Trojaner-Board - Virusbefall - alle Dateien umgeschrieben/locked

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Virusbefall - alle Dateien umgeschrieben/locked (https://www.trojaner-board.de/117254-virusbefall-alle-dateien-umgeschrieben-locked.html)

Virusbefall - alle Dateien umgeschrieben/locked

Hallo,

ich bitte um Hilfe, habe schon seit einiger Zeit nen Gema Virus(Ich soll bezahlen wegen Verstoße xyz), der immer wieder mal mein Rechner geblockt hat. Im Abgesicherten Modus --> MSConfig habe ich den dann aber immer wieder unter Startprogramme deaktiviert, dort schlummern jetzt ne menge deaktivierter Programme mit ominösen namen, teilweise auch Russisch.

Vor einer Woche hatte mein Rechenr plötzlich stark gearbeitet obwohl ich nichts großes gemacht habe. Er hat fast alle Dateien umgeschreiben/unlocked welche sich jetzt nicht mehr öffnen lassen. Auch Bewerbungen etc..
z.B. locked-DSCF3040.JPG.vgrg

Ich hoffe ihr könnt mir helfen!?
Danke im vorraus.

In Avira habe ich auch noch 3 Dateien in Quarantäne

Gruß

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: HUBI [Administrator]

Schutz: Aktiviert

13.06.2012 14:18:36
mbam-log-2012-06-13 (15-20-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373734
Laufzeit: 1 Stunde(n), 1 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{XcGP2KlK-yYb9-SgBR-by0z-t15cbOOQlbbd} (Backdoor.Messa) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001ca6 (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Temp\pkg_0ll.exe (Trojan.XBuild) -> Keine Aktion durchgeführt.
C:\Users\Philipp\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Philipp\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten!

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Ok sorry, habe ich nachgeholt ist jetzt alles in Quarantäne!

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: HUBI [Administrator]

Schutz: Aktiviert

16.06.2012 13:17:13
mbam-log-2012-06-16 (13-17-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377580
Laufzeit: 57 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{XcGP2KlK-yYb9-SgBR-by0z-t15cbOOQlbbd} (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001ca6 (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\AppData\Local\Temp\is1590112554\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Philipp\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Wie empfohlen.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 12:42:15
# local_time=2012-06-18 02:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 21181065 21181065 0 0
# compatibility_mode=5893 16776574 100 94 39036342 91648601 0 0
# compatibility_mode=8192 67108863 100 0 125 125 0 0
# scanned=180866
# found=5
# cleaned=0
# scan_time=4583
C:\Users\Philipp\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\Local\Temp\is1590112554\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe probably a variant of Win32/Adware.HLQFYSH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\Local\Temp\is1590112554\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5f949778-7b649df0 Java/Exploit.Agent.NCI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\54baa.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

1. Ja der normale Modus läuft uneingeschränkt, abgesehen von den vielen Dateien die ich nicht mehr benutzen kann. Wobei z.B. Fifa12 noch geht aber mein altes Profil war nicht mehr verfügbar. Allerdings ist Fifa das kleinste Problem.

2. Im Startmenü fällt mir nichts ungewöhnliches auf.

Gruß

Und den Adobe Flash Player muss ich glaube neu installieren, ich habe zwar keine einschränkungen beim browsen aber z.B. bei Bild.de will er immer den Adobe installieren.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Danke für deinen Einsatz!
Außerdem gab es noch eine Textdatei namens Extras.

Code:

OTL logfile created on: 18.06.2012 21:54:35 - Run 1

OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Philipp\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,90% Memory free

7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,04 Gb Total Space | 15,61 Gb Free Space | 10,48% Space Free | Partition Type: NTFS

Drive D: | 148,65 Gb Total Space | 112,80 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

 

Computer Name: HUBI | User Name: Philipp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.18 21:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe

PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 15:50:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

PRC - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.06.03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2012.06.18 18:29:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)

SRV - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)

SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 15:50:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 15:50:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.04.25 16:45:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.12.21 23:47:25 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.04.27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.02.20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010.02.03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{436E383C-0E08-48A1-A2C2-7023F2BF3EE3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.07 19:35:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.11.14 17:18:24 | 000,000,000 | ---D | M]

 

[2011.10.21 21:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions

[2012.06.13 14:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com

[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com

[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi

[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz

[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy

[2011.10.26 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.08.06 13:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2011.09.20 14:28:30 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\locked-.egpa

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\locked-.nonq

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\locked-.qtjf

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.lslr

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE556F15-F563-422D-B023-7D818ACEEA86}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)

MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: UpgradeHelper - hkey= - key= -  File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX:64bit: >{72D2FA70-A635-4482-AF23-546AD89A696B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)

Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)

Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)

Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koyote Soft Toolbar

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2012.06.18 13:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.13 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.13 14:17:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.13 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.06.07 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PDF24

[2012.06.07 14:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.06.07 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24

[2012.06.06 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Eric_Deutsch

[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.05.22 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011.10.21 21:16:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.18 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.18 17:40:41 | 001,558,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.18 17:40:41 | 000,684,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.18 17:40:41 | 000,625,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.18 17:40:41 | 000,139,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.18 17:40:41 | 000,115,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.18 17:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:32:49 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.16 19:27:52 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk

[2012.06.15 16:00:59 | 000,007,604 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.14 17:19:06 | 000,000,193 | ---- | M] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.14 17:06:19 | 000,324,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.13 14:17:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.13 14:07:23 | 000,000,359 | ---- | M] () -- C:\user.js

[2012.06.07 14:48:18 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 18:30:35 | 001,070,732 | ---- | M] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 16:58:32 | 003,262,159 | ---- | M] () -- C:\Users\Philipp\locked-DSCF3040.JPG

[2012.06.06 16:57:21 | 003,490,686 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme2.odt.tqdf

[2012.06.06 16:57:21 | 000,058,949 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Unbenannt 1.odt.iibh

[2012.06.06 16:57:21 | 000,022,283 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Schlussund Vorwort.odt.srzh

[2012.06.06 16:57:21 | 000,011,030 | ---- | M] () -- C:\Users\Philipp\Documents\locked-selbständigkseitserklärung.odt.ywfy

[2012.06.06 16:57:21 | 000,003,141 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme.rtf.llgr

[2012.06.06 16:57:21 | 000,001,728 | ---- | M] () -- C:\Users\Philipp\Documents\locked-RK_KG.rtf.ddtx

[2012.06.06 16:56:48 | 000,043,297 | ---- | M] () -- C:\Users\Philipp\Documents\locked-HSV Dresden_Mitgliedsänderung.pdf.jdno

[2012.06.06 16:56:48 | 000,033,023 | ---- | M] () -- C:\Users\Philipp\Documents\locked-kalorien-verbrauch-tabelle.gif.wmcy

[2012.06.06 16:56:46 | 001,700,202 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Ganzseitiges Foto.pdf.aapv

[2012.06.06 16:56:39 | 005,681,929 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Flyer_BW.pdf.uueu

[2012.06.06 16:56:39 | 000,194,235 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.odt.rril

[2012.06.06 16:56:39 | 000,010,004 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.PDF

[2012.06.06 16:56:37 | 001,361,327 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner3.rtf.zslr

[2012.06.06 16:56:37 | 000,200,037 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner2.rtf.fjxt

[2012.06.06 16:56:37 | 000,003,079 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner4.rtf.aage

[2012.06.06 16:56:36 | 000,344,107 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit_Fertig.odt.rlle

[2012.06.06 16:56:36 | 000,200,486 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner.rtf.yycp

[2012.06.06 16:56:36 | 000,061,294 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_open_office.odt.zhzi

[2012.06.06 16:56:36 | 000,058,097 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad2.odt.wyyw

[2012.06.06 16:56:36 | 000,030,536 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina3.odt.puap

[2012.06.06 16:56:36 | 000,028,769 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Europa-SK.odt.eelu

[2012.06.06 16:56:36 | 000,018,784 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina.odt.kyfk

[2012.06.06 16:56:36 | 000,010,732 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina2.odt.ppyf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung.odt.pcmf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung - Kopie.odt.cyyc

[2012.06.06 16:56:36 | 000,007,192 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad.odt.qqjt

[2012.06.06 16:56:36 | 000,007,183 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-Ernährung.odt.vvua

[2012.06.06 16:56:36 | 000,002,803 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule.rtf.kywk

[2012.06.06 16:56:36 | 000,002,130 | ---- | M] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.06.06 16:56:36 | 000,001,248 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.06.06 16:56:35 | 000,023,040 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht.dot.xxtn

[2012.06.06 16:56:35 | 000,021,519 | ---- | M] () -- C:\Users\Philipp\Documents\locked-bundesvverfassungsgericht.odt.ftof

[2012.06.06 16:56:35 | 000,021,450 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_ohne_Lösungen.odt.ugeu

[2012.06.06 16:56:35 | 000,021,210 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_mit_Lösungen.odt.cwkc

[2012.06.06 16:56:35 | 000,021,077 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Die_Vermessung_der_Welt_Stilmittel.odt.yycy

[2012.06.06 16:56:34 | 028,906,460 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scotch - Samstag 2 (Nachgetreten) live @ Fahrenheit100 08.10.2011.avi.fonf

[2012.06.06 16:56:34 | 001,553,208 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-softonic_ggl_1.5.11.5.exe.nodq

[2012.06.06 16:56:34 | 000,507,904 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-video_converter.exe.zrrh

[2012.06.06 16:56:34 | 000,299,892 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20 x 25 cm (1).pdf.xtot

[2012.06.06 16:56:34 | 000,204,283 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-SX_110_Reflex_Active_c_h_509d.pdf.urel

[2012.06.06 16:56:34 | 000,045,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvss.png.fmyf

[2012.06.06 16:56:34 | 000,044,730 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvssd.png.lbnl

[2012.06.06 16:56:34 | 000,030,991 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xvvbdf.png.ppgl

[2012.06.06 16:56:34 | 000,027,502 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20120811_BAEHR_7FLAWP.pdf.nlhn

[2012.06.06 16:56:34 | 000,006,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Stchpunkte.odt.palg

[2012.06.06 16:56:34 | 000,000,984 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xetudebo.dlc.xxno

[2012.06.06 16:56:34 | 000,000,109 | ---- | M] () -- C:\Users\Philipp\Documents\locked-.~lock.Europa-SK.odt#.ffdx

[2012.06.06 16:56:33 | 000,009,928 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scheinheilig.odt.cfyy

[2012.06.06 16:56:32 | 081,683,527 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-KWaJZ-WathThr.rar.nxqj

[2012.06.06 16:56:32 | 025,315,962 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.avi.xnxt

[2012.06.06 16:56:32 | 013,644,588 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.mp4.otxq

[2012.06.06 16:56:32 | 001,328,939 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-NationalHarvestGuide.pdf.slsb

[2012.06.06 16:56:32 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Minecraft.exe.ywwk

[2012.06.06 16:56:32 | 000,131,349 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-kfz_unfallbericht.pdf.lpuv

[2012.06.06 16:56:32 | 000,078,401 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Lebenslauf.pdf.cmyk

[2012.06.06 16:56:32 | 000,064,303 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Deckblatt.pdf.ppul

[2012.06.06 16:56:32 | 000,013,903 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Bewerbung.pdf.kpcy

[2012.06.06 16:56:32 | 000,011,619 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nic-Nico.rar.jxqd

[2012.06.06 16:55:31 | 733,894,656 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-crcl-new.moon.xvid.avi.hhnr

[2012.06.06 16:55:31 | 003,193,666 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-cdrtfe-1.3.9.zip.lgel

[2012.06.06 16:55:31 | 002,110,084 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-facharbeiten.pdf.wwym

[2012.06.06 16:55:31 | 000,986,872 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-FreemakeVideoDownloaderSetup.exe.lrev

[2012.06.06 16:55:31 | 000,305,380 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Dok133.odt.ykyc

[2012.06.06 16:55:31 | 000,278,243 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.pdf.pymp

[2012.06.06 16:55:31 | 000,020,441 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-d vortrag 6.2.odt.reuv

[2012.06.06 16:55:31 | 000,016,412 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-dynamo dresden mein verein.odt.uleu

[2012.06.06 16:55:31 | 000,010,272 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung.odt.btno

[2012.06.06 16:55:31 | 000,009,905 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.odt.rrbi

[2012.06.06 16:55:31 | 000,009,031 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Die Presse.odt.ccyp

[2012.06.06 16:55:31 | 000,007,274 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-eng.odt.wmyf

[2012.06.06 16:55:31 | 000,005,572 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hangover.2.DVDRiP.LD.German.XViD-ExPERT-9lcoatlnw7r4.dlc.nnof

[2012.06.06 16:55:31 | 000,004,827 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hallo Herr Dietze.odt.cypm

[2012.06.06 16:55:29 | 132,632,576 | ---- | M] () -- C:\Users\Philipp\locked-DBFahrplaninfo.exe.glpg

[2012.06.06 16:55:29 | 000,043,679 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvmb.png.eulr

[2012.06.06 16:55:29 | 000,041,458 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvm.png.kkyf

[2012.06.06 16:55:29 | 000,008,312 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Ausbau des Armaturenbrettes beim Swift.pdf.pvul

[2012.06.06 16:55:28 | 000,447,636 | ---- | M] () -- C:\Users\Philipp\locked-BWL-Phillip2.pdf.mmpc

[2012.06.06 16:54:51 | 000,001,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2012.06.06 16:54:41 | 000,007,859 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2012.06.06 16:54:27 | 000,099,384 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2012.06.06 16:54:23 | 000,306,688 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2012.06.06 16:54:23 | 000,230,400 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.06.06 16:54:00 | 000,007,601 | ---- | M] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.14 17:19:06 | 000,000,193 | ---- | C] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.13 14:17:21 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.07 14:48:18 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 22:13:03 | 000,007,604 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.06 18:30:30 | 001,070,732 | ---- | C] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 17:35:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.03 20:46:53 | 000,002,130 | ---- | C] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.05.23 16:30:40 | 000,007,601 | ---- | C] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[2012.05.21 20:32:53 | 000,001,248 | ---- | C] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.05.18 13:30:19 | 000,230,400 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.04.09 22:15:03 | 000,306,688 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2011.11.09 21:41:16 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.09 21:41:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.10.21 21:26:25 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.10.21 21:26:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.10.21 21:16:38 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2011.10.21 21:16:38 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2011.10.21 21:16:38 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf

[2011.10.21 20:59:05 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.21 20:31:47 | 000,001,057 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2011.10.06 17:51:15 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.06.08 16:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.03.26 19:11:33 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.22 00:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2010.12.21 23:52:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

 
 ========== LOP Check ==========

 

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.03.25 09:09:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.15 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2011.10.17 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2012.04.03 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Help

[2012.04.06 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities

[2011.03.22 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs

[2012.05.18 13:15:17 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft

[2011.04.23 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2011.03.22 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nero

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2011.04.06 17:57:29 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM

[2012.06.13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.06.06 16:54:10 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\.minecraft\Minecraft.exe

[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Danke für deinen Einsatz!

Code:

OTL logfile created on: 18.06.2012 21:54:35 - Run 1

OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Philipp\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 66,90% Memory free

7,60 Gb Paging File | 6,05 Gb Available in Paging File | 79,69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,04 Gb Total Space | 15,61 Gb Free Space | 10,48% Space Free | Partition Type: NTFS

Drive D: | 148,65 Gb Total Space | 112,80 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

 

Computer Name: HUBI | User Name: Philipp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.18 21:51:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe

PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 15:50:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

PRC - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.06.03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2012.06.18 18:29:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.05.08 15:50:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 15:50:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.11.10 18:21:12 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)

SRV - [2011.11.09 21:41:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010.09.28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.05.11 10:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)

SRV - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 15:50:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 15:50:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.04.25 16:45:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.12.21 23:47:25 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.04.27 02:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.02.20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010.02.03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.01.12 15:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{436E383C-0E08-48A1-A2C2-7023F2BF3EE3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.07 19:35:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.11.14 17:18:24 | 000,000,000 | ---D | M]

 

[2011.10.21 21:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions

[2012.06.13 14:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}

[2012.06.06 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com

[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com

[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi

[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz

[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy

[2011.10.26 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.08.06 13:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2011.09.20 14:28:30 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\locked-.egpa

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\locked-.nonq

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\locked-.qtjf

CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.lslr

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D710A5D-46C8-4F99-91B3-BB0881FA2FBF}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE556F15-F563-422D-B023-7D818ACEEA86}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)

MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: KeNotify - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: SVPWUTIL - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TosVolRegulator - hkey= - key= - C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: UpgradeHelper - hkey= - key= -  File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX:64bit: >{72D2FA70-A635-4482-AF23-546AD89A696B} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)

Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)

Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)

Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koyote Soft Toolbar

[2012.06.18 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2012.06.18 13:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.13 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.13 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.13 14:17:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.13 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2012.06.13 14:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.06.07 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\PDF24

[2012.06.07 14:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

[2012.06.07 14:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24

[2012.06.06 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Eric_Deutsch

[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.05.22 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011.10.21 21:16:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Philipp\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.18 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.18 17:40:41 | 001,558,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.18 17:40:41 | 000,684,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.18 17:40:41 | 000,625,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.18 17:40:41 | 000,139,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.18 17:40:41 | 000,115,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.18 17:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:40:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.18 12:32:49 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.16 19:27:52 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk

[2012.06.15 16:00:59 | 000,007,604 | ---- | M] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.14 17:19:06 | 000,000,193 | ---- | M] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.14 17:06:19 | 000,324,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.13 14:17:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.13 14:07:23 | 000,000,359 | ---- | M] () -- C:\user.js

[2012.06.07 14:48:18 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 18:30:35 | 001,070,732 | ---- | M] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 16:58:32 | 003,262,159 | ---- | M] () -- C:\Users\Philipp\locked-DSCF3040.JPG

[2012.06.06 16:57:21 | 003,490,686 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme2.odt.tqdf

[2012.06.06 16:57:21 | 000,058,949 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Unbenannt 1.odt.iibh

[2012.06.06 16:57:21 | 000,022,283 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Schlussund Vorwort.odt.srzh

[2012.06.06 16:57:21 | 000,011,030 | ---- | M] () -- C:\Users\Philipp\Documents\locked-selbständigkseitserklärung.odt.ywfy

[2012.06.06 16:57:21 | 000,003,141 | ---- | M] () -- C:\Users\Philipp\Documents\locked-SGD_Stellungnahme.rtf.llgr

[2012.06.06 16:57:21 | 000,001,728 | ---- | M] () -- C:\Users\Philipp\Documents\locked-RK_KG.rtf.ddtx

[2012.06.06 16:56:48 | 000,043,297 | ---- | M] () -- C:\Users\Philipp\Documents\locked-HSV Dresden_Mitgliedsänderung.pdf.jdno

[2012.06.06 16:56:48 | 000,033,023 | ---- | M] () -- C:\Users\Philipp\Documents\locked-kalorien-verbrauch-tabelle.gif.wmcy

[2012.06.06 16:56:46 | 001,700,202 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Ganzseitiges Foto.pdf.aapv

[2012.06.06 16:56:39 | 005,681,929 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Flyer_BW.pdf.uueu

[2012.06.06 16:56:39 | 000,194,235 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.odt.rril

[2012.06.06 16:56:39 | 000,010,004 | ---- | M] () -- C:\Users\Philipp\Documents\locked-FOA10.PDF

[2012.06.06 16:56:37 | 001,361,327 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner3.rtf.zslr

[2012.06.06 16:56:37 | 000,200,037 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner2.rtf.fjxt

[2012.06.06 16:56:37 | 000,003,079 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner4.rtf.aage

[2012.06.06 16:56:36 | 000,344,107 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit_Fertig.odt.rlle

[2012.06.06 16:56:36 | 000,200,486 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule_mit _Banner.rtf.yycp

[2012.06.06 16:56:36 | 000,061,294 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_open_office.odt.zhzi

[2012.06.06 16:56:36 | 000,058,097 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad2.odt.wyyw

[2012.06.06 16:56:36 | 000,030,536 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina3.odt.puap

[2012.06.06 16:56:36 | 000,028,769 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Europa-SK.odt.eelu

[2012.06.06 16:56:36 | 000,018,784 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina.odt.kyfk

[2012.06.06 16:56:36 | 000,010,732 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeitvon katharina2.odt.ppyf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung.odt.pcmf

[2012.06.06 16:56:36 | 000,009,322 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung - Kopie.odt.cyyc

[2012.06.06 16:56:36 | 000,007,192 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-SportundErnährung_wordpad.odt.qqjt

[2012.06.06 16:56:36 | 000,007,183 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Facharbeit-Ernährung.odt.vvua

[2012.06.06 16:56:36 | 000,002,803 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Fehlermeldung_GMX_Schule.rtf.kywk

[2012.06.06 16:56:36 | 000,002,130 | ---- | M] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.06.06 16:56:36 | 000,001,248 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.06.06 16:56:35 | 000,023,040 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht.dot.xxtn

[2012.06.06 16:56:35 | 000,021,519 | ---- | M] () -- C:\Users\Philipp\Documents\locked-bundesvverfassungsgericht.odt.ftof

[2012.06.06 16:56:35 | 000,021,450 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_ohne_Lösungen.odt.ugeu

[2012.06.06 16:56:35 | 000,021,210 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Bundesverfassungsgericht_mit_Lösungen.odt.cwkc

[2012.06.06 16:56:35 | 000,021,077 | ---- | M] () -- C:\Users\Philipp\Documents\locked-Die_Vermessung_der_Welt_Stilmittel.odt.yycy

[2012.06.06 16:56:34 | 028,906,460 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scotch - Samstag 2 (Nachgetreten) live @ Fahrenheit100 08.10.2011.avi.fonf

[2012.06.06 16:56:34 | 001,553,208 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-softonic_ggl_1.5.11.5.exe.nodq

[2012.06.06 16:56:34 | 000,507,904 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-video_converter.exe.zrrh

[2012.06.06 16:56:34 | 000,299,892 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20 x 25 cm (1).pdf.xtot

[2012.06.06 16:56:34 | 000,204,283 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-SX_110_Reflex_Active_c_h_509d.pdf.urel

[2012.06.06 16:56:34 | 000,045,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvss.png.fmyf

[2012.06.06 16:56:34 | 000,044,730 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-vvssd.png.lbnl

[2012.06.06 16:56:34 | 000,030,991 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xvvbdf.png.ppgl

[2012.06.06 16:56:34 | 000,027,502 | ---- | M] () -- C:\Users\Philipp\Documents\locked-20120811_BAEHR_7FLAWP.pdf.nlhn

[2012.06.06 16:56:34 | 000,006,281 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Stchpunkte.odt.palg

[2012.06.06 16:56:34 | 000,000,984 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-xetudebo.dlc.xxno

[2012.06.06 16:56:34 | 000,000,109 | ---- | M] () -- C:\Users\Philipp\Documents\locked-.~lock.Europa-SK.odt#.ffdx

[2012.06.06 16:56:33 | 000,009,928 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Scheinheilig.odt.cfyy

[2012.06.06 16:56:32 | 081,683,527 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-KWaJZ-WathThr.rar.nxqj

[2012.06.06 16:56:32 | 025,315,962 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.avi.xnxt

[2012.06.06 16:56:32 | 013,644,588 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nicone - Ich leg noch ein drauf.mp4.otxq

[2012.06.06 16:56:32 | 001,328,939 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-NationalHarvestGuide.pdf.slsb

[2012.06.06 16:56:32 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Minecraft.exe.ywwk

[2012.06.06 16:56:32 | 000,131,349 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-kfz_unfallbericht.pdf.lpuv

[2012.06.06 16:56:32 | 000,078,401 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Lebenslauf.pdf.cmyk

[2012.06.06 16:56:32 | 000,064,303 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Deckblatt.pdf.ppul

[2012.06.06 16:56:32 | 000,013,903 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Krüger - Bewerbung.pdf.kpcy

[2012.06.06 16:56:32 | 000,011,619 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Nic-Nico.rar.jxqd

[2012.06.06 16:55:31 | 733,894,656 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-crcl-new.moon.xvid.avi.hhnr

[2012.06.06 16:55:31 | 003,193,666 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-cdrtfe-1.3.9.zip.lgel

[2012.06.06 16:55:31 | 002,110,084 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-facharbeiten.pdf.wwym

[2012.06.06 16:55:31 | 000,986,872 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-FreemakeVideoDownloaderSetup.exe.lrev

[2012.06.06 16:55:31 | 000,305,380 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Dok133.odt.ykyc

[2012.06.06 16:55:31 | 000,278,243 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.pdf.pymp

[2012.06.06 16:55:31 | 000,020,441 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-d vortrag 6.2.odt.reuv

[2012.06.06 16:55:31 | 000,016,412 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-dynamo dresden mein verein.odt.uleu

[2012.06.06 16:55:31 | 000,010,272 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung.odt.btno

[2012.06.06 16:55:31 | 000,009,905 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Computerintegrierte Fertigung2.odt.rrbi

[2012.06.06 16:55:31 | 000,009,031 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Die Presse.odt.ccyp

[2012.06.06 16:55:31 | 000,007,274 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-eng.odt.wmyf

[2012.06.06 16:55:31 | 000,005,572 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hangover.2.DVDRiP.LD.German.XViD-ExPERT-9lcoatlnw7r4.dlc.nnof

[2012.06.06 16:55:31 | 000,004,827 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Hallo Herr Dietze.odt.cypm

[2012.06.06 16:55:29 | 132,632,576 | ---- | M] () -- C:\Users\Philipp\locked-DBFahrplaninfo.exe.glpg

[2012.06.06 16:55:29 | 000,043,679 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvmb.png.eulr

[2012.06.06 16:55:29 | 000,041,458 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-bvmvm.png.kkyf

[2012.06.06 16:55:29 | 000,008,312 | ---- | M] () -- C:\Users\Philipp\Desktop\locked-Ausbau des Armaturenbrettes beim Swift.pdf.pvul

[2012.06.06 16:55:28 | 000,447,636 | ---- | M] () -- C:\Users\Philipp\locked-BWL-Phillip2.pdf.mmpc

[2012.06.06 16:54:51 | 000,001,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2012.06.06 16:54:41 | 000,007,859 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2012.06.06 16:54:27 | 000,099,384 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2012.06.06 16:54:23 | 000,306,688 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2012.06.06 16:54:23 | 000,230,400 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.06.06 16:54:00 | 000,007,601 | ---- | M] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.14 17:19:06 | 000,000,193 | ---- | C] () -- C:\Users\Philipp\Desktop\Dokument1.rtf

[2012.06.13 14:17:21 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.07 14:48:18 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk

[2012.06.07 14:48:18 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk

[2012.06.06 22:13:03 | 000,007,604 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg

[2012.06.06 18:30:30 | 001,070,732 | ---- | C] () -- C:\Users\Philipp\Documents\Ganzseitiges Foto.pdf

[2012.06.06 17:35:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.03 20:46:53 | 000,002,130 | ---- | C] () -- C:\Users\Philipp\Documents\locked-eng.rtf.pgle

[2012.05.23 16:30:40 | 000,007,601 | ---- | C] () -- C:\Users\Philipp\AppData\Local\locked-Resmon.ResmonCfg.vglu

[2012.05.21 20:32:53 | 000,001,248 | ---- | C] () -- C:\Users\Philipp\Documents\locked-Englisch_lernen.rtf.tqxn

[2012.05.18 13:30:19 | 000,230,400 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bauesch.exe.kmyc

[2012.04.09 22:15:03 | 000,306,688 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-bstr55uhjzd.exe.wwky

[2011.11.09 21:41:16 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.09 21:41:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.10.21 21:26:25 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.10.21 21:26:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.10.21 21:16:38 | 000,099,384 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-inst.exe.rrzb

[2011.10.21 21:16:38 | 000,007,859 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-pcouffin.cat.rnhi

[2011.10.21 21:16:38 | 000,001,167 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\pcouffin.inf

[2011.10.21 20:59:05 | 000,003,584 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.21 20:31:47 | 000,001,057 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\locked-vso_ts_preview.xml.dqdf

[2011.10.06 17:51:15 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini

[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.06.08 16:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.03.26 19:11:33 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.22 00:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2010.12.21 23:52:03 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

 
 ========== LOP Check ==========

 

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.03.25 09:09:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.13 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft

[2012.04.01 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.Nitrous

[2011.04.19 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\1&1 Mail & Media GmbH

[2011.07.15 17:49:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Adobe

[2012.06.06 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aseph

[2011.10.17 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Avira

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

[2011.10.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canneverbe Limited

[2012.06.06 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DAEMON Tools Lite

[2011.10.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DegoMedia

[2012.05.11 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft

[2012.06.06 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.05.26 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Elugmu

[2012.03.31 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Epson

[2012.01.25 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter

[2011.04.23 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GrabPro

[2012.06.06 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\griffith

[2011.10.06 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HaCon

[2012.04.03 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Help

[2012.04.06 12:56:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Identities

[2011.03.22 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\InstallShield

[2011.04.06 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech

[2010.11.11 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Macromedia

[2012.06.06 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MakeUpPilot

[2012.06.13 14:17:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Media Center Programs

[2012.05.18 13:15:17 | 000,000,000 | --SD | M] -- C:\Users\Philipp\AppData\Roaming\Microsoft

[2011.04.23 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mozilla

[2012.06.13 15:31:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2011.03.22 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nero

[2012.02.26 17:43:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org

[2011.11.13 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Orbit

[2012.06.15 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin

[2012.06.06 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ProgSense

[2011.11.09 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PunkBuster

[2011.04.06 17:57:29 | 000,000,000 | RH-D | M] -- C:\Users\Philipp\AppData\Roaming\SecuROM

[2012.06.13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Skype

[2012.06.14 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client

[2011.06.22 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Softland

[2012.05.18 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Taavc

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer

[2011.03.22 18:50:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Toshiba

[2011.03.26 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP

[2012.05.06 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software

[2011.11.10 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft

[2011.10.21 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Video DVD Maker FREE

[2012.06.06 18:43:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\vlc

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\VshareComplete

[2012.06.06 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vso

[2011.03.22 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinBatch

[2012.04.03 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.06.06 16:54:10 | 000,232,159 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\.minecraft\Minecraft.exe

[2010.09.20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys

[2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Außerdem gab es noch eine Textdatei namens Extras.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKLM\..\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes,DefaultScope = {3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=16eddde90000000000001c659d939014

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = http://startsear.ch/?q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VSAT&o=16625&src=kw&q={searchTerms}&locale=&apn_ptnrs=2K&apn_dtid=YYYYYYYYDE&apn_uid=8E4C4DAE-4845-4180-88A9-ED7AA9394F9F&apn_sauid=2C2EE71E-368D-484D-B11D-0E314329F91F

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}: "URL" = http://ecosia.org/search.php?q={searchTerms}&addon=opensearch

IE - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=fe184fa0-c5b2-11e0-8db3-1c7508772adb&q={searchTerms}

[2012.06.13 14:07:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com

[2012.03.31 18:23:31 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com

[2012.06.06 16:54:35 | 000,002,396 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi

[2012.06.06 16:54:35 | 000,002,506 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz

[2012.06.06 16:54:35 | 000,000,633 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy

O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Philipp\AppData\Roaming\VshareComplete\64\VshareComplete64.dll File not found

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell - "" = AutoRun

O33 - MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\Shell\AutoRun\command - "" = F:\raf-gta_tt.exe

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.5559728462704264.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Philipp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.9960938299346471.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpReg: 0ZL5KpKbdq59PFw - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: 16EDDDE9 - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ALYQ3CgTRBSYLwE - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: d31ybB8YFv9cUxg - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Izbyikudur - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: lmfvMDBr3jNvGGM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig:64bit - StartUpReg: SkypeM - hkey= - key= -  File not found

[2012.06.06 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Mwkcykwyy

[2012.06.13 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon

[2011.09.20 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bandoo

:Files

C:\Program Files (x86)\Common Files\Spigot

C:\Program Files (x86)\Application Updater

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Service Application Updater stopped successfully!

Service Application Updater deleted successfully!

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED903E4-F547-47C2-9B58-27034939F97E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4557F87A-7C82-4E95-B92C-5EC5E4B328C9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0C0563A-0BCF-4CD0-A6C7-B670F74B745D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ not found.

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.

C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll moved successfully.

HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2ED903E4-F547-47C2-9B58-27034939F97E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED903E4-F547-47C2-9B58-27034939F97E}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5C6C52-86EC-4F16-B5B2-B8CE241D69AC}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA99CC24-F9CA-4D1D-BAAE-65C37524D8E2}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D1459C2E-C7D8-465B-996C-026655FAAC19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1459C2E-C7D8-465B-996C-026655FAAC19}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DD5E67FA-532A-4AC9-95E2-80606420E225}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD5E67FA-532A-4AC9-95E2-80606420E225}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F18D80B2-A180-4ED8-88F3-AE51B3B9D87D}\ not found.

Registry key HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8B88F0-6D5F-4CD0-B3EF-668C27DE2859}\ not found.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\defaults\preferences folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\defaults folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com\content folder moved successfully.

C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\8gpxk5yq.default\extensions\ffxtlbra@softonic.com folder moved successfully.

C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-askcom.xml.iibi moved successfully.

C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-SearchResults.xml.ssiz moved successfully.

C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\8gpxk5yq.default\searchplugins\locked-startsear.xml.ypmy moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08337871-0e50-4031-9110-3bd21ca3c065}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08337871-0e50-4031-9110-3bd21ca3c065}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

C:\Program Files (x86)\vShare\vshare_toolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.

File C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.

C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.

File C:\Program Files (x86)\Koyote Soft Toolbar\IE\5.9\koyotesoftToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.

C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f95bc89-8b98-11e0-bf66-1c7508772adb}\ not found.

File H:\Windows\CHECK\DriveNavigator.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4ec302-6f27-11e0-8a0b-1c7508772adb}\ not found.

File F:\raf-gta_tt.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\0ZL5KpKbdq59PFw\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\16EDDDE9\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ALYQ3CgTRBSYLwE\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\d31ybB8YFv9cUxg\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Izbyikudur\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\lmfvMDBr3jNvGGM\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SkypeM\ not found.

C:\Users\Philipp\AppData\Roaming\Mwkcykwyy folder moved successfully.

C:\Users\Philipp\AppData\Roaming\Babylon folder moved successfully.

C:\Users\Philipp\AppData\Roaming\Bandoo folder moved successfully.

========== FILES ==========

C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot folder moved successfully.

C:\Program Files (x86)\Application Updater folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Philipp

->Temp folder emptied: 1670131914 bytes

->Temporary Internet Files folder emptied: 4512042325 bytes

->Java cache emptied: 485058 bytes

->FireFox cache emptied: 90274582 bytes

->Google Chrome cache emptied: 319715081 bytes

->Flash cache emptied: 57032 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 119512783 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes

RecycleBin emptied: 1150298 bytes

 

Total Files Cleaned = 6.402,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Philipp

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.49.0 log created on 06182012_231220
 

Files\Folders moved on Reboot...

C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

gemacht!

Code:

13:57:16.0120 8660        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

13:57:16.0250 8660        ============================================================

13:57:16.0250 8660        Current date / time: 2012/06/19 13:57:16.0250

13:57:16.0250 8660        SystemInfo:

13:57:16.0250 8660        

13:57:16.0250 8660        OS Version: 6.1.7601 ServicePack: 1.0

13:57:16.0250 8660        Product type: Workstation

13:57:16.0250 8660        ComputerName: HUBI

13:57:16.0250 8660        UserName: Philipp

13:57:16.0250 8660        Windows directory: C:\Windows

13:57:16.0250 8660        System windows directory: C:\Windows

13:57:16.0250 8660        Running under WOW64

13:57:16.0250 8660        Processor architecture: Intel x64

13:57:16.0250 8660        Number of processors: 2

13:57:16.0250 8660        Page size: 0x1000

13:57:16.0250 8660        Boot type: Normal boot

13:57:16.0250 8660        ============================================================

13:57:17.0020 8660        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:57:17.0030 8660        ============================================================

13:57:17.0030 8660        \Device\Harddisk0\DR0:

13:57:17.0030 8660        MBR partitions:

13:57:17.0030 8660        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000

13:57:17.0030 8660        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000

13:57:17.0030 8660        ============================================================

13:57:17.0050 8660        C: <-> \Device\Harddisk0\DR0\Partition0

13:57:17.0080 8660        D: <-> \Device\Harddisk0\DR0\Partition1

13:57:17.0080 8660        ============================================================

13:57:17.0080 8660        Initialize success

13:57:17.0080 8660        ============================================================

13:58:55.0202 7944        ============================================================

13:58:55.0202 7944        Scan started

13:58:55.0202 7944        Mode: Manual; SigCheck; TDLFS; 

13:58:55.0202 7944        ============================================================

13:58:56.0792 7944        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:58:56.0872 7944        1394ohci - ok

13:58:56.0942 7944        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:58:56.0962 7944        ACPI - ok

13:58:56.0992 7944        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:58:57.0032 7944        AcpiPmi - ok

13:58:57.0132 7944        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:58:57.0142 7944        AdobeARMservice - ok

13:58:57.0322 7944        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:58:57.0332 7944        AdobeFlashPlayerUpdateSvc - ok

13:58:57.0392 7944        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:58:57.0422 7944        adp94xx - ok

13:58:57.0452 7944        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:58:57.0472 7944        adpahci - ok

13:58:57.0492 7944        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:58:57.0512 7944        adpu320 - ok

13:58:57.0542 7944        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:58:57.0602 7944        AeLookupSvc - ok

13:58:57.0692 7944        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:58:57.0742 7944        AFD - ok

13:58:57.0772 7944        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:58:57.0792 7944        agp440 - ok

13:58:57.0832 7944        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:58:57.0892 7944        ALG - ok

13:58:57.0912 7944        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:58:57.0922 7944        aliide - ok

13:58:57.0972 7944        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:58:57.0982 7944        amdide - ok

13:58:58.0002 7944        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:58:58.0052 7944        AmdK8 - ok

13:58:58.0052 7944        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:58:58.0102 7944        AmdPPM - ok

13:58:58.0142 7944        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:58:58.0152 7944        amdsata - ok

13:58:58.0212 7944        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:58:58.0232 7944        amdsbs - ok

13:58:58.0252 7944        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:58:58.0262 7944        amdxata - ok

13:58:58.0392 7944        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

13:58:58.0402 7944        AntiVirSchedulerService - ok

13:58:58.0462 7944        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

13:58:58.0472 7944        AntiVirService - ok

13:58:58.0522 7944        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:58:58.0582 7944        AppID - ok

13:58:58.0622 7944        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:58:58.0692 7944        AppIDSvc - ok

13:58:58.0742 7944        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:58:58.0782 7944        Appinfo - ok

13:58:58.0802 7944        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:58:58.0822 7944        arc - ok

13:58:58.0832 7944        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:58:58.0842 7944        arcsas - ok

13:58:58.0882 7944        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:58:58.0942 7944        AsyncMac - ok

13:58:59.0012 7944        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:58:59.0032 7944        atapi - ok

13:58:59.0132 7944        athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys

13:58:59.0192 7944        athr - ok

13:58:59.0352 7944        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:58:59.0412 7944        AudioEndpointBuilder - ok

13:58:59.0432 7944        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:58:59.0482 7944        AudioSrv - ok

13:58:59.0562 7944        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

13:58:59.0582 7944        avgntflt - ok

13:58:59.0632 7944        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

13:58:59.0642 7944        avipbb - ok

13:58:59.0672 7944        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

13:58:59.0682 7944        avkmgr - ok

13:58:59.0722 7944        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:58:59.0752 7944        AxInstSV - ok

13:58:59.0812 7944        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:58:59.0862 7944        b06bdrv - ok

13:58:59.0892 7944        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:58:59.0922 7944        b57nd60a - ok

13:58:59.0972 7944        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:59:00.0022 7944        BDESVC - ok

13:59:00.0052 7944        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:59:00.0112 7944        Beep - ok

13:59:00.0192 7944        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:59:00.0242 7944        BFE - ok

13:59:00.0332 7944        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

13:59:00.0402 7944        BITS - ok

13:59:00.0454 7944        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:59:00.0484 7944        blbdrive - ok

13:59:00.0524 7944        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:59:00.0554 7944        bowser - ok

13:59:00.0574 7944        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:59:00.0604 7944        BrFiltLo - ok

13:59:00.0624 7944        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:59:00.0654 7944        BrFiltUp - ok

13:59:00.0714 7944        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:59:00.0764 7944        Browser - ok

13:59:00.0814 7944        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:59:00.0864 7944        Brserid - ok

13:59:00.0884 7944        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:59:00.0904 7944        BrSerWdm - ok

13:59:00.0924 7944        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:59:00.0954 7944        BrUsbMdm - ok

13:59:00.0994 7944        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:59:01.0024 7944        BrUsbSer - ok

13:59:01.0054 7944        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:59:01.0084 7944        BTHMODEM - ok

13:59:01.0114 7944        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:59:01.0164 7944        bthserv - ok

13:59:01.0214 7944        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:59:01.0254 7944        cdfs - ok

13:59:01.0314 7944        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:59:01.0344 7944        cdrom - ok

13:59:01.0374 7944        CeKbFilter      (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys

13:59:01.0384 7944        CeKbFilter - ok

13:59:01.0434 7944        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:59:01.0504 7944        CertPropSvc - ok

13:59:01.0634 7944        cfWiMAXService  (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

13:59:01.0644 7944        cfWiMAXService - ok

13:59:01.0664 7944        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:59:01.0704 7944        circlass - ok

13:59:01.0764 7944        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:59:01.0784 7944        CLFS - ok

13:59:01.0874 7944        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:59:01.0894 7944        clr_optimization_v2.0.50727_32 - ok

13:59:01.0914 7944        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:59:01.0924 7944        clr_optimization_v2.0.50727_64 - ok

13:59:02.0004 7944        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:59:02.0064 7944        clr_optimization_v4.0.30319_32 - ok

13:59:02.0104 7944        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:59:02.0114 7944        clr_optimization_v4.0.30319_64 - ok

13:59:02.0154 7944        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:59:02.0184 7944        CmBatt - ok

13:59:02.0204 7944        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:59:02.0224 7944        cmdide - ok

13:59:02.0284 7944        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:59:02.0314 7944        CNG - ok

13:59:02.0354 7944        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:59:02.0364 7944        Compbatt - ok

13:59:02.0414 7944        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:59:02.0434 7944        CompositeBus - ok

13:59:02.0444 7944        COMSysApp - ok

13:59:02.0554 7944        ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

13:59:02.0564 7944        ConfigFree Service - ok

13:59:02.0584 7944        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:59:02.0604 7944        crcdisk - ok

13:59:02.0654 7944        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

13:59:02.0684 7944        CryptSvc - ok

13:59:02.0834 7944        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

13:59:02.0864 7944        cvhsvc - ok

13:59:02.0934 7944        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:59:02.0994 7944        DcomLaunch - ok

13:59:03.0044 7944        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:59:03.0104 7944        defragsvc - ok

13:59:03.0194 7944        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:59:03.0244 7944        DfsC - ok

13:59:03.0304 7944        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:59:03.0354 7944        Dhcp - ok

13:59:03.0394 7944        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:59:03.0434 7944        discache - ok

13:59:03.0464 7944        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:59:03.0474 7944        Disk - ok

13:59:03.0504 7944        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:59:03.0544 7944        Dnscache - ok

13:59:03.0584 7944        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:59:03.0644 7944        dot3svc - ok

13:59:03.0664 7944        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:59:03.0724 7944        DPS - ok

13:59:03.0764 7944        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:59:03.0774 7944        drmkaud - ok

13:59:03.0824 7944        dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:59:03.0844 7944        dtsoftbus01 - ok

13:59:03.0944 7944        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:59:03.0974 7944        DXGKrnl - ok

13:59:04.0004 7944        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:59:04.0064 7944        EapHost - ok

13:59:04.0294 7944        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:59:04.0374 7944        ebdrv - ok

13:59:04.0494 7944        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:59:04.0524 7944        EFS - ok

13:59:04.0684 7944        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:59:04.0754 7944        ehRecvr - ok

13:59:04.0784 7944        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:59:04.0814 7944        ehSched - ok

13:59:04.0894 7944        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:59:04.0914 7944        elxstor - ok

13:59:04.0984 7944        EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

13:59:05.0034 7944        EPSON_EB_RPCV4_04 - ok

13:59:05.0054 7944        EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

13:59:05.0074 7944        EPSON_PM_RPCV4_04 - ok

13:59:05.0114 7944        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:59:05.0144 7944        ErrDev - ok

13:59:05.0204 7944        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:59:05.0264 7944        EventSystem - ok

13:59:05.0304 7944        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:59:05.0364 7944        exfat - ok

13:59:05.0394 7944        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:59:05.0464 7944        fastfat - ok

13:59:05.0554 7944        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:59:05.0594 7944        Fax - ok

13:59:05.0624 7944        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:59:05.0644 7944        fdc - ok

13:59:05.0674 7944        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:59:05.0734 7944        fdPHost - ok

13:59:05.0774 7944        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:59:05.0824 7944        FDResPub - ok

13:59:05.0874 7944        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:59:05.0884 7944        FileInfo - ok

13:59:05.0904 7944        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:59:05.0964 7944        Filetrace - ok

13:59:06.0004 7944        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:59:06.0034 7944        flpydisk - ok

13:59:06.0094 7944        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:59:06.0114 7944        FltMgr - ok

13:59:06.0224 7944        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:59:06.0274 7944        FontCache - ok

13:59:06.0334 7944        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:59:06.0344 7944        FontCache3.0.0.0 - ok

13:59:06.0454 7944        Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

13:59:06.0474 7944        Freemake Improver ( UnsignedFile.Multi.Generic ) - warning

13:59:06.0474 7944        Freemake Improver - detected UnsignedFile.Multi.Generic (1)

13:59:06.0524 7944        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:59:06.0544 7944        FsDepends - ok

13:59:06.0594 7944        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:59:06.0604 7944        Fs_Rec - ok

13:59:06.0664 7944        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:59:06.0684 7944        fvevol - ok

13:59:06.0694 7944        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:59:06.0714 7944        gagp30kx - ok

13:59:06.0794 7944        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:59:06.0854 7944        gpsvc - ok

13:59:06.0884 7944        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:59:06.0904 7944        hcw85cir - ok

13:59:06.0964 7944        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:59:07.0004 7944        HdAudAddService - ok

13:59:07.0034 7944        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:59:07.0064 7944        HDAudBus - ok

13:59:07.0124 7944        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

13:59:07.0134 7944        HECIx64 - ok

13:59:07.0164 7944        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:59:07.0184 7944        HidBatt - ok

13:59:07.0214 7944        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:59:07.0244 7944        HidBth - ok

13:59:07.0264 7944        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:59:07.0294 7944        HidIr - ok

13:59:07.0334 7944        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:59:07.0404 7944        hidserv - ok

13:59:07.0454 7944        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:59:07.0474 7944        HidUsb - ok

13:59:07.0524 7944        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:59:07.0584 7944        hkmsvc - ok

13:59:07.0634 7944        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:59:07.0664 7944        HomeGroupListener - ok

13:59:07.0714 7944        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:59:07.0744 7944        HomeGroupProvider - ok

13:59:07.0784 7944        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:59:07.0794 7944        HpSAMD - ok

13:59:07.0904 7944        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:59:07.0974 7944        HTTP - ok

13:59:08.0034 7944        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:59:08.0044 7944        hwpolicy - ok

13:59:08.0094 7944        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:59:08.0104 7944        i8042prt - ok

13:59:08.0174 7944        iaStor          (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys

13:59:08.0194 7944        iaStor - ok

13:59:08.0254 7944        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:59:08.0274 7944        iaStorV - ok

13:59:08.0404 7944        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:59:08.0434 7944        idsvc - ok

13:59:09.0134 7944        igfx            (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys

13:59:09.0404 7944        igfx - ok

13:59:09.0524 7944        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:59:09.0534 7944        iirsp - ok

13:59:09.0624 7944        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:59:09.0694 7944        IKEEXT - ok

13:59:09.0754 7944        Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys

13:59:09.0784 7944        Impcd - ok

13:59:10.0014 7944        IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys

13:59:10.0074 7944        IntcAzAudAddService - ok

13:59:10.0214 7944        IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

13:59:10.0244 7944        IntcDAud - ok

13:59:10.0294 7944        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:59:10.0314 7944        intelide - ok

13:59:10.0354 7944        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:59:10.0384 7944        intelppm - ok

13:59:10.0414 7944        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:59:10.0474 7944        IPBusEnum - ok

13:59:10.0514 7944        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:59:10.0574 7944        IpFilterDriver - ok

13:59:10.0634 7944        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:59:10.0694 7944        iphlpsvc - ok

13:59:10.0734 7944        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:59:10.0764 7944        IPMIDRV - ok

13:59:10.0804 7944        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:59:10.0864 7944        IPNAT - ok

13:59:10.0884 7944        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:59:10.0914 7944        IRENUM - ok

13:59:10.0964 7944        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:59:10.0974 7944        isapnp - ok

13:59:11.0004 7944        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:59:11.0024 7944        iScsiPrt - ok

13:59:11.0054 7944        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:59:11.0074 7944        kbdclass - ok

13:59:11.0094 7944        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:59:11.0114 7944        kbdhid - ok

13:59:11.0154 7944        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:11.0164 7944        KeyIso - ok

13:59:11.0184 7944        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:59:11.0194 7944        KSecDD - ok

13:59:11.0244 7944        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:59:11.0264 7944        KSecPkg - ok

13:59:11.0294 7944        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:59:11.0354 7944        ksthunk - ok

13:59:11.0404 7944        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:59:11.0474 7944        KtmRm - ok

13:59:11.0534 7944        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

13:59:11.0594 7944        LanmanServer - ok

13:59:11.0634 7944        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:59:11.0694 7944        LanmanWorkstation - ok

13:59:11.0744 7944        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:59:11.0794 7944        lltdio - ok

13:59:11.0844 7944        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:59:11.0904 7944        lltdsvc - ok

13:59:11.0924 7944        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:59:11.0964 7944        lmhosts - ok

13:59:12.0034 7944        LMS             (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

13:59:12.0044 7944        LMS - ok

13:59:12.0074 7944        LPCFilter       (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys

13:59:12.0084 7944        LPCFilter - ok

13:59:12.0114 7944        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:59:12.0124 7944        LSI_FC - ok

13:59:12.0144 7944        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:59:12.0154 7944        LSI_SAS - ok

13:59:12.0164 7944        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:59:12.0174 7944        LSI_SAS2 - ok

13:59:12.0194 7944        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:59:12.0204 7944        LSI_SCSI - ok

13:59:12.0234 7944        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:59:12.0284 7944        luafv - ok

13:59:12.0344 7944        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:59:12.0354 7944        MBAMProtector - ok

13:59:12.0514 7944        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:59:12.0534 7944        MBAMService - ok

13:59:12.0584 7944        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:59:12.0614 7944        Mcx2Svc - ok

13:59:12.0634 7944        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:59:12.0644 7944        megasas - ok

13:59:12.0744 7944        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:59:12.0754 7944        MegaSR - ok

13:59:12.0784 7944        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:59:12.0844 7944        MMCSS - ok

13:59:12.0864 7944        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:59:12.0914 7944        Modem - ok

13:59:12.0974 7944        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:59:13.0004 7944        monitor - ok

13:59:13.0064 7944        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:59:13.0074 7944        mouclass - ok

13:59:13.0074 7944        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:59:13.0114 7944        mouhid - ok

13:59:13.0144 7944        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:59:13.0154 7944        mountmgr - ok

13:59:13.0194 7944        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:59:13.0204 7944        mpio - ok

13:59:13.0244 7944        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:59:13.0304 7944        mpsdrv - ok

13:59:13.0394 7944        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:59:13.0464 7944        MpsSvc - ok

13:59:13.0514 7944        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:59:13.0544 7944        MRxDAV - ok

13:59:13.0614 7944        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:59:13.0644 7944        mrxsmb - ok

13:59:13.0724 7944        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:59:13.0754 7944        mrxsmb10 - ok

13:59:13.0814 7944        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:59:13.0824 7944        mrxsmb20 - ok

13:59:13.0824 7944        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:59:13.0844 7944        msahci - ok

13:59:13.0874 7944        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:59:13.0884 7944        msdsm - ok

13:59:13.0914 7944        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:59:13.0954 7944        MSDTC - ok

13:59:13.0994 7944        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:59:14.0034 7944        Msfs - ok

13:59:14.0044 7944        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:59:14.0104 7944        mshidkmdf - ok

13:59:14.0124 7944        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:59:14.0134 7944        msisadrv - ok

13:59:14.0164 7944        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:59:14.0224 7944        MSiSCSI - ok

13:59:14.0224 7944        msiserver - ok

13:59:14.0234 7944        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:59:14.0284 7944        MSKSSRV - ok

13:59:14.0324 7944        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:59:14.0374 7944        MSPCLOCK - ok

13:59:14.0374 7944        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:59:14.0424 7944        MSPQM - ok

13:59:14.0484 7944        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:59:14.0504 7944        MsRPC - ok

13:59:14.0554 7944        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:59:14.0564 7944        mssmbios - ok

13:59:14.0574 7944        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:59:14.0634 7944        MSTEE - ok

13:59:14.0654 7944        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:59:14.0684 7944        MTConfig - ok

13:59:14.0724 7944        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:59:14.0734 7944        Mup - ok

13:59:14.0804 7944        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:59:14.0864 7944        napagent - ok

13:59:14.0904 7944        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:59:14.0934 7944        NativeWifiP - ok

13:59:15.0044 7944        NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) c:\Program Files (x86)\Nero\Update\NASvc.exe

13:59:15.0054 7944        NAUpdate - ok

13:59:15.0154 7944        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:59:15.0184 7944        NDIS - ok

13:59:15.0214 7944        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:59:15.0274 7944        NdisCap - ok

13:59:15.0304 7944        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:59:15.0344 7944        NdisTapi - ok

13:59:15.0394 7944        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:59:15.0434 7944        Ndisuio - ok

13:59:15.0464 7944        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:59:15.0514 7944        NdisWan - ok

13:59:15.0554 7944        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:59:15.0614 7944        NDProxy - ok

13:59:15.0634 7944        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:59:15.0684 7944        NetBIOS - ok

13:59:15.0764 7944        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:59:15.0814 7944        NetBT - ok

13:59:15.0864 7944        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:15.0874 7944        Netlogon - ok

13:59:15.0924 7944        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:59:15.0984 7944        Netman - ok

13:59:16.0034 7944        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:59:16.0104 7944        netprofm - ok

13:59:16.0154 7944        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:59:16.0164 7944        NetTcpPortSharing - ok

13:59:16.0194 7944        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:59:16.0214 7944        nfrd960 - ok

13:59:16.0284 7944        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:59:16.0334 7944        NlaSvc - ok

13:59:16.0384 7944        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:59:16.0424 7944        Npfs - ok

13:59:16.0444 7944        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:59:16.0494 7944        nsi - ok

13:59:16.0504 7944        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:59:16.0564 7944        nsiproxy - ok

13:59:16.0704 7944        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:59:16.0774 7944        Ntfs - ok

13:59:16.0864 7944        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:59:16.0924 7944        Null - ok

13:59:16.0954 7944        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:59:16.0974 7944        nvraid - ok

13:59:17.0004 7944        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:59:17.0014 7944        nvstor - ok

13:59:17.0054 7944        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:59:17.0064 7944        nv_agp - ok

13:59:17.0104 7944        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:59:17.0124 7944        ohci1394 - ok

13:59:17.0204 7944        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:59:17.0214 7944        ose - ok

13:59:17.0574 7944        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:59:17.0694 7944        osppsvc - ok

13:59:17.0794 7944        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:59:17.0844 7944        p2pimsvc - ok

13:59:17.0884 7944        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:59:17.0914 7944        p2psvc - ok

13:59:17.0964 7944        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:59:17.0974 7944        Parport - ok

13:59:18.0014 7944        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:59:18.0024 7944        partmgr - ok

13:59:18.0074 7944        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:59:18.0114 7944        PcaSvc - ok

13:59:18.0174 7944        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:59:18.0194 7944        pci - ok

13:59:18.0194 7944        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:59:18.0204 7944        pciide - ok

13:59:18.0244 7944        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:59:18.0254 7944        pcmcia - ok

13:59:18.0264 7944        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:59:18.0274 7944        pcw - ok

13:59:18.0334 7944        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:59:18.0404 7944        PEAUTH - ok

13:59:18.0484 7944        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:59:18.0514 7944        PerfHost - ok

13:59:18.0584 7944        PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys

13:59:18.0594 7944        PGEffect - ok

13:59:18.0724 7944        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:59:18.0804 7944        pla - ok

13:59:18.0844 7944        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:59:18.0864 7944        PlugPlay - ok

13:59:18.0884 7944        PnkBstrA - ok

13:59:18.0914 7944        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:59:18.0944 7944        PNRPAutoReg - ok

13:59:18.0974 7944        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:59:18.0994 7944        PNRPsvc - ok

13:59:19.0064 7944        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:59:19.0134 7944        PolicyAgent - ok

13:59:19.0174 7944        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:59:19.0224 7944        Power - ok

13:59:19.0294 7944        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:59:19.0354 7944        PptpMiniport - ok

13:59:19.0394 7944        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:59:19.0414 7944        Processor - ok

13:59:19.0454 7944        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

13:59:19.0484 7944        ProfSvc - ok

13:59:19.0514 7944        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:19.0534 7944        ProtectedStorage - ok

13:59:19.0584 7944        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:59:19.0644 7944        Psched - ok

13:59:19.0764 7944        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:59:19.0804 7944        ql2300 - ok

13:59:19.0924 7944        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:59:19.0934 7944        ql40xx - ok

13:59:19.0974 7944        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:59:20.0014 7944        QWAVE - ok

13:59:20.0024 7944        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:59:20.0064 7944        QWAVEdrv - ok

13:59:20.0084 7944        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:59:20.0144 7944        RasAcd - ok

13:59:20.0184 7944        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:59:20.0234 7944        RasAgileVpn - ok

13:59:20.0254 7944        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:59:20.0304 7944        RasAuto - ok

13:59:20.0324 7944        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:59:20.0384 7944        Rasl2tp - ok

13:59:20.0434 7944        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:59:20.0494 7944        RasMan - ok

13:59:20.0504 7944        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:59:20.0544 7944        RasPppoe - ok

13:59:20.0564 7944        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:59:20.0614 7944        RasSstp - ok

13:59:20.0724 7944        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:59:20.0784 7944        rdbss - ok

13:59:20.0804 7944        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:59:20.0834 7944        rdpbus - ok

13:59:20.0864 7944        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:59:20.0914 7944        RDPCDD - ok

13:59:20.0934 7944        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:59:20.0994 7944        RDPENCDD - ok

13:59:21.0014 7944        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:59:21.0054 7944        RDPREFMP - ok

13:59:21.0104 7944        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

13:59:21.0134 7944        RDPWD - ok

13:59:21.0184 7944        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:59:21.0194 7944        rdyboost - ok

13:59:21.0224 7944        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:59:21.0274 7944        RemoteAccess - ok

13:59:21.0304 7944        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:59:21.0364 7944        RemoteRegistry - ok

13:59:21.0384 7944        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:59:21.0434 7944        RpcEptMapper - ok

13:59:21.0454 7944        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:59:21.0484 7944        RpcLocator - ok

13:59:21.0544 7944        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:59:21.0594 7944        RpcSs - ok

13:59:21.0634 7944        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:59:21.0694 7944        rspndr - ok

13:59:21.0744 7944        RSUSBSTOR       (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys

13:59:21.0754 7944        RSUSBSTOR - ok

13:59:21.0794 7944        RTL8167         (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:59:21.0804 7944        RTL8167 - ok

13:59:21.0954 7944        rtl8192se       (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys

13:59:21.0994 7944        rtl8192se - ok

13:59:22.0034 7944        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:22.0044 7944        SamSs - ok

13:59:22.0084 7944        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:59:22.0094 7944        sbp2port - ok

13:59:22.0134 7944        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:59:22.0184 7944        SCardSvr - ok

13:59:22.0224 7944        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:59:22.0274 7944        scfilter - ok

13:59:22.0374 7944        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:59:22.0444 7944        Schedule - ok

13:59:22.0484 7944        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:59:22.0524 7944        SCPolicySvc - ok

13:59:22.0534 7944        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:59:22.0584 7944        SDRSVC - ok

13:59:22.0634 7944        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:59:22.0694 7944        secdrv - ok

13:59:22.0734 7944        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:59:22.0784 7944        seclogon - ok

13:59:22.0814 7944        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:59:22.0874 7944        SENS - ok

13:59:22.0904 7944        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:59:22.0924 7944        SensrSvc - ok

13:59:22.0944 7944        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:59:22.0964 7944        Serenum - ok

13:59:22.0994 7944        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:59:23.0024 7944        Serial - ok

13:59:23.0064 7944        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:59:23.0074 7944        sermouse - ok

13:59:23.0124 7944        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:59:23.0184 7944        SessionEnv - ok

13:59:23.0194 7944        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:59:23.0224 7944        sffdisk - ok

13:59:23.0244 7944        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:59:23.0274 7944        sffp_mmc - ok

13:59:23.0294 7944        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:59:23.0334 7944        sffp_sd - ok

13:59:23.0374 7944        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:59:23.0404 7944        sfloppy - ok

13:59:23.0504 7944        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

13:59:23.0534 7944        Sftfs - ok

13:59:23.0664 7944        sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

13:59:23.0684 7944        sftlist - ok

13:59:23.0714 7944        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

13:59:23.0724 7944        Sftplay - ok

13:59:23.0764 7944        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

13:59:23.0764 7944        Sftredir - ok

13:59:23.0804 7944        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

13:59:23.0814 7944        Sftvol - ok

13:59:23.0864 7944        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

13:59:23.0874 7944        sftvsa - ok

13:59:23.0944 7944        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:59:24.0004 7944        SharedAccess - ok

13:59:24.0054 7944        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:59:24.0114 7944        ShellHWDetection - ok

13:59:24.0144 7944        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:59:24.0154 7944        SiSRaid2 - ok

13:59:24.0184 7944        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:59:24.0194 7944        SiSRaid4 - ok

13:59:24.0234 7944        SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

13:59:24.0254 7944        SkypeUpdate - ok

13:59:24.0274 7944        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:59:24.0324 7944        Smb - ok

13:59:24.0364 7944        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:59:24.0384 7944        SNMPTRAP - ok

13:59:24.0414 7944        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:59:24.0424 7944        spldr - ok

13:59:24.0494 7944        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:59:24.0544 7944        Spooler - ok

13:59:24.0804 7944        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:59:24.0914 7944        sppsvc - ok

13:59:25.0034 7944        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:59:25.0084 7944        sppuinotify - ok

13:59:25.0154 7944        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:59:25.0184 7944        srv - ok

13:59:25.0254 7944        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:59:25.0284 7944        srv2 - ok

13:59:25.0324 7944        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:59:25.0364 7944        srvnet - ok

13:59:25.0394 7944        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:59:25.0444 7944        SSDPSRV - ok

13:59:25.0464 7944        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:59:25.0504 7944        SstpSvc - ok

13:59:25.0534 7944        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:59:25.0544 7944        stexstor - ok

13:59:25.0634 7944        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:59:25.0674 7944        stisvc - ok

13:59:25.0714 7944        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:59:25.0724 7944        swenum - ok

13:59:25.0794 7944        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:59:25.0844 7944        swprv - ok

13:59:25.0894 7944        SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys

13:59:25.0914 7944        SynTP - ok

13:59:26.0064 7944        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:59:26.0134 7944        SysMain - ok

13:59:26.0234 7944        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:59:26.0264 7944        TabletInputService - ok

13:59:26.0284 7944        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:59:26.0344 7944        TapiSrv - ok

13:59:26.0374 7944        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:59:26.0444 7944        TBS - ok

13:59:26.0604 7944        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:59:26.0654 7944        Tcpip - ok

13:59:26.0894 7944        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:59:26.0934 7944        TCPIP6 - ok

13:59:27.0084 7944        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:59:27.0154 7944        tcpipreg - ok

13:59:27.0204 7944        tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

13:59:27.0214 7944        tdcmdpst - ok

13:59:27.0244 7944        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:59:27.0274 7944        TDPIPE - ok

13:59:27.0314 7944        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:59:27.0334 7944        TDTCP - ok

13:59:27.0374 7944        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:59:27.0434 7944        tdx - ok

13:59:27.0524 7944        TemproMonitoringService (40e154b3125e17ce6f2afad57afcfeb2) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

13:59:27.0534 7944        TemproMonitoringService - ok

13:59:27.0584 7944        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:59:27.0604 7944        TermDD - ok

13:59:27.0684 7944        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:59:27.0754 7944        TermService - ok

13:59:27.0784 7944        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:59:27.0804 7944        Themes - ok

13:59:27.0834 7944        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:59:27.0874 7944        THREADORDER - ok

13:59:27.0974 7944        TMachInfo       (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

13:59:27.0984 7944        TMachInfo - ok

13:59:28.0024 7944        TODDSrv         (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

13:59:28.0034 7944        TODDSrv - ok

13:59:28.0144 7944        TosCoSrv        (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

13:59:28.0164 7944        TosCoSrv - ok

13:59:28.0214 7944        TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe

13:59:28.0234 7944        TOSHIBA eco Utility Service - ok

13:59:28.0284 7944        TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

13:59:28.0294 7944        TOSHIBA HDD SSD Alert Service - ok

13:59:28.0374 7944        TPCHSrv         (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

13:59:28.0404 7944        TPCHSrv - ok

13:59:28.0494 7944        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:59:28.0564 7944        TrkWks - ok

13:59:28.0636 7944        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:59:28.0686 7944        TrustedInstaller - ok

13:59:28.0776 7944        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:59:28.0826 7944        tssecsrv - ok

13:59:28.0896 7944        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:59:28.0946 7944        TsUsbFlt - ok

13:59:29.0166 7944        TuneUp.UtilitiesSvc (ee1bd87c9f470945d41f54585dbc989a) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

13:59:29.0216 7944        TuneUp.UtilitiesSvc - ok

13:59:29.0296 7944        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

13:59:29.0306 7944        TuneUpUtilitiesDrv - ok

13:59:29.0416 7944        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:59:29.0476 7944        tunnel - ok

13:59:29.0526 7944        TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

13:59:29.0536 7944        TVALZ - ok

13:59:29.0576 7944        TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys

13:59:29.0586 7944        TVALZFL - ok

13:59:29.0606 7944        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:59:29.0616 7944        uagp35 - ok

13:59:29.0666 7944        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:59:29.0736 7944        udfs - ok

13:59:29.0756 7944        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:59:29.0776 7944        UI0Detect - ok

13:59:29.0816 7944        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:59:29.0836 7944        uliagpkx - ok

13:59:29.0856 7944        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:59:29.0866 7944        umbus - ok

13:59:29.0896 7944        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:59:29.0926 7944        UmPass - ok

13:59:30.0146 7944        UNS             (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

13:59:30.0186 7944        UNS - ok

13:59:30.0316 7944        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:59:30.0376 7944        upnphost - ok

13:59:30.0446 7944        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

13:59:30.0476 7944        usbaudio - ok

13:59:30.0506 7944        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:59:30.0526 7944        usbccgp - ok

13:59:30.0566 7944        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:59:30.0586 7944        usbcir - ok

13:59:30.0626 7944        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

13:59:30.0656 7944        usbehci - ok

13:59:30.0696 7944        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:59:30.0726 7944        usbhub - ok

13:59:30.0756 7944        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

13:59:30.0786 7944        usbohci - ok

13:59:30.0806 7944        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:59:30.0836 7944        usbprint - ok

13:59:30.0876 7944        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

13:59:30.0886 7944        usbscan - ok

13:59:30.0936 7944        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:59:30.0976 7944        USBSTOR - ok

13:59:31.0006 7944        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:59:31.0036 7944        usbuhci - ok

13:59:31.0076 7944        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

13:59:31.0106 7944        usbvideo - ok

13:59:31.0146 7944        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:59:31.0206 7944        UxSms - ok

13:59:31.0236 7944        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:59:31.0256 7944        VaultSvc - ok

13:59:31.0266 7944        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:59:31.0276 7944        vdrvroot - ok

13:59:31.0356 7944        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:59:31.0406 7944        vds - ok

13:59:31.0426 7944        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:59:31.0446 7944        vga - ok

13:59:31.0466 7944        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:59:31.0526 7944        VgaSave - ok

13:59:31.0566 7944        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:59:31.0576 7944        vhdmp - ok

13:59:31.0596 7944        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:59:31.0606 7944        viaide - ok

13:59:31.0616 7944        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:59:31.0636 7944        volmgr - ok

13:59:31.0676 7944        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:59:31.0696 7944        volmgrx - ok

13:59:31.0716 7944        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:59:31.0736 7944        volsnap - ok

13:59:31.0766 7944        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:59:31.0786 7944        vsmraid - ok

13:59:31.0916 7944        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:59:31.0996 7944        VSS - ok

13:59:32.0116 7944        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:59:32.0146 7944        vwifibus - ok

13:59:32.0176 7944        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:59:32.0196 7944        vwififlt - ok

13:59:32.0206 7944        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:59:32.0226 7944        vwifimp - ok

13:59:32.0276 7944        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:59:32.0326 7944        W32Time - ok

13:59:32.0336 7944        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:59:32.0366 7944        WacomPen - ok

13:59:32.0386 7944        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:59:32.0436 7944        WANARP - ok

13:59:32.0446 7944        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:59:32.0488 7944        Wanarpv6 - ok

13:59:32.0578 7944        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:59:32.0629 7944        wbengine - ok

13:59:32.0710 7944        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:59:32.0740 7944        WbioSrvc - ok

13:59:32.0790 7944        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:59:32.0830 7944        wcncsvc - ok

13:59:32.0850 7944        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:59:32.0870 7944        WcsPlugInService - ok

13:59:32.0910 7944        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:59:32.0920 7944        Wd - ok

13:59:32.0980 7944        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:59:33.0000 7944        Wdf01000 - ok

13:59:33.0040 7944        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:59:33.0120 7944        WdiServiceHost - ok

13:59:33.0120 7944        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:59:33.0150 7944        WdiSystemHost - ok

13:59:33.0210 7944        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:59:33.0250 7944        WebClient - ok

13:59:33.0300 7944        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:59:33.0360 7944        Wecsvc - ok

13:59:33.0380 7944        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:59:33.0430 7944        wercplsupport - ok

13:59:33.0450 7944        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:59:33.0510 7944        WerSvc - ok

13:59:33.0580 7944        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:59:33.0620 7944        WfpLwf - ok

13:59:33.0640 7944        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:59:33.0660 7944        WIMMount - ok

13:59:33.0700 7944        WinDefend - ok

13:59:33.0700 7944        WinHttpAutoProxySvc - ok

13:59:33.0760 7944        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:59:33.0820 7944        Winmgmt - ok

13:59:34.0000 7944        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:59:34.0070 7944        WinRM - ok

13:59:34.0240 7944        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:59:34.0270 7944        WinUsb - ok

13:59:34.0370 7944        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:59:34.0420 7944        Wlansvc - ok

13:59:34.0490 7944        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:59:34.0500 7944        wlcrasvc - ok

13:59:34.0670 7944        wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:59:34.0730 7944        wlidsvc - ok

13:59:34.0870 7944        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:59:34.0900 7944        WmiAcpi - ok

13:59:34.0950 7944        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:59:34.0990 7944        wmiApSrv - ok

13:59:35.0030 7944        WMPNetworkSvc - ok

13:59:35.0070 7944        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:59:35.0090 7944        WPCSvc - ok

13:59:35.0140 7944        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:59:35.0180 7944        WPDBusEnum - ok

13:59:35.0200 7944        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:59:35.0240 7944        ws2ifsl - ok

13:59:35.0270 7944        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

13:59:35.0300 7944        wscsvc - ok

13:59:35.0310 7944        WSearch - ok

13:59:35.0510 7944        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

13:59:35.0610 7944        wuauserv - ok

13:59:35.0742 7944        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:59:35.0802 7944        WudfPf - ok

13:59:35.0832 7944        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:59:35.0892 7944        WUDFRd - ok

13:59:35.0922 7944        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:59:35.0962 7944        wudfsvc - ok

13:59:36.0002 7944        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:59:36.0032 7944        WwanSvc - ok

13:59:36.0072 7944        xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys

13:59:36.0082 7944        xusb21 - ok

13:59:36.0122 7944        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:59:36.0452 7944        \Device\Harddisk0\DR0 - ok

13:59:36.0482 7944        Boot (0x1200)   (5d09eac8a3124a0737d3fd080ea17ab3) \Device\Harddisk0\DR0\Partition0

13:59:36.0482 7944        \Device\Harddisk0\DR0\Partition0 - ok

13:59:36.0502 7944        Boot (0x1200)   (b91d3ce67c045843b5d3de6686d05578) \Device\Harddisk0\DR0\Partition1

13:59:36.0502 7944        \Device\Harddisk0\DR0\Partition1 - ok

13:59:36.0502 7944        ============================================================

13:59:36.0502 7944        Scan finished

13:59:36.0502 7944        ============================================================

13:59:36.0512 7940        Detected object count: 1

13:59:36.0512 7940        Actual detected object count: 1

14:09:14.0520 7940        Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user

14:09:14.0520 7940        Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Erledigt! Ich hab bei allen nur den Echtzeit Scanner bei Avira deaktiviert, wie ich Avira komplett schliese, weis ich nicht, über den Task Manager geht es auch ni..

Code:

ComboFix 12-06-19.01 - Philipp 19.06.2012  20:14:04.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3891.2707 [GMT 2:00]

ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Philipp\AppData\Roaming\Taavc

c:\users\Philipp\AppData\Roaming\Taavc\elzig.kue

c:\users\Philipp\FreeVideoToDVDConverter.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-19 bis 2012-06-19  ))))))))))))))))))))))))))))))

.

.

2012-06-18 21:12 . 2012-06-18 21:12        --------        d-----w-        C:\_OTL

2012-06-18 15:32 . 2012-06-18 15:32        --------        d-----w-        c:\program files (x86)\Koyote Soft Toolbar

2012-06-18 11:23 . 2012-06-18 11:23        --------        d-----w-        c:\program files (x86)\ESET

2012-06-14 09:58 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-06-14 09:58 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-06-14 09:58 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-06-14 09:58 . 2012-05-15 01:32        3146752        ----a-w-        c:\windows\system32\win32k.sys

2012-06-14 09:58 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-06-14 09:58 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 09:58 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 09:57 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll

2012-06-14 09:57 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-06-14 09:57 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll

2012-06-14 09:57 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll

2012-06-14 09:57 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2012-06-14 09:57 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll

2012-06-14 09:57 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll

2012-06-14 09:57 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2012-06-14 09:57 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll

2012-06-14 09:57 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2012-06-13 12:17 . 2012-06-13 12:17        --------        d-----w-        c:\users\Philipp\AppData\Roaming\Malwarebytes

2012-06-13 12:17 . 2012-06-13 12:17        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-13 12:17 . 2012-06-13 12:17        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-13 12:17 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-13 12:07 . 2012-06-13 12:07        --------        d-----w-        c:\programdata\Babylon

2012-06-07 12:48 . 2012-06-07 12:48        --------        d-----w-        c:\users\Philipp\AppData\Local\PDF24

2012-06-07 12:48 . 2012-06-07 12:48        --------        d-----w-        c:\program files (x86)\PDF24

2012-06-06 16:15 . 2012-06-06 16:15        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-22 16:47 . 2012-05-25 08:27        --------        d-----w-        c:\program files (x86)\Microsoft Works

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-18 16:29 . 2012-04-05 19:56        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-18 16:29 . 2011-05-22 11:16        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-08 13:50 . 2011-10-17 07:48        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-08 13:50 . 2011-10-17 07:48        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-05 10:34 . 2012-05-06 16:53        34624        ----a-w-        c:\windows\system32\TURegOpt.exe

2012-04-05 10:34 . 2012-05-06 16:53        25920        ----a-w-        c:\windows\system32\authuitu.dll

2012-04-05 10:34 . 2012-05-06 16:53        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll

2012-03-30 11:35 . 2012-05-10 15:15        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257224]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-11-10 74752]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-09 410648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-09 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-09 391192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.de/

mStart Page = 

mLocal Page = 

IE: Free YouTube Download - c:\users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.178.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)

AddRemove-Minecraft Cracked - c:\users\Philipp\AppData\Roaming\.minecraft\Uninstall.exe

AddRemove-PunkBusterSvc - c:\users\Philipp\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2492271374-2314830708-1809786144-1001\Software\SecuROM\License information*]

"datasecu"=hex:a7,02,56,39,c5,67,59,a7,01,e5,03,f6,f1,ff,17,e5,27,57,a7,c0,09,

   06,ca,0e,8d,5c,3c,4e,24,94,2c,c9,6f,60,c3,e1,71,35,97,44,55,8e,aa,10,03,7d,\

"rkeysecu"=hex:30,74,bf,48,60,29,0c,5c,74,41,09,d4,fd,17,77,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-19  20:27:38 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-19 18:27

.

Vor Suchlauf: 13 Verzeichnis(se), 30.277.656.576 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 30.132.920.320 Bytes frei

.

- - End Of File - - DFD9CC416B76A4A7F329FCA9523190F3

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo Arne, ich hatte letzte Woche meinen Fokus auf meine Abi-Prüfungen gelegt daher konnte ich leider nicht mehr Posten.

Bei GMER kam diese Meldung während des Scan´s:
"Has´nt found system modification"
es wurde bis dahin in der liste nichts angezeigt!

- was ich noch anmerken wollte ich habe seit einiger Zeit eine TuneUp Testversion auf meinem PC die abgelaufen, allerdings lässt sich diese nicht deinstallieren und auch als Hintergrundprogramm nicht schliesen. Hab es aber aufjedenfall von einer sicheren Seit geladen.

- außerdem habe ich das Gefühl das mein PC-Lüfter manchmal unerwartet laut wird bzw. die cpu ziemlich hoch ist.

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:00:47 on 02.07.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights 10" - "Nero AG" - c:\Program Files (x86)\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys

"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys

"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys

"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -   (File not found | COM-object registry key not found)

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll

{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - c:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)

<binary data> "{C424171E-592A-415A-9EB1-DFD6D95D3530}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

"PokerStars" - "PokerStars" - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

{F3C88694-EFFA-4d78-B409-54B7B2535B14} "TOSHIBA Media Controller Plug-in" - "<TOSHIBA>" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - c:\Program Files (x86)\Nero\Update\NASvc.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

"ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

"Freemake Improver" (Freemake Improver) - "Freemake" - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe

"TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

"TOSHIBA eco Utility Service" (TOSHIBA eco Utility Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TECO\TecoService.exe

"TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe

"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

"TPCH Service" (TPCHSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-02 12:03:15

-----------------------------

12:03:15.981    OS Version: Windows x64 6.1.7601 Service Pack 1

12:03:15.981    Number of processors: 2 586 0x2505

12:03:15.981    ComputerName: HUBI  UserName: 

12:03:16.776    Initialize success

12:05:11.390    AVAST engine defs: 12070200

12:05:35.289    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

12:05:35.289    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3

12:05:35.289    Disk 0 MBR read successfully

12:05:35.305    Disk 0 MBR scan

12:05:35.305    Disk 0 Windows 7 default MBR code

12:05:35.321    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048

12:05:35.336    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152622 MB offset 821248

12:05:35.367    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152222 MB offset 313391104

12:05:35.399    Disk 0 scanning C:\Windows\system32\drivers

12:05:45.757    Service scanning

12:06:15.459    Modules scanning

12:06:15.459    Disk 0 trace - called modules:

12:06:15.491    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

12:06:15.491    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068af280]

12:06:15.491    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049dd050]

12:06:16.130    AVAST engine scan C:\Windows

12:06:18.767    AVAST engine scan C:\Windows\system32

12:09:06.498    AVAST engine scan C:\Windows\system32\drivers

12:09:18.729    AVAST engine scan C:\Users\Philipp

12:10:05.903    File: C:\Users\Philipp\AppData\Local\Temp\er_00_0_l.exe  **INFECTED** Win32:Reveton-BR [Trj]

12:16:44.515    AVAST engine scan C:\ProgramData

12:18:03.591    Scan finished successfully

12:19:01.967    Disk 0 MBR has been saved successfully to "C:\Users\Philipp\Downloads\MBR.dat"

12:19:01.967    The log file has been saved successfully to "C:\Users\Philipp\Downloads\aswMBR.txt"

Code:

C:\Users\Philipp\AppData\Local\Temp\er_00_0_l.exe

Wo kommt diese Datei denn her? :wtf:
Bitte bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Lösch die Datei mal bitte, starte Windows neu und mach ein neues Log mit aswMBR

Erledigt!

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-03 18:52:29

-----------------------------

18:52:29.946    OS Version: Windows x64 6.1.7601 Service Pack 1

18:52:29.946    Number of processors: 2 586 0x2505

18:52:29.946    ComputerName: HUBI  UserName: 

18:52:32.660    Initialize success

18:52:41.146    AVAST engine defs: 12070200

18:52:47.215    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:52:47.215    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3

18:52:47.230    Disk 0 MBR read successfully

18:52:47.230    Disk 0 MBR scan

18:52:47.230    Disk 0 Windows 7 default MBR code

18:52:47.246    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048

18:52:47.262    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152622 MB offset 821248

18:52:47.277    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152222 MB offset 313391104

18:52:47.308    Disk 0 scanning C:\Windows\system32\drivers

18:52:57.776    Service scanning

18:53:27.135    Modules scanning

18:53:27.135    Disk 0 trace - called modules:

18:53:27.166    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

18:53:27.666    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068ca060]

18:53:27.666    3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a4050]

18:53:28.368    AVAST engine scan C:\Windows

18:53:31.020    AVAST engine scan C:\Windows\system32

18:56:16.255    AVAST engine scan C:\Windows\system32\drivers

18:56:28.158    AVAST engine scan C:\Users\Philipp

19:03:53.726    AVAST engine scan C:\ProgramData

19:05:04.956    Scan finished successfully

19:06:08.448    Disk 0 MBR has been saved successfully to "C:\Users\Philipp\Downloads\MBR.dat"

19:06:08.448    The log file has been saved successfully to "C:\Users\Philipp\Downloads\aswMBR2.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Sorry das es wieder etwas länger gedauert hat!

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/11/2012 at 06:23 PM
 

Application Version : 5.5.1006
 

Core Rules Database Version : 8882

Trace Rules Database Version: 6694
 

Scan type       : Complete Scan

Total Scan Time : 01:45:01
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 613

Memory threats detected   : 0

Registry items scanned    : 68931

Registry threats detected : 0

File items scanned        : 153278

File threats detected     : 88
 

Adware.Tracking Cookie

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\5ZQY7HHP.txt [ /tradedoubler.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\77XL1R0H.txt [ /serving-sys.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\1HQYPW43.txt [ /tubepornstars.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\D1K3YNQH.txt [ /tracking.quisma.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\UB2LRLLQ.txt [ /apmebf.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\MMXTKDIP.txt [ /mediaplex.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\F2G15HSJ.txt [ /zanox.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\XKEX4D62.txt [ /adfarm1.adition.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\7AJ0NT4J.txt [ /adform.net ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\Z5PIVUM4.txt [ /atrack.allposters.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\JLZ0WVVU.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\QE2QZF71.txt [ /ad4.adfarm1.adition.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\LEUNOFV0.txt [ /doubleclick.net ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\IY80KCTI.txt [ /smartadserver.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\EUTZPTP4.txt [ /atdmt.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\UPH9MIUZ.txt [ /xiti.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\20U1J6N0.txt [ /server.adform.net ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\BP0GLPJF.txt [ /ad3.adfarm1.adition.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\18JNZ1RS.txt [ /dynamocounter.de ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\IZ3DUTE3.txt [ /adx.chip.de ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\JTIHQLK9.txt [ /ww251.smartadserver.com ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\7QIGBKI7.txt [ /traffictrack.de ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\1THGXJ2C.txt [ /adtech.de ]

        C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Cookies\AEXHPG46.txt [ /webmasterplan.com ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\philipp@www.google[2].txt [ Cookie:philipp@www.google.de/accounts ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\ESHDMR01.txt [ Cookie:philipp@www.ars24.com/Multimedia-2/Kenwood/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\K0XW3YS0.txt [ Cookie:philipp@ads2.bartime.de/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\philipp@macromedia-fachhochschule[2].txt [ Cookie:philipp@macromedia-fachhochschule.de/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\philipp@alpenrouten[1].txt [ Cookie:philipp@alpenrouten.de/stats/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\philipp@tracking.hrs[1].txt [ Cookie:philipp@tracking.hrs.de/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Y7ABGZA.txt [ Cookie:philipp@dynamocounter.de/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\philipp@porn.drei[1].txt [ Cookie:philipp@porn.drei.to/ ]

        C:\USERS\PHILIPP\AppData\Roaming\Microsoft\Windows\Cookies\Low\THEDI9H1.txt [ Cookie:philipp@tubepornstars.com/ ]

        C:\USERS\PHILIPP\Cookies\77XL1R0H.txt [ Cookie:philipp@serving-sys.com/ ]

        C:\USERS\PHILIPP\Cookies\1HQYPW43.txt [ Cookie:philipp@tubepornstars.com/ ]

        C:\USERS\PHILIPP\Cookies\D1K3YNQH.txt [ Cookie:philipp@tracking.quisma.com/ ]

        C:\USERS\PHILIPP\Cookies\UB2LRLLQ.txt [ Cookie:philipp@apmebf.com/ ]

        C:\USERS\PHILIPP\Cookies\MMXTKDIP.txt [ Cookie:philipp@mediaplex.com/ ]

        C:\USERS\PHILIPP\Cookies\F2G15HSJ.txt [ Cookie:philipp@zanox.com/ ]

        C:\USERS\PHILIPP\Cookies\7AJ0NT4J.txt [ Cookie:philipp@adform.net/ ]

        C:\USERS\PHILIPP\Cookies\Z5PIVUM4.txt [ Cookie:philipp@atrack.allposters.com/ ]

        C:\USERS\PHILIPP\Cookies\QE2QZF71.txt [ Cookie:philipp@ad4.adfarm1.adition.com/ ]

        C:\USERS\PHILIPP\Cookies\IY80KCTI.txt [ Cookie:philipp@smartadserver.com/ ]

        C:\USERS\PHILIPP\Cookies\EUTZPTP4.txt [ Cookie:philipp@atdmt.com/ ]

        C:\USERS\PHILIPP\Cookies\UPH9MIUZ.txt [ Cookie:philipp@xiti.com/ ]

        C:\USERS\PHILIPP\Cookies\20U1J6N0.txt [ Cookie:philipp@server.adform.net/ ]

        C:\USERS\PHILIPP\Cookies\BP0GLPJF.txt [ Cookie:philipp@ad3.adfarm1.adition.com/ ]

        C:\USERS\PHILIPP\Cookies\18JNZ1RS.txt [ Cookie:philipp@dynamocounter.de/ ]

        C:\USERS\PHILIPP\Cookies\IZ3DUTE3.txt [ Cookie:philipp@adx.chip.de/ ]

        C:\USERS\PHILIPP\Cookies\JTIHQLK9.txt [ Cookie:philipp@ww251.smartadserver.com/ ]

        C:\USERS\PHILIPP\Cookies\7QIGBKI7.txt [ Cookie:philipp@traffictrack.de/ ]

        C:\USERS\PHILIPP\Cookies\1THGXJ2C.txt [ Cookie:philipp@adtech.de/ ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADX.CHIP[1].TXT [ /ADX.CHIP ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@APMEBF[2].TXT [ /APMEBF ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ZANOX[2].TXT [ /ZANOX ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD.ZANOX[1].TXT [ /AD.ZANOX ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]

        C:\SANDBOX\PHILIPP\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@APMEBF[1].TXT [ /APMEBF ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@OMS.122.2O7[1].TXT [ /OMS.122.2O7 ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD.ZANOX[1].TXT [ /AD.ZANOX ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@SERVING-SYS[1].TXT [ /SERVING-SYS ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ATDMT[1].TXT [ /ATDMT ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADS.DYNAMO-DRESDEN[2].TXT [ /ADS.DYNAMO-DRESDEN ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ATDMT[2].TXT [ /ATDMT ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ZANOX[1].TXT [ /ZANOX ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADSERVER[1].TXT [ /ADSERVER ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]

        C:\USERS\PHILIPP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PHILIPP@ADS.LIVETV[1].TXT [ /ADS.LIVETV ]

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.05.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Philipp :: HUBI [Administrator]
 

Schutz: Aktiviert
 

05.07.2012 14:37:41

mbam-log-2012-07-05 (14-37-41).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 362045

Laufzeit: 52 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ok ich danke Dir!

Naja meine Dateien sind nach wie vor verschlüsselt und nicht zu öffnen.

Avira hatte mir vor einiger Zeit mal noch diese gemeldet, ich weis aber nicht ob die jetzt noch relevant sind. Das Datum steht immer oben, im Bericht.

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012  12:41
 

Es wird nach 3840797 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : HUBI
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 13:50:37

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 13:50:37

LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 13:50:38

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 13:50:38

AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 13:50:10

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:08:13

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:39:02

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:33:51

VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 13:18:29

VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 13:18:29

VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 13:18:29

VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 13:18:29

VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 13:18:29

VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 13:18:30

VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 13:18:30

VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 13:18:30

VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 13:18:30

VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 17:01:12

VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 19:09:44

VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 13:38:16

VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 06:00:39

VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 16:30:45

VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 17:04:24

VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 17:04:44

VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 20:19:06

VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 08:52:17

VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 13:11:14

VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 07:37:46

VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 13:11:23

VBASE026.VDF   : 7.11.32.251   119296 Bytes  14.06.2012 14:54:28

VBASE027.VDF   : 7.11.32.252     2048 Bytes  14.06.2012 14:54:28

VBASE028.VDF   : 7.11.32.253     2048 Bytes  14.06.2012 14:54:28

VBASE029.VDF   : 7.11.32.254     2048 Bytes  14.06.2012 14:54:28

VBASE030.VDF   : 7.11.32.255     2048 Bytes  14.06.2012 14:54:28

VBASE031.VDF   : 7.11.33.24     52224 Bytes  15.06.2012 14:54:29

Engineversion  : 8.2.10.92 

AEVDF.DLL      : 8.1.2.8       106867 Bytes  01.06.2012 17:12:26

AESCRIPT.DLL   : 8.1.4.26      450939 Bytes  14.06.2012 14:58:02

AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 14:35:19

AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 14:58:09

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.18     807287 Bytes  14.06.2012 14:57:53

AEOFFICE.DLL   : 8.1.2.36      201082 Bytes  14.06.2012 14:57:35

AEHEUR.DLL     : 8.1.4.46     4923767 Bytes  14.06.2012 14:57:27

AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 13:50:06

AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 14:55:15

AEEXP.DLL      : 8.1.0.52       82293 Bytes  14.06.2012 14:58:09

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 17:04:54

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 13:50:37

AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 13:50:37

AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 13:50:38

AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 13:50:37

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 13:50:37

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 13:50:38

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 13:50:37

NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 13:50:38

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 13:50:37

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 13:50:37
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fdc5b6a\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Samstag, 16. Juni 2012  12:41
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TUAutoUpdateCheck.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSwMgr.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NDSTray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FreemakeUtilsService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ApplicationUpdater.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Temp\L.class'

C:\Users\Philipp\AppData\Local\Temp\L.class

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5590c942.qua' verschoben!

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Temp\V.class'

C:\Users\Philipp\AppData\Local\Temp\V.class

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d07e6e6.qua' verschoben!

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Temp\pkg_0ll.exe'

C:\Users\Philipp\AppData\Local\Temp\pkg_0ll.exe

  [FUND]      Ist das Trojanische Pferd TR/PSW.Zbot.2362

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f24bcc3.qua' verschoben!

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Temp\tempfiles.exe'

C:\Users\Philipp\AppData\Local\Temp\tempfiles.exe

  [FUND]      Ist das Trojanische Pferd TR/Dldr.Karagany.I.108

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7919f307.qua' verschoben!
 
 

Ende des Suchlaufs: Samstag, 16. Juni 2012  12:42

Benötigte Zeit: 01:10 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     26 Dateien wurden geprüft

      4 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      4 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     22 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      4 Hinweise

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012  12:41
 

Es wird nach 3840797 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : HUBI
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 13:50:37

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 13:50:37

LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 13:50:38

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 13:50:38

AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 13:50:10

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:08:13

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:39:02

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:33:51

VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 13:18:29

VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 13:18:29

VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 13:18:29

VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 13:18:29

VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 13:18:29

VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 13:18:30

VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 13:18:30

VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 13:18:30

VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 13:18:30

VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 17:01:12

VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 19:09:44

VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 13:38:16

VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 06:00:39

VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 16:30:45

VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 17:04:24

VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 17:04:44

VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 20:19:06

VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 08:52:17

VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 13:11:14

VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 07:37:46

VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 13:11:23

VBASE026.VDF   : 7.11.32.251   119296 Bytes  14.06.2012 14:54:28

VBASE027.VDF   : 7.11.32.252     2048 Bytes  14.06.2012 14:54:28

VBASE028.VDF   : 7.11.32.253     2048 Bytes  14.06.2012 14:54:28

VBASE029.VDF   : 7.11.32.254     2048 Bytes  14.06.2012 14:54:28

VBASE030.VDF   : 7.11.32.255     2048 Bytes  14.06.2012 14:54:28

VBASE031.VDF   : 7.11.33.24     52224 Bytes  15.06.2012 14:54:29

Engineversion  : 8.2.10.92 

AEVDF.DLL      : 8.1.2.8       106867 Bytes  01.06.2012 17:12:26

AESCRIPT.DLL   : 8.1.4.26      450939 Bytes  14.06.2012 14:58:02

AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 14:35:19

AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 14:58:09

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.18     807287 Bytes  14.06.2012 14:57:53

AEOFFICE.DLL   : 8.1.2.36      201082 Bytes  14.06.2012 14:57:35

AEHEUR.DLL     : 8.1.4.46     4923767 Bytes  14.06.2012 14:57:27

AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 13:50:06

AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 14:55:15

AEEXP.DLL      : 8.1.0.52       82293 Bytes  14.06.2012 14:58:09

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 17:04:54

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 13:50:37

AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 13:50:37

AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 13:50:38

AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 13:50:37

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 13:50:37

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 13:50:38

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 13:50:37

NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 13:50:38

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 13:50:37

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 13:50:37
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fdc5b6a\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Samstag, 16. Juni 2012  12:41
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TUAutoUpdateCheck.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSwMgr.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NDSTray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FreemakeUtilsService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ApplicationUpdater.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\23dba199-6a6e0459'

C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\23dba199-6a6e0459

  [FUND]      Ist das Trojanische Pferd TR/Dldr.Karagany.I.108

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '552fc8a5.qua' verschoben!

Beginne mit der Suche in 'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3615bfc4-4e478fd7'

C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3615bfc4-4e478fd7

  [FUND]      Ist das Trojanische Pferd TR/Graftor.29687

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4df5e71d.qua' verschoben!
 
 

Ende des Suchlaufs: Samstag, 16. Juni 2012  12:42

Benötigte Zeit: 01:06 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     24 Dateien wurden geprüft

      2 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      2 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     22 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      2 Hinweise

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Mittwoch, 13. Juni 2012  15:30
 

Es wird nach 3831985 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : HUBI
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 13:50:37

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 13:50:37

LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 13:50:38

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 13:50:38

AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 13:50:10

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:08:13

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:39:02

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:33:51

VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 13:18:29

VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 13:18:29

VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 13:18:29

VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 13:18:29

VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 13:18:29

VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 13:18:30

VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 13:18:30

VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 13:18:30

VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 13:18:30

VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 17:01:12

VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 19:09:44

VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 13:38:16

VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 06:00:39

VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 16:30:45

VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 17:04:24

VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 17:04:44

VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 20:19:06

VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 08:52:17

VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 13:11:14

VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 07:37:46

VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 13:11:23

VBASE026.VDF   : 7.11.32.172     2048 Bytes  12.06.2012 13:11:23

VBASE027.VDF   : 7.11.32.173     2048 Bytes  12.06.2012 13:11:23

VBASE028.VDF   : 7.11.32.174     2048 Bytes  12.06.2012 13:11:23

VBASE029.VDF   : 7.11.32.175     2048 Bytes  12.06.2012 13:11:23

VBASE030.VDF   : 7.11.32.176     2048 Bytes  12.06.2012 13:11:23

VBASE031.VDF   : 7.11.32.194    28672 Bytes  13.06.2012 13:11:23

Engineversion  : 8.2.10.80 

AEVDF.DLL      : 8.1.2.8       106867 Bytes  01.06.2012 17:12:26

AESCRIPT.DLL   : 8.1.4.24      450939 Bytes  31.05.2012 17:08:24

AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 14:35:19

AESBX.DLL      : 8.2.5.10      606580 Bytes  29.05.2012 17:07:43

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.16     807288 Bytes  29.05.2012 17:07:25

AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  26.04.2012 17:17:20

AEHEUR.DLL     : 8.1.4.36     4874615 Bytes  31.05.2012 17:06:16

AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 13:50:06

AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 17:17:13

AEEXP.DLL      : 8.1.0.44       82293 Bytes  29.05.2012 17:07:46

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 17:04:54

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 13:50:37

AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 13:50:37

AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 13:50:38

AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 13:50:37

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 13:50:37

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 13:50:38

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 13:50:37

NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 13:50:38

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 13:50:37

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 13:50:37
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd86b48\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Mittwoch, 13. Juni 2012  15:30
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSwMgr.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NDSTray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FreemakeUtilsService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ApplicationUpdater.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Roaming\Mwkcykwyy\6AF118F916EDDDE93341.exe'

C:\Users\Philipp\AppData\Roaming\Mwkcykwyy\6AF118F916EDDDE93341.exe

  [FUND]      Ist das Trojanische Pferd TR/Kazy.74951
 

Beginne mit der Desinfektion:

C:\Users\Philipp\AppData\Roaming\Mwkcykwyy\6AF118F916EDDDE93341.exe

  [FUND]      Ist das Trojanische Pferd TR/Kazy.74951

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55ee36bf.qua' verschoben!
 
 

Ende des Suchlaufs: Mittwoch, 13. Juni 2012  15:31

Benötigte Zeit: 00:00 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     21 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     20 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise
 
 

Die Suchergebnisse werden an den Guard übermittelt.

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Dienstag, 12. Juni 2012  10:35
 

Es wird nach 3818226 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Home Premium

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : HUBI
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00

AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 13:50:37

AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 13:50:37

LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 13:50:38

AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 13:50:38

AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 13:50:10

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:08:13

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:39:02

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:33:51

VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 13:18:29

VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 13:18:29

VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 13:18:29

VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 13:18:29

VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 13:18:29

VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 13:18:30

VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 13:18:30

VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 13:18:30

VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 13:18:30

VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 17:01:12

VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 19:09:44

VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 13:38:16

VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 06:00:39

VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 16:30:45

VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 17:04:24

VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 17:04:44

VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 20:19:06

VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 08:52:17

VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 13:11:14

VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 07:37:46

VBASE025.VDF   : 7.11.32.134     2048 Bytes  11.06.2012 07:37:46

VBASE026.VDF   : 7.11.32.135     2048 Bytes  11.06.2012 07:37:47

VBASE027.VDF   : 7.11.32.136     2048 Bytes  11.06.2012 07:37:47

VBASE028.VDF   : 7.11.32.137     2048 Bytes  11.06.2012 07:37:47

VBASE029.VDF   : 7.11.32.138     2048 Bytes  11.06.2012 07:37:47

VBASE030.VDF   : 7.11.32.139     2048 Bytes  11.06.2012 07:37:47

VBASE031.VDF   : 7.11.32.150     6144 Bytes  12.06.2012 07:37:47

Engineversion  : 8.2.10.80 

AEVDF.DLL      : 8.1.2.8       106867 Bytes  01.06.2012 17:12:26

AESCRIPT.DLL   : 8.1.4.24      450939 Bytes  31.05.2012 17:08:24

AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 14:35:19

AESBX.DLL      : 8.2.5.10      606580 Bytes  29.05.2012 17:07:43

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06

AEPACK.DLL     : 8.2.16.16     807288 Bytes  29.05.2012 17:07:25

AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  26.04.2012 17:17:20

AEHEUR.DLL     : 8.1.4.36     4874615 Bytes  31.05.2012 17:06:16

AEHELP.DLL     : 8.1.21.0      254326 Bytes  11.05.2012 13:50:06

AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 17:17:13

AEEXP.DLL      : 8.1.0.44       82293 Bytes  29.05.2012 17:07:46

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01

AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 17:04:54

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01

AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 13:50:37

AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 13:50:37

AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 13:50:38

AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 13:50:37

AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 13:50:37

SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 13:50:38

AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 13:50:37

NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 13:50:38

RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 13:50:37

RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 13:50:37
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd5c8a5\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Dienstag, 12. Juni 2012  10:35
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TUAutoUpdateCheck.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CFSwMgr.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NDSTray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'pdf24.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Bandoo.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FreemakeUtilsService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ApplicationUpdater.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XTV1PV9\ad_track[1].htm'

C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XTV1PV9\ad_track[1].htm

  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55bd51bc.qua' verschoben!

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B27B9K0J\ad_track[1].htm'

C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B27B9K0J\ad_track[1].htm

  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d2a7e1b.qua' verschoben!

Beginne mit der Suche in 'C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMMV24KL\in[1].htm'
 
 

Ende des Suchlaufs: Dienstag, 12. Juni 2012  10:36

Benötigte Zeit: 00:58 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     25 Dateien wurden geprüft

      2 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      2 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     23 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      2 Hinweise

Das sind uralte Logs vom Juni! Also schon vier Wochen alt!

Zitat:

Naja meine Dateien sind nach wie vor verschlüsselt und nicht zu öffnen.

oben genannte Hinweise mal komplett zu lesen sollte nicht zuviel verlangt sein!

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:

3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln: Übersicht der 8 Entschlüsselungs-Tools

ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner

Die Hinweise habe ich gelesen.
Ich werde die Tools wie beschrieben ausprobieren in der Hoffnung das vielleicht was geht.

Wenn ich die Dateinamen korrigiere, d.h., das kürzel yxz weg nehme, lässt sich die Datei trotzdem nicht öffnen, also das hat sich schonmal erledigt.