        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:59:25.0084 7944        sppuinotify - ok

13:59:25.0154 7944        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:59:25.0184 7944        srv - ok

13:59:25.0254 7944        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:59:25.0284 7944        srv2 - ok

13:59:25.0324 7944        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:59:25.0364 7944        srvnet - ok

13:59:25.0394 7944        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:59:25.0444 7944        SSDPSRV - ok

13:59:25.0464 7944        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:59:25.0504 7944        SstpSvc - ok

13:59:25.0534 7944        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:59:25.0544 7944        stexstor - ok

13:59:25.0634 7944        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:59:25.0674 7944        stisvc - ok

13:59:25.0714 7944        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:59:25.0724 7944        swenum - ok

13:59:25.0794 7944        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:59:25.0844 7944        swprv - ok

13:59:25.0894 7944        SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys

13:59:25.0914 7944        SynTP - ok

13:59:26.0064 7944        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:59:26.0134 7944        SysMain - ok

13:59:26.0234 7944        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:59:26.0264 7944        TabletInputService - ok

13:59:26.0284 7944        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:59:26.0344 7944        TapiSrv - ok

13:59:26.0374 7944        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:59:26.0444 7944        TBS - ok

13:59:26.0604 7944        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:59:26.0654 7944        Tcpip - ok

13:59:26.0894 7944        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:59:26.0934 7944        TCPIP6 - ok

13:59:27.0084 7944        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:59:27.0154 7944        tcpipreg - ok

13:59:27.0204 7944        tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

13:59:27.0214 7944        tdcmdpst - ok

13:59:27.0244 7944        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:59:27.0274 7944        TDPIPE - ok

13:59:27.0314 7944        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:59:27.0334 7944        TDTCP - ok

13:59:27.0374 7944        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:59:27.0434 7944        tdx - ok

13:59:27.0524 7944        TemproMonitoringService (40e154b3125e17ce6f2afad57afcfeb2) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

13:59:27.0534 7944        TemproMonitoringService - ok

13:59:27.0584 7944        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:59:27.0604 7944        TermDD - ok

13:59:27.0684 7944        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:59:27.0754 7944        TermService - ok

13:59:27.0784 7944        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:59:27.0804 7944        Themes - ok

13:59:27.0834 7944        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:59:27.0874 7944        THREADORDER - ok

13:59:27.0974 7944        TMachInfo       (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

13:59:27.0984 7944        TMachInfo - ok

13:59:28.0024 7944        TODDSrv         (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

13:59:28.0034 7944        TODDSrv - ok

13:59:28.0144 7944        TosCoSrv        (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

13:59:28.0164 7944        TosCoSrv - ok

13:59:28.0214 7944        TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe

13:59:28.0234 7944        TOSHIBA eco Utility Service - ok

13:59:28.0284 7944        TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

13:59:28.0294 7944        TOSHIBA HDD SSD Alert Service - ok

13:59:28.0374 7944        TPCHSrv         (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

13:59:28.0404 7944        TPCHSrv - ok

13:59:28.0494 7944        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:59:28.0564 7944        TrkWks - ok

13:59:28.0636 7944        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:59:28.0686 7944        TrustedInstaller - ok

13:59:28.0776 7944        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:59:28.0826 7944        tssecsrv - ok

13:59:28.0896 7944        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:59:28.0946 7944        TsUsbFlt - ok

13:59:29.0166 7944        TuneUp.UtilitiesSvc (ee1bd87c9f470945d41f54585dbc989a) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

13:59:29.0216 7944        TuneUp.UtilitiesSvc - ok

13:59:29.0296 7944        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

13:59:29.0306 7944        TuneUpUtilitiesDrv - ok

13:59:29.0416 7944        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:59:29.0476 7944        tunnel - ok

13:59:29.0526 7944        TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

13:59:29.0536 7944        TVALZ - ok

13:59:29.0576 7944        TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys

13:59:29.0586 7944        TVALZFL - ok

13:59:29.0606 7944        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:59:29.0616 7944        uagp35 - ok

13:59:29.0666 7944        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:59:29.0736 7944        udfs - ok

13:59:29.0756 7944        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:59:29.0776 7944        UI0Detect - ok

13:59:29.0816 7944        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:59:29.0836 7944        uliagpkx - ok

13:59:29.0856 7944        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:59:29.0866 7944        umbus - ok

13:59:29.0896 7944        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:59:29.0926 7944        UmPass - ok

13:59:30.0146 7944        UNS             (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

13:59:30.0186 7944        UNS - ok

13:59:30.0316 7944        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:59:30.0376 7944        upnphost - ok

13:59:30.0446 7944        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

13:59:30.0476 7944        usbaudio - ok

13:59:30.0506 7944        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:59:30.0526 7944        usbccgp - ok

13:59:30.0566 7944        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:59:30.0586 7944        usbcir - ok

13:59:30.0626 7944        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

13:59:30.0656 7944        usbehci - ok

13:59:30.0696 7944        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:59:30.0726 7944        usbhub - ok

13:59:30.0756 7944        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

13:59:30.0786 7944        usbohci - ok

13:59:30.0806 7944        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:59:30.0836 7944        usbprint - ok

13:59:30.0876 7944        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

13:59:30.0886 7944        usbscan - ok

13:59:30.0936 7944        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:59:30.0976 7944        USBSTOR - ok

13:59:31.0006 7944        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:59:31.0036 7944        usbuhci - ok

13:59:31.0076 7944        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

13:59:31.0106 7944        usbvideo - ok

13:59:31.0146 7944        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:59:31.0206 7944        UxSms - ok

13:59:31.0236 7944        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:31.0256 7944        VaultSvc - ok

13:59:31.0266 7944        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:59:31.0276 7944        vdrvroot - ok

13:59:31.0356 7944        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:59:31.0406 7944        vds - ok

13:59:31.0426 7944        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:59:31.0446 7944        vga - ok

13:59:31.0466 7944        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:59:31.0526 7944        VgaSave - ok

13:59:31.0566 7944        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:59:31.0576 7944        vhdmp - ok

13:59:31.0596 7944        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:59:31.0606 7944        viaide - ok

13:59:31.0616 7944        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:59:31.0636 7944        volmgr - ok

13:59:31.0676 7944        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:59:31.0696 7944        volmgrx - ok

13:59:31.0716 7944        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:59:31.0736 7944        volsnap - ok

13:59:31.0766 7944        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:59:31.0786 7944        vsmraid - ok

13:59:31.0916 7944        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:59:31.0996 7944        VSS - ok

13:59:32.0116 7944        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:59:32.0146 7944        vwifibus - ok

13:59:32.0176 7944        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:59:32.0196 7944        vwififlt - ok

13:59:32.0206 7944        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:59:32.0226 7944        vwifimp - ok

13:59:32.0276 7944        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:59:32.0326 7944        W32Time - ok

13:59:32.0336 7944        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:59:32.0366 7944        WacomPen - ok

13:59:32.0386 7944        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:59:32.0436 7944        WANARP - ok

13:59:32.0446 7944        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:59:32.0488 7944        Wanarpv6 - ok

13:59:32.0578 7944        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:59:32.0629 7944        wbengine - ok

13:59:32.0710 7944        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:59:32.0740 7944        WbioSrvc - ok

13:59:32.0790 7944        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:59:32.0830 7944        wcncsvc - ok

13:59:32.0850 7944        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:59:32.0870 7944        WcsPlugInService - ok

13:59:32.0910 7944        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:59:32.0920 7944        Wd - ok

13:59:32.0980 7944        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:59:33.0000 7944        Wdf01000 - ok

13:59:33.0040 7944        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:59:33.0120 7944        WdiServiceHost - ok

13:59:33.0120 7944        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:59:33.0150 7944        WdiSystemHost - ok

13:59:33.0210 7944        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:59:33.0250 7944        WebClient - ok

13:59:33.0300 7944        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:59:33.0360 7944        Wecsvc - ok

13:59:33.0380 7944        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:59:33.0430 7944        wercplsupport - ok

13:59:33.0450 7944        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:59:33.0510 7944        WerSvc - ok

13:59:33.0580 7944        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:59:33.0620 7944        WfpLwf - ok

13:59:33.0640 7944        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:59:33.0660 7944        WIMMount - ok

13:59:33.0700 7944        WinDefend - ok

13:59:33.0700 7944        WinHttpAutoProxySvc - ok

13:59:33.0760 7944        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:59:33.0820 7944        Winmgmt - ok

13:59:34.0000 7944        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:59:34.0070 7944        WinRM - ok

13:59:34.0240 7944        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:59:34.0270 7944        WinUsb - ok

13:59:34.0370 7944        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:59:34.0420 7944        Wlansvc - ok

13:59:34.0490 7944        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:59:34.0500 7944        wlcrasvc - ok

13:59:34.0670 7944        wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:59:34.0730 7944        wlidsvc - ok

13:59:34.0870 7944        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:59:34.0900 7944        WmiAcpi - ok

13:59:34.0950 7944        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:59:34.0990 7944        wmiApSrv - ok

13:59:35.0030 7944        WMPNetworkSvc - ok

13:59:35.0070 7944        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:59:35.0090 7944        WPCSvc - ok

13:59:35.0140 7944        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:59:35.0180 7944        WPDBusEnum - ok

13:59:35.0200 7944        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:59:35.0240 7944        ws2ifsl - ok

13:59:35.0270 7944        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

13:59:35.0300 7944        wscsvc - ok

13:59:35.0310 7944        WSearch - ok

13:59:35.0510 7944        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

13:59:35.0610 7944        wuauserv - ok

13:59:35.0742 7944        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:59:35.0802 7944        WudfPf - ok

13:59:35.0832 7944        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:59:35.0892 7944        WUDFRd - ok

13:59:35.0922 7944        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:59:35.0962 7944        wudfsvc - ok

13:59:36.0002 7944        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:59:36.0032 7944        WwanSvc - ok

13:59:36.0072 7944        xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys

13:59:36.0082 7944        xusb21 - ok

13:59:36.0122 7944        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:59:36.0452 7944        \Device\Harddisk0\DR0 - ok

13:59:36.0482 7944        Boot (0x1200)   (5d09eac8a3124a0737d3fd080ea17ab3) \Device\Harddisk0\DR0\Partition0

13:59:36.0482 7944        \Device\Harddisk0\DR0\Partition0 - ok

13:59:36.0502 7944        Boot (0x1200)   (b91d3ce67c045843b5d3de6686d05578) \Device\Harddisk0\DR0\Partition1

13:59:36.0502 7944        \Device\Harddisk0\DR0\Partition1 - ok

13:59:36.0502 7944        ============================================================

13:59:36.0502 7944        Scan finished

13:59:36.0502 7944        ============================================================

13:59:36.0512 7940        Detected object count: 1

13:59:36.0512 7940        Actual detected object count: 1

14:09:14.0520 7940        Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:14.0520 7940        Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.