Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei-Trojaner hat mich erwischt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2012, 09:47   #1
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Hallo Liebes Trojaner-Team

Heute habe ich mir beim Surfen einen dieser miesen Polizei-Trojaner eingefangen bei dem durch diese Meldung alles blockiert ist.

Ich habe den Laptop dann im abgesicherten Modus mit Netzwerktreiber gestartet. Danach bin ich dann über google auf euer Forum gestossen und hab mir Malwarebytes und OTL runtergeladen und ausgeführt.



Malwarebytes Log
PHP-Code:
Malwarebytes Anti-Malware (Test1.62.0.1300
www
.malwarebytes.org

Datenbank Version
v2012.08.15.09

Windows 7 Service Pack 1 x64 NTFS 
(Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Kevin 
:: KEVIN-TOSH [Administrator]

SchutzDeaktiviert

16.08.2012 02
:58:08
mbam
-log-2012-08-16 (02-58-08).txt

Art des Suchlaufs
Vollständiger Suchlauf (C:\|)
Aktivierte SuchlaufeinstellungenSpeicher Autostart Registrierung Dateisystem Heuristiks/Extra HeuristiKs/Shuriken PUP PUM
Deaktivierte Suchlaufeinstellungen
P2P
Durchsuchte Objekte
491864
Laufzeit
1 Stunde(n), 11 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte1
HKCU
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uxywstnixjmsula (Trojan.Ransom) -> DatenC:\ProgramData\uxywstni.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien4
C
:\ProgramData\uxywstni.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kevin\0.7570417923624622.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kevin\Desktop\SEGA\Neuer Ordner (3)\SAVE EDITOR Collection v 1.0\SAVE EDITOR Collection v 1.0\Borderlands Willow Tree  Editor\WillowTree.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kevin\Desktop\SEGA\Neuer Ordner (3)\SAVE EDITOR Collection v 1.0\SAVE EDITOR Collection v 1.0\Shadow Complex (XBL Arcade)\Shadow Complex Editor.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(
Ende


OTL.txt
PHP-Code:
OTL logfile created on8/16/2012 5:30:15 AM Run 1
OTL by OldTimer 
Version 3.2.57.0     Folder C:\Users\Kevin\Desktop
64bit
Home Premium Edition Service Pack 1 (Version 6.1.7601) - Type NTWorkstation
Internet Explorer 
(Version 9.0.8112.16421)
Locale00000409 CountryÖsterreich LanguageDEA Date Formatdd.MM.yyyy
 
7.91 Gb Total Physical Memory 
5.28 Gb Available Physical Memory 66.82Memory free
15.82 Gb Paging File 
13.10 Gb Available in Paging File 82.84Paging File free
Paging file location
(s): ?:\pagefile.sys [binary data]
 
%
SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.20 Gb Total Space 35.13 Gb Free Space 5.15Space Free Partition TypeNTFS
 
Computer Name
KEVIN-TOSH User NameKevin Logged in as Administrator.
Boot ModeNormal Scan ModeAll users | Include 64bit Scans
Company Name Whitelist
Off Skip Microsoft FilesOff No Company Name WhitelistOn File Age 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
PRC C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' 
Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
PRC C:\Users\Kevin\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe (Totem Entertainment)
PRC C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworksInc.)
PRC C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\UNS\UNS.exe (Intel Corporation)
PRC C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\LMS\LMS.exe (Intel Corporation)
PRC C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
PRC C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
PRC C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC C:\Program Files (x86)\3DataManager\WTGService.exe ()
 
 
[
color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD C:\Users\Kevin\AppData\Local\vghd\bin\QtGui4.dll ()
MOD C:\Users\Kevin\AppData\Local\vghd\bin\QtNetwork4.dll ()
MOD C:\Users\Kevin\AppData\Local\vghd\bin\QtXml4.dll ()
MOD C:\Users\Kevin\AppData\Local\vghd\bin\QtCore4.dll ()
 
 
[
color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:[b]64bit:[/b] - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:[b]64bit:[/b] - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SymEFA64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SymDS64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Ironx64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccSetx64.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:[b]64bit:[/b] - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:[b]64bit:[/b] - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (DVB7700ALL) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:[b]64bit:[/b] - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:[b]64bit:[/b] - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:[b]64bit:[/b] - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:[b]64bit:[/b] - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:[b]64bit:[/b] - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:[b]64bit:[/b] - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:[b]64bit:[/b] - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120815.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120815.002\eng64.sys (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120402.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120202.002\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{7CF3FA9B-4D75-4A99-9D05-0092AFDC9FD2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comoestamos.com/search/
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{68A72E44-9F07-436B-ADC8-000512CCE1DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = hxxp://www.comoestamos.com/search/searchgoogle.asp?q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\UpdatusUser\Desktop
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kevin\Desktop
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT448
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/22 00:55:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/08/16 04:43:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/08/16 04:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 19:57:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 02:25:29 | 000,000,000 | ---D | M]
 
[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012/08/16 02:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions
[2012/08/04 23:33:56 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com
[2012/04/20 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/25 19:57:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: preisspion.de = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.0_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2011/09/10 05:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Ocs_SM] C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' 
Anti-MalwareC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Kevin\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mcx1-KEVIN-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:[b]64bit:[/b] - Extra '
Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra '
Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra '
Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1EFD16-CBA1-4C51-9DE0-2DD4AFBFE634}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/08/16 04:42:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/16 04:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/16 04:41:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/16 04:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/16 04:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/16 03:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\ff11
[2012/08/16 03:47:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/08/16 02:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012/08/16 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' 
Anti-Malware
[2012/08/16 02:56:57 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/16 02:56:57 000,000,000 | ---C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/16 02:56:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/16 01:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\rsiogkxqxettjhl
[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Songbird2
[2012/08/14 12:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[2012/08/14 12:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird
[2012/08/08 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Skyrim
[2012/08/08 08:38:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2012/08/08 08:38:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2012/08/08 08:38:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2012/08/08 08:38:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2012/08/08 08:38:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2012/08/08 08:38:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2012/08/08 08:38:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2012/08/08 08:38:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2012/08/08 08:38:37 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2012/08/08 08:38:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2012/08/08 08:38:37 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2012/08/08 08:38:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2012/08/08 08:38:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2012/08/08 08:38:36 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2012/08/08 08:38:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2012/08/08 08:38:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2012/08/08 08:38:35 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2012/08/08 08:38:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2012/08/08 08:38:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2012/08/08 08:38:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2012/08/08 08:38:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2012/08/08 08:38:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2012/08/08 08:38:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2012/08/08 08:38:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2012/08/08 08:38:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2012/08/08 08:38:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2012/08/08 08:38:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2012/08/08 08:38:30 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2012/08/08 08:38:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2012/08/08 08:38:30 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2012/08/08 08:38:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2012/08/08 08:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2012/08/08 08:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2012/08/08 08:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2012/08/08 08:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2012/08/08 08:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2012/08/08 08:38:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2012/08/08 08:38:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2012/08/08 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Games
[2012/08/07 02:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/08/06 05:54:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\XboxMB
[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\windows\XSxS
[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Xenocode
[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2012/08/06 05:53:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Downloads
[2012/07/31 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2012/07/30 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Any Video Converter
[2012/07/30 17:22:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\AnvSoft
[2012/07/30 17:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2012/07/30 17:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2012/07/23 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Coma
[2012/07/23 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Revolt
[2012/07/23 19:48:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\360Revolution
[2012/07/18 23:28:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Macromedia
[2012/07/18 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sogna
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/08/16 05:06:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 04:48:16 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 04:48:16 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 04:46:40 | 001,715,430 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/08/16 04:42:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/16 04:42:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/16 04:42:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/16 04:42:31 | 000,002,575 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/08/16 04:40:43 | 000,001,308 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton-Installationsdateien.lnk
[2012/08/16 04:37:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/16 04:37:12 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 04:35:25 | 001,506,754 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/16 04:30:46 | 000,921,344 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe
[2012/08/16 04:17:09 | 000,002,046 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/08/16 03:47:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/08/16 02:56:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 02:56:26 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/16 01:29:48 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038
[2012/08/16 01:25:07 | 000,000,051 | ---- | M] () -- C:\ProgramData\oewjvtfvpnesgyz
[2012/08/15 17:30:44 | 001,614,892 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/15 17:30:44 | 000,697,534 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/08/15 17:30:44 | 000,652,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/15 17:30:44 | 000,148,540 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/08/15 17:30:44 | 000,121,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/15 12:06:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 12:06:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 12:37:17 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk
[2012/08/08 14:02:08 | 016,314,368 | ---- | M] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs
[2012/08/08 09:00:08 | 000,000,221 | ---- | M] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url
[2012/07/31 23:45:25 | 000,000,111 | ---- | M] () -- C:\user.js
[2012/07/30 17:16:08 | 000,001,247 | ---- | M] () -- C:\Users\Kevin\Desktop\Any Video Converter.lnk
[2012/07/23 19:32:08 | 001,592,786 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/08/16 04:42:37 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/16 04:42:37 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/16 04:42:31 | 000,002,575 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/08/16 04:40:36 | 000,001,308 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton-Installationsdateien.lnk
[2012/08/16 04:30:17 | 000,921,344 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe
[2012/08/16 02:56:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 01:25:00 | 000,000,051 | ---- | C] () -- C:\ProgramData\oewjvtfvpnesgyz
[2012/08/14 12:37:17 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk
[2012/08/08 14:00:44 | 016,314,368 | ---- | C] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs
[2012/08/08 09:00:08 | 000,000,221 | ---- | C] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url
[2012/07/31 23:45:25 | 000,000,111 | ---- | C] () -- C:\user.js
[2012/07/30 17:16:08 | 000,001,247 | ---- | C] () -- C:\Users\Kevin\Desktop\Any Video Converter.lnk
[2012/06/17 23:22:41 | 000,000,300 | ---- | C] () -- C:\windows\ACTIVEJP.INI
[2012/01/24 04:49:22 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/09/10 05:47:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/09/10 05:47:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/09/10 05:47:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/09/10 05:47:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/09/10 05:47:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/09/02 15:07:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/02 14:52:25 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\treeskp.sys
[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\sbacknt.bin
[2011/08/06 18:24:27 | 001,592,786 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/06 14:20:04 | 000,059,685 | ---- | C] () -- C:\windows\War3Unin.dat
[2011/06/17 06:12:01 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/04/05 05:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/05 05:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/05 05:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 21:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/03/24 13:36:03 | 000,000,000 | -HSD | M] -- C:\Users\Kevin\AppData\Roaming\.#
[2011/08/11 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\3DataManager
[2012/07/30 17:22:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AnvSoft
[2012/02/18 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Clickteam
[2011/08/13 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Datel
[2012/08/16 02:11:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft
[2011/08/30 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Swift Sound
[2011/08/29 23:09:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OCS
[2011/08/29 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Opera
[2011/08/11 16:27:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips
[2011/08/10 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips-Songbird
[2011/08/10 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Program Files (x86)
[2012/07/11 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SoftGrid Client
[2012/08/14 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2011/08/07 01:39:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba
[2011/08/06 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TOSHIBA Online Product Information
[2011/08/06 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TP
[2011/08/06 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch
[2012/08/16 04:16:15 | 000,026,036 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2012/02/18 13:33:45 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説
[2012/02/18 13:20:16 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説

< End of report > 
Extras.txt
PHP-Code:
OTL Extras logfile created on8/16/2012 5:30:15 AM Run 1
OTL by OldTimer 
Version 3.2.57.0     Folder C:\Users\Kevin\Desktop
64bit
Home Premium Edition Service Pack 1 (Version 6.1.7601) - Type NTWorkstation
Internet Explorer 
(Version 9.0.8112.16421)
Locale00000409 CountryÖsterreich LanguageDEA Date Formatdd.MM.yyyy
 
7.91 Gb Total Physical Memory 
5.28 Gb Available Physical Memory 66.82Memory free
15.82 Gb Paging File 
13.10 Gb Available in Paging File 82.84Paging File free
Paging file location
(s): ?:\pagefile.sys [binary data]
 
%
SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.20 Gb Total Space 35.13 Gb Free Space 5.15Space Free Partition TypeNTFS
 
Computer Name
KEVIN-TOSH User NameKevin Logged in as Administrator.
Boot ModeNormal Scan ModeAll users | Include 64bit Scans
Company Name Whitelist
Off Skip Microsoft FilesOff No Company Name WhitelistOn File Age 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.
url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.
cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[
HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Classes\<extension>]
.
html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[
color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg ErrorKey error.
htmlfile [edit] -- Reg ErrorKey error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %(Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %(Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg ErrorKey error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile 
[open] -- "%1" /S
txtfile 
[edit] -- Reg ErrorKey error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory 
[cmd] -- cmd.exe //k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg ErrorValue error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg ErrorKey error.
htmlfile [edit] -- Reg ErrorKey error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg ErrorKey error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile 
[open] -- "%1" /S
txtfile 
[edit] -- Reg ErrorKey error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory 
[cmd] -- cmd.exe //k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg ErrorValue error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[
color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" 1
"FirewallDisableNotify" 0
"AntiVirusDisableNotify" 0
"UpdatesDisableNotify" 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[
b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" 0
"AntiSpywareOverride" 0
"FirewallOverride" 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" 0
"AntiVirusDisableNotify" 0
"UpdatesDisableNotify" 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[
color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[
b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[
b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" 1
"DisableNotifications" 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" 1
"DisableNotifications" 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" 1
"DisableNotifications" 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[
color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EC35AC6-92E2-41DD-8D75-2094CFEF5585}" lport=1900 protocol=17 dir=in svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{14B9A38B-A2C9-4286-82FB-ABAE34F86526}" lport=2869 protocol=dir=in app=system 
"{1A3A8A44-7294-4B49-92E0-7C888D38C697}" rport=5355 protocol=17 dir=out svc=dnscache app=%systemroot%\system32\svchost.exe 
"{1C7148E9-9DCB-4CB3-A43A-B8B3DF4C7345}" rport=3702 protocol=17 dir=out svc=fdphost app=%systemroot%\system32\svchost.exe 
"{23C19003-B0D4-4ED4-8078-CE2E228AC7C7}" lport=7777 protocol=17 dir=in app=%systemroot%\ehome\ehshell.exe 
"{249641A7-E607-4853-841A-124FFA6A8A7C}" lport=3702 protocol=17 dir=in svc=fdrespub app=%systemroot%\system32\svchost.exe 
"{290A7C08-56EE-450E-9AD6-A45025528ECD}" lport=7777 protocol=17 dir=in app=%systemroot%\ehome\ehshell.exe 
"{2D3C2657-9D5D-40F3-AEE2-2BD214123DC8}" rport=2177 protocol=dir=out svc=qwave app=%systemroot%\system32\svchost.exe 
"{30D9FA76-E860-409C-91BE-D111608309D3}" rport=3702 protocol=17 dir=out svc=fdrespub app=%systemroot%\system32\svchost.exe 
"{3232E0A3-91F4-4436-84D6-FA4E0B13061D}" lport=2869 protocol=dir=in app=system 
"{324325D5-1997-42B4-B37B-725087B51CA3}" lport=2177 protocol=17 dir=in svc=qwave app=%systemroot%\system32\svchost.exe 
"{33ED8279-D271-4180-A219-8783B17F2924}" lport=2177 protocol=dir=in svc=qwave app=%systemroot%\system32\svchost.exe 
"{3F8F63C6-0E2B-43BD-8919-972147AFEEA1}" lport=1900 protocol=17 dir=in svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{4543C654-306B-4C73-8523-9769D09E73FB}" rport=1900 protocol=17 dir=out svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{4C3B3B45-95EF-4DCD-9F3C-5C847AD5C093}" lport=1900 protocol=17 dir=in name=windows live communications platform (ssdp) | 
"{4E1A41F9-E91D-41AB-A6CE-273294C5E54C}" lport=5355 protocol=17 dir=in svc=dnscache app=%systemroot%\system32\svchost.exe 
"{598B7D8C-DBDA-49C3-A137-1C9BA44D0D3A}" lport=1900 protocol=17 dir=in svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{600EB824-0BAA-47B8-B743-D6E7ED0417CE}" lport=547 protocol=17 dir=in svc=sharedaccess app=%systemroot%\system32\svchost.exe 
"{603C8703-E1CE-4D2F-B489-845853250A7F}" rport=1900 protocol=17 dir=out svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{6CF96340-F250-4404-8879-0CD25C742A0C}" rport=2177 protocol=dir=out svc=qwave app=%systemroot%\system32\svchost.exe 
"{73974DF1-15D8-4AE5-A643-6B21377FA6A4}" rport=1900 protocol=17 dir=out svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{75B93040-6063-43B4-9BA0-5DEEE7BEE01B}" rport=1900 protocol=17 dir=out svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{782C0D0E-DD07-4D1D-9BFB-CB16DC08467E}" lport=2177 protocol=17 dir=in svc=qwave app=%systemroot%\system32\svchost.exe 
"{7F2C0899-7A1E-4933-A9A6-BF228B085CFB}" lport=3390 protocol=dir=in app=system 
"{837E4B7B-8FE4-4A16-AFFE-17D49690B88F}" lport=2177 protocol=dir=in svc=qwave app=%systemroot%\system32\svchost.exe 
"{90F5F375-821A-422E-9BE9-61CD160236D9}" lport=554 protocol=dir=in app=%systemroot%\ehome\ehshell.exe 
"{91F346C1-12C7-4471-B62B-2020BEA18806}" lport=554 protocol=dir=in app=%systemroot%\ehome\ehshell.exe 
"{A2A08795-F026-46E6-8D6A-6043E61C106E}" lport=10244 protocol=dir=in app=system 
"{B2CCE22A-1E22-45AB-AA58-13D779393783}" lport=5355 protocol=17 dir=in svc=dnscache app=%systemroot%\system32\svchost.exe 
"{BA172DEE-6422-4375-9CA8-C4AC39A4275B}" rport=2177 protocol=17 dir=out svc=qwave app=%systemroot%\system32\svchost.exe 
"{BDB9123D-F4EB-4CB5-82B1-51C33B7C91BB}" lport=3702 protocol=17 dir=in svc=fdphost app=%systemroot%\system32\svchost.exe 
"{C0F431A3-EFD6-48B6-BE4A-BE9DA0EB8EE0}" lport=1900 protocol=17 dir=in svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{C49FAD3E-4ACE-4552-9667-9C5986EE7E17}" rport=2177 protocol=17 dir=out svc=qwave app=%systemroot%\system32\svchost.exe 
"{C9F24535-9DF3-46ED-9378-E10C56F58F40}" lport=68 protocol=17 dir=in svc=sharedaccess app=%systemroot%\system32\svchost.exe 
"{CBF85601-E332-452A-9CBA-E05552249179}" lport=1900 protocol=17 dir=out svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{CF5B0068-3A1A-4736-8D07-FA58B7C2D869}" lport=2869 protocol=dir=in name=windows live communications platform (upnp) | 
"{D00865F4-8BD5-4BCA-93EA-E4B547090082}" lport=3390 protocol=dir=in app=system 
"{DD42B329-9C3C-4B02-9155-128C4818C06B}" lport=10255 protocol=dir=in name=tmc_plugin_port 
"{DE49D80E-9A21-44DB-80E4-1FE8F8CDE5C5}" lport=1900 protocol=17 dir=out svc=ssdpsrv app=%systemroot%\system32\svchost.exe 
"{E3389F8C-788E-4BC4-A9EF-D5CCE2F339BF}" rport=5355 protocol=17 dir=out svc=dnscache app=%systemroot%\system32\svchost.exe 
"{F07F820F-20FD-4FA8-8500-2A70A382A871}" lport=2869 protocol=dir=in app=system 
"{F5AFC0A5-C14C-4E0E-A37D-38D9299D9DC3}" lport=10244 protocol=dir=in app=system 
"{F8AA41DB-9481-4981-B4D3-DD9C1F4D46D2}" lport=53 protocol=17 dir=in svc=sharedaccess app=%systemroot%\system32\svchost.exe 
"{F8D21455-3F62-49DC-8617-F4F8BA2A60E6}" rport=2869 protocol=dir=out app=system 
"{FC661AFC-6D92-4B95-AE89-91B3AB16B91A}" lport=67 protocol=17 dir=in svc=sharedaccess app=%systemroot%\system32\svchost.exe 
 
[
color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0094B4CD-3A6F-4A9D-B74A-70C974863A5D}" protocol=58 dir=in name=@hnetcfg.dll,-148 
"{012C3E54-5253-4432-933F-8381D4CAEE51}" protocol=17 dir=in app=c:\users\kevin\desktop\modio_3.0\modio\modio.exe 
"{02C91A76-EBF7-4729-9F71-6EA76E32BCA7}" protocol=17 dir=in app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe 
"{0386396B-63DF-466C-B3E6-2F8506304FFB}" protocol=dir=in app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe 
"{05E4588E-0405-40CE-9B28-631F2CA6F517}" protocol=17 dir=in app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe 
"{0EC68DF1-2176-4B93-8EA1-EED868B4C861}" protocol=dir=in app=c:\users\kevin\appdata\local\temp\7zsb7aa.tmp\symnrt.exe 
"{1041AF47-CC5E-429C-B4EE-70B5F35A20B4}" protocol=17 dir=in app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe 
"{11331A99-4881-4A2D-86DA-128C404DC677}" protocol=17 dir=in app=c:\users\kevin\appdata\local\vghd\bin\vghd.exe 
"{1872FA29-E71E-4BA3-9F0E-AD20161B4D1C}" protocol=17 dir=in app=c:\users\kevin\appdata\local\temp\7zsb7aa.tmp\symnrt.exe 
"{2F2AF9E1-CE6F-46D4-8332-12352B3A0BDF}" protocol=dir=out svc=upnphost app=%systemroot%\system32\svchost.exe 
"{37D24F01-08CB-4704-A17E-BD44C8AFC87D}" protocol=dir=out svc=mcx2svc app=%systemroot%\system32\svchost.exe 
"{3A91E56B-64CD-4531-BCA1-5B05C7D87936}" protocol=17 dir=out app=%systemroot%\ehome\ehshell.exe 
"{3D6A86CD-7909-4BAE-8B70-246822ECE2C7}" protocol=dir=in app=c:\users\kevin\desktop\modio_3.0\modio\modio.exe 
"{44C25CD8-14A2-4B0F-8395-32AEF9858708}" protocol=17 dir=in app=c:\program files (x86)\steam\steamapps\common\serious sam 3 serious chaos trailer\smp.exe 
"{48405E7D-577F-4043-894A-180FF1B161E6}" dir=in app=c:\program files (x86)\windows live\messenger\msnmsgr.exe 
"{4A9B5760-D17B-49FA-9A88-1AEC85C47788}" protocol=17 dir=in app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe 
"{4DADA237-4508-471D-9918-3A0DBC7E6215}" protocol=17 dir=out app=%programfiles%\windows media player\wmplayer.exe 
"{4F36E53D-957F-4D38-928C-11D479535B83}" protocol=dir=out app=%systemroot%\ehome\mcx2prov.exe 
"{5580711C-3AEE-460A-8ED5-A55C93E4D64E}" protocol=17 dir=in app=c:\program files (x86)\steam\steamapps\common\serious sam 3 serious chaos trailer\smp.exe 
"{56B747B9-1017-465F-9745-C9A068DF876F}" protocol=dir=out app=%programfiles(x86)%\windows media player\wmplayer.exe 
"{5D8C0EF2-832B-4836-BA6E-0D7D9415DFE8}" protocol=17 dir=in app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe 
"{63F14725-5622-4B5C-85C9-4025C294B8A1}" protocol=17 dir=out app=%systemroot%\ehome\ehshell.exe 
"{69329827-9A3D-48CC-959B-A896E3A43C20}" protocol=dir=out app=%systemroot%\ehome\ehshell.exe 
"{6E834BD3-422E-44D7-912D-B1A1615AC395}" protocol=dir=out svc=fdphost app=%systemroot%\system32\svchost.exe 
"{6F06C9BD-E5EA-48A1-AD3E-38718A210B62}" protocol=dir=out app=%programfiles%\windows media player\wmplayer.exe 
"{716DE0CA-97DF-466A-ACE7-B53D195A2E42}" dir=in app=c:\program files (x86)\windows live\mesh\moe.exe 
"{7A63823E-E2AB-46D5-BAA7-2D8A35D23FA8}" protocol=dir=out app=%systemroot%\ehome\ehshell.exe 
"{7E49D09A-5747-4C58-BAC7-0F64F6FEC734}" protocol=dir=out app=%systemroot%\ehome\mcrmgr.exe 
"{8EAC16DF-C938-41C3-8B84-43D9DB9243FD}" protocol=dir=in app=c:\program files (x86)\steam\steamapps\common\serious sam 3 serious chaos trailer\smp.exe 
"{A29C8DDB-A9FE-41CB-9C21-DB0421F1BEFC}" protocol=17 dir=in app=c:\program files (x86)\steam\steam.exe 
"{A6BB2E20-9C4D-461D-BFA5-8EE487F6FF35}" protocol=dir=out svc=upnphost app=%systemroot%\system32\svchost.exe 
"{AF3AFFC5-40F9-4DB5-8902-8F05EB34CA25}" protocol=dir=in app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe 
"{B31E0004-AE30-447E-8549-65BE105D3D4F}" protocol=dir=out app=%systemroot%\ehome\mcx2prov.exe 
"{B3CF3D9E-14AA-4717-A3D8-58DCC9B94A3E}" protocol=dir=in app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe 
"{B5331D9E-512A-4725-8690-43683822ACD4}" dir=in app=c:\program files (x86)\skype\phone\skype.exe 
"{B9E7E0B7-B248-415B-9BE1-6E20954426E4}" protocol=dir=in app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe 
"{B9F44094-9B18-4D12-A98B-1241D8B281F0}" protocol=dir=out svc=fdphost app=%systemroot%\system32\svchost.exe 
"{C38FA7A0-7C73-4BB9-B2BA-C5336478D1FB}" protocol=dir=in app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe 
"{CBB63187-159B-4A05-AFB0-E9E4E4111A9E}" protocol=dir=out svc=upnphost app=%systemroot%\system32\svchost.exe 
"{CD28EEA6-CE7D-45D6-AD6B-A0D1219427B0}" protocol=dir=in app=c:\users\kevin\appdata\local\vghd\bin\vghd.exe 
"{CE7ECF1C-3F12-427E-81A2-9E974B7410D7}" protocol=dir=out app=%systemroot%\ehome\mcrmgr.exe 
"{CEDA5F4F-E833-4DAD-9AF8-5C253DA194B5}" dir=out svc=sharedaccess app=%systemroot%\system32\svchost.exe 
"{DBB82DA9-B4D4-4FCD-AAA8-20ACF2B93CF5}" dir=in app=c:\program files (x86)\windows live\contacts\wlcomm.exe 
"{DD9938D5-4A00-476D-989D-5427BDB5DB89}" protocol=17 dir=in app=%programfiles(x86)%\windows media player\wmplayer.exe 
"{E38210BE-CF98-4A35-8BA7-5DB77F3E148C}" protocol=dir=in app=c:\program files (x86)\steam\steamapps\common\serious sam 3 serious chaos trailer\smp.exe 
"{ECA43105-D28D-4FB2-A431-9A7F4939F5E6}" protocol=dir=in app=c:\program files (x86)\steam\steam.exe 
"{ECC4D6BA-29EA-494E-AA45-B47CC40E0BF0}" protocol=dir=out svc=upnphost app=%systemroot%\system32\svchost.exe 
"{F106935E-10A8-4B70-9545-EB2C0A8F772C}" protocol=17 dir=in app=%programfiles%\windows media player\wmplayer.exe 
"{FAE4A6E6-2DB6-4D62-B5D1-3EDC660B83DB}" protocol=dir=out svc=mcx2svc app=%systemroot%\system32\svchost.exe 
"{FBE4F24D-2038-4C37-831E-2C7DD92813A0}" protocol=17 dir=out app=%programfiles(x86)%\windows media player\wmplayer.exe 
"TCP Query User{E953DE4E-EBC7-48E5-9715-D2D6D8CD309B}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" protocol=dir=in app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe 
"TCP Query User{FF755883-EC0A-4022-9DE5-63BE8FCC3D7C}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" protocol=dir=in app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe 
"UDP Query User{8E66494E-AB8F-47B8-96F4-BE06C8C1C352}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" protocol=17 dir=in app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe 
"UDP Query User{A23A2C21-49CD-4FD9-A508-82050B89D45D}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" protocol=17 dir=in app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe 
 
[
color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" TOSHIBA ReelTime
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" Microsoft Visual C++ 2008 Redistributable x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" Microsoft Visual C++ 2008 Redistributable x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" Microsoft Office Klick-und-Los 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" NVIDIA Control Panel 267.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" NVIDIA Graphics Driver 267.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" NVIDIA 3D Vision Controller Driver 267.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" NVIDIA Update Components
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" TOSHIBA eco Utility
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" TOSHIBA Face Recognition
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" Microsoft .NET Framework 4 Extended
"SearchAnonymizer" SearchAnonymizer
"SynTPDeinstKey" Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" Nero Multimedia Suite 10 Essentials
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" Utility Common Driver
"{14B441B7-774D-4170-98EA-A13667AE6218}" Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" Nero Core Components 10
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" Java(TM6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" Windows Live Essentials
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" Windows Live Writer
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" Photo Service powered by myphotobook
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" Intel(RRapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" Java Auto Updater
"{5169D2E2-0B94-3320-8C7A-718F92BE20CE}" Microsoft Visual Basic PowerPacks 1.2
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" Windows Live UX Platform Language Pack
"{57C39411-6747-489C-A226-46885FB0D2D0}" DriverBoost
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" RGSS-RTP Standard
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" Corel WinDVD
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" TOSHIBA Flash Cards Support Utility
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" Intel(RManagement Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" Nero InfoTool 10 Help (CHM)
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" Command Conquer Die ersten 10 Jahre
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" Nero BackItUp 10
"{6A563426-3474-41C6-B847-42B39F1485B2}" Windows Live Messenger
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" TOSHIBA ResolutionPlug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" Nero Control Center 10
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" MSXML 4.0 SP2 Parser and SDK
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" TOSHIBA Recovery Media Creator Reminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" RealNetworks Microsoft Visual C++ 2008 Runtime
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" Microsoft Office Starter 2010 Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" VC80CRTRedist 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" RPGXP
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" Adobe Reader X (10.1.3MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" TOSHIBA Recovery Media Creator
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" NVIDIA PhysX
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" Windows Live Mesh ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" Windows Live Movie Maker
"{CBB0ABFB-4668-4172-952D-2CEF5C14F4D2}" Command Conquer™ Die ersten 10 Jahre-Patch 1.02
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" Skype Toolbars
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" Windows Live Mail
"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" TOSHIBA ConfigFree
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" Raccolta foto di Windows Live
"{F082CB11-4794-4259-99A1-D91BA762AD15}" TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" Microsoft Visual C++ 2010  x86 Redistributable 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" Intel(RProcessor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" TOSHIBA Media Controller Plug-in
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" Windows Live Essentials
"{FDE58148-57E7-43BF-879A-29CCE818C078}" eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" TOSHIBA Remote Control Manager
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" Windows Live Movie Maker
"3DataManager" 3DataManager
"7-Zip" 7-Zip 9.20
"Adobe AIR" Adobe AIR
"Adobe Flash Player ActiveX" Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" Adobe Shockwave Player 11.6
"Any Video Converter_is1" Any Video Converter 3.4.1
"conduitEngine" Conduit Engine
"DVDVideoSoftTB Toolbar" DVDVideoSoftTB Toolbar
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" Photo Service powered by myphotobook
"Free Audio Converter_is1" Free Audio Converter version 2.3.2.804
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" Mozilla Maintenance Service
"NIS" Norton Internet Security
"NVIDIA StereoUSB Driver" NVIDIA 3D Vision Controller Driver
"Office14.Click2Run" Microsoft Office Klick-und-Los 2010
"RealPlayer 12.0" RealPlayer
"Songbird-release-2311" Songbird 2.0.0 (Build 2311)
"Steam App 39260" = FINAL FANTASY XIUltimate Collection Abyssea Edition
"Steam App 72850" The Elder Scrolls VSkyrim
"Warcraft III" Warcraft III
"WavePad" WavePad Audiobearbeitungs-Software
"WildTangent toshiba Master Uninstall" WildTangent Games
"WinLiveSuite" Windows Live Essentials
"WTA-01bd991c-1470-4ef0-a174-0d71be58f927" Chicken Invaders 3 Revenge of the Yolk
"WTA-3920e22a-03da-4af8-9e26-dd4426eaf690" = Final DriveNitro
"WTA-6b7a5fcf-cdd8-40f7-a8d7-fb15160d1418" Bejeweled 2 Deluxe
"WTA-6df6cb39-3dec-45d8-816b-4d494d7b9b44" Zuma Deluxe
"WTA-88f2e720-8854-422c-9c11-12e1989ff105" Penguins!
"WTA-8e37611f-0667-4c26-924b-a69124fda92f" Chuzzle Deluxe
"WTA-9426cee1-1361-4793-996e-1e08f0b7e68b" Slingo Deluxe
"WTA-bfa36b20-caac-423c-bbda-ad4a62404b67" Insaniquarium Deluxe
"WTA-c65b7868-a924-43c0-8b02-d258b353107e" Wedding Dash 2 Rings Around the World
"WTA-c73e6abf-c860-42a2-8802-591a8658d489" Bejeweled 3
"WTA-ced71cf4-13e2-4fad-839b-b5d553d65ccc" Diner Dash 2 Restaurant Rescue
"WTA-e32aa95f-8328-47a5-abe6-debc4b8f4784" FATE
"WTA-e47f0222-e398-420e-ba02-b7db351caa1a" Polar Bowler
"WTA-eaa2ce22-f430-4ccd-8fcc-f180370f5f99" Plants vsZombies Game of the Year
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VirtuaGirl_is1" VirtuaGirl Version 1.1.0.12
"Warcraft III" Warcraft IIIAll Products
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VirtuaGirl_is1" VirtuaGirl Version 1.1.0.12
"Warcraft III" Warcraft IIIAll Products
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
Application Events ]
Error 6/26/2012 2:07:17 PM Computer Name Kevin-TOSH Source CVHSVC ID 100
Description 
Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 
DownloadLatest Failed
 
Error 6/30/2012 9:27:26 AM Computer Name Kevin-TOSH Source CVHSVC ID 100
Description 
Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 
DownloadLatest Failed
 
Error 7/3/2012 4:16:14 AM Computer Name Kevin-TOSH Source CVHSVC ID 100
Description 
Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 
DownloadLatest Failed
 
Error 7/4/2012 7:17:58 PM Computer Name Kevin-TOSH Source CVHSVC ID 100
Description 
Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 
DownloadLatest Failed
 
Error 7/11/2012 12:56:09 PM Computer Name Kevin-TOSH Source WinMgmt ID 10
Description 

 
Error 7/11/2012 12:57:01 PM Computer Name Kevin-TOSH Source Application Hang ID 1002
Description 
Programm mshta.exeVersion 9.0.8112.16421 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet
Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 
um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID1118    Startzeit:
 
01cd5f85f741c9de    Endzeit0    AnwendungspfadC:\windows\SysWOW64\mshta.exe    Berichts-ID:
 
479bd559-cb79-11e1-8b08-b870f4607654  
 
Error 
7/11/2012 12:58:35 PM Computer Name Kevin-TOSH Source TOSHIBA Service Station ID 0
Description 
TSS Loadcould not communicate with TMachInfo service
 
Error 
7/17/2012 12:29:50 PM Computer Name Kevin-TOSH Source CVHSVC ID 100
Description 
Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 
DownloadLatest Failed
 
Error 7/17/2012 3:30:27 PM Computer Name Kevin-TOSH Source WinMgmt ID 10
Description 

 
Error 7/23/2012 12:09:15 PM Computer Name Kevin-TOSH Source Application Hang ID 1002
Description 
Programm iexplore.exeVersion 9.0.8112.16447 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet
Überprüfen Sie den Problemverlauf 
in der Wartungscenter
-Systemsteuerungum nach weiteren Informationen zum Problem
 zu suchen
.    Prozess-ID12d8    Startzeit01cd68e82c74bd9f    Endzeit125    Anwendungspfad:
 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error 7/23/2012 1:36:33 PM Computer Name Kevin-TOSH Source WinMgmt ID 10
Description 

 
Media Center Events ]
Error 9/13/2011 5:15:03 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
23:15:03 Fehler beim Herstellen der Internetverbindung.  23:15:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/13/2011 5:15:09 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
23:15:09 Fehler beim Herstellen der Internetverbindung.  23:15:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 1:39:58 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
19:39:58 Fehler beim Herstellen der Internetverbindung.  19:39:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 1:40:04 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
19:40:03 Fehler beim Herstellen der Internetverbindung.  19:40:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 2:43:32 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
20:42:33 Fehler beim Herstellen der Internetverbindung.  20:42:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 2:47:06 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
20:43:52 Fehler beim Herstellen der Internetverbindung.  20:43:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 3:46:37 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
21:46:37 Fehler beim Herstellen der Internetverbindung.  21:46:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 3:46:49 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
21:46:43 Fehler beim Herstellen der Internetverbindung.  21:46:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 4:46:51 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
22:46:51 Fehler beim Herstellen der Internetverbindung.  22:46:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error 9/21/2011 4:46:57 PM Computer Name Kevin-TOSH Source MCUpdate ID 0
Description 
22:46:56 Fehler beim Herstellen der Internetverbindung.  22:46:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
System Events ]
Error 7/10/2012 3:03:28 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/10/2012 3:04:05 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/10/2012 3:04:05 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/10/2012 6:54:22 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/11/2012 12:31:42 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/11/2012 12:31:42 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/11/2012 12:55:07 PM Computer Name Kevin-TOSH Source Service Control Manager ID 7026
Description 
Das Laden folgender Bootoder Systemstarttreiber ist fehlgeschlagen:
   
cdrom
 
Error 
7/11/2012 12:57:04 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
Error 7/11/2012 1:02:55 PM Computer Name Kevin-TOSH Source Service Control Manager ID 7022
Description 
Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
 
Error 7/11/2012 6:13:18 PM Computer Name Kevin-TOSH Source ipnathlp ID 31004
Description 

 
 
End of report 
Ich hoffe, dass ich alles richtig gepostet hab und danke euch schonmal im voraus für Eure Hilfe!!

Alt 18.08.2012, 10:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.08.2012, 19:36   #3
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Okay hier ist das ESET-Log. Ist das das richtige?

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
         
Der Scan dauerte über 6 Stunden und hat 2 Treffer gefunden mit ransom.b trojan
ich kenn mich da leider nicht aus und hoffe das hilft.
__________________

Alt 20.08.2012, 21:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.08.2012, 05:49   #5
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Tut mir Leid konnte diese Woche wegen Arbeit nicht reinschauen. Ich mach den Scan nochmal und poste dann das Log.

Ok hier ist das neue ESET LOG:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=844c7ee9b5ff884db6cbb3d4494af58f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-29 08:21:00
# local_time=2012-08-29 10:21:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 67 143035 14923089 0 0
# compatibility_mode=5893 16776574 100 94 33564534 97846023 0 0
# compatibility_mode=8192 67108863 100 0 837390 837390 0 0
# scanned=274055
# found=6
# cleaned=0
# scan_time=12288
C:\$RECYCLE.BIN\S-1-5-21-920081731-557011817-1691672322-1001\$RS2HNHI.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\rsiogkxqxettjhl\main.html	HTML/Ransom.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\rsiogkxqxettjhl\main.html	HTML/Ransom.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQDIKE90\FreeYouTubetoMP3Converter.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kevin\AppData\Local\Temp\jar_cache5749146725370766944.tmp	Java/Exploit.Agent.NDB trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kevin\AppData\Local\Temp\is-BIAHE.tmp\OCSetupHlp.dll	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
         
Ich hoffe, dass es jetzt stimmt.
Sry für Doppelpost.


Alt 30.08.2012, 19:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Polizei-Trojaner hat mich erwischt

Alt 31.08.2012, 12:15   #7
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Ok hier ist das adw cleaner log:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/31/2012 at 13:13:06
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kevin - KEVIN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Kevin\Desktop\adwCleaner1801.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Kevin\AppData\Local\Conduit
Folder Found : C:\Users\Kevin\AppData\Local\vghd
Folder Found : C:\Users\Kevin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kevin\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Kevin\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Kevin\AppData\LocalLow\Softonic
Folder Found : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\DVDVideoSoftTB
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60757BDE-F16E-4D43-8A71-9FD72A0F2998}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562CEF75-F09F-40F0-8253-1DB0AB096E5A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97B075D1-25D7-40AF-8DD8-EF5C24EC86D5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default 
File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\prefs.js

Found : user_pref("extensions.Softonic.admin", false);
Found : user_pref("extensions.Softonic.aflt", "SD");
Found : user_pref("extensions.Softonic.autoRvrt", "false");
Found : user_pref("extensions.Softonic.cntry", "AT");
Found : user_pref("extensions.Softonic.cv", "cv5");
Found : user_pref("extensions.Softonic.dfltLng", "de");
Found : user_pref("extensions.Softonic.envrmnt", "production");
Found : user_pref("extensions.Softonic.excTlbr", false);
Found : user_pref("extensions.Softonic.hdrMd5", "F8120948C47546B90C956EFD3A22D0C5");
Found : user_pref("extensions.Softonic.hmpg", false);
Found : user_pref("extensions.Softonic.id", "687e0c9d000000000000f2df9a395f3e");
Found : user_pref("extensions.Softonic.instlDay", "15552");
Found : user_pref("extensions.Softonic.instlRef", "MON1207T10");
Found : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.323:45:25");
Found : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Found : user_pref("extensions.Softonic.newTab", false);
Found : user_pref("extensions.Softonic.prdct", "Softonic");
Found : user_pref("extensions.Softonic.prtnrId", "softonic");
Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Found : user_pref("extensions.Softonic.sg", "az");
Found : user_pref("extensions.Softonic.smplGrp", "none");
Found : user_pref("extensions.Softonic.tlbrId", "base");
Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1207T10/tb_v1?SearchSour[...]
Found : user_pref("extensions.Softonic.vrsn", "1.6.4.3");
Found : user_pref("extensions.Softonic.vrsnTs", "1.6.4.323:45:25");
Found : user_pref("extensions.Softonic.vrsni", "1.6.4.3");
Found : user_pref("extensions.Softonic_i.newTab", false);
Found : user_pref("extensions.Softonic_i.smplGrp", "none");
Found : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.323:45:25");
Found : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8422 octets] - [31/08/2012 13:13:06]

########## EOF - C:\AdwCleaner[R1].txt - [8550 octets] ##########
         

Alt 31.08.2012, 14:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Warum nimmst du eine alte Version? In der Anleitung steht doch extra du sollst den adwCleaner runterladen und extra verlinkt hab ich den auch noch
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.08.2012, 20:19   #9
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Tut mir Leid aber der Link hat bei mir mit IE nicht funktioniert. Ich hab ihn jetzt nochmal mit firefox geöffnet und adw von dort runtergeladen und ausgeführt.

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 08/31/2012 um 21:20:07 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kevin - KEVIN-TOSH
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9A7Q0JRY\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\ConduitEngine
Ordner Gefunden : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Kevin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Kevin\AppData\Local\vghd
Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562CEF75-F09F-40F0-8253-1DB0AB096E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60757BDE-F16E-4D43-8A71-9FD72A0F2998}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97B075D1-25D7-40AF-8DD8-EF5C24EC86D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v12.0 (en-US)

Profilname : default 
Datei : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\prefs.js

Gefunden : user_pref("extensions.Softonic.admin", false);
Gefunden : user_pref("extensions.Softonic.aflt", "SD");
Gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Gefunden : user_pref("extensions.Softonic.cntry", "AT");
Gefunden : user_pref("extensions.Softonic.cv", "cv5");
Gefunden : user_pref("extensions.Softonic.dfltLng", "de");
Gefunden : user_pref("extensions.Softonic.envrmnt", "production");
Gefunden : user_pref("extensions.Softonic.excTlbr", false);
Gefunden : user_pref("extensions.Softonic.hdrMd5", "F8120948C47546B90C956EFD3A22D0C5");
Gefunden : user_pref("extensions.Softonic.hmpg", false);
Gefunden : user_pref("extensions.Softonic.id", "687e0c9d000000000000f2df9a395f3e");
Gefunden : user_pref("extensions.Softonic.instlDay", "15552");
Gefunden : user_pref("extensions.Softonic.instlRef", "MON1207T10");
Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.323:45:25");
Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.Softonic.newTab", false);
Gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gefunden : user_pref("extensions.Softonic.sg", "az");
Gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic.tlbrId", "base");
Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1207T10/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.Softonic.vrsn", "1.6.4.3");
Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.6.4.323:45:25");
Gefunden : user_pref("extensions.Softonic.vrsni", "1.6.4.3");
Gefunden : user_pref("extensions.Softonic_i.newTab", false);
Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.323:45:25");
Gefunden : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8517 octets] - [31/08/2012 13:13:06]
AdwCleaner[R2].txt - [8577 octets] - [31/08/2012 21:15:20]
AdwCleaner[R3].txt - [9026 octets] - [31/08/2012 21:20:07]

########## EOF - C:\AdwCleaner[R3].txt - [9086 octets] ##########
         

Alt 31.08.2012, 20:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.09.2012, 19:28   #11
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Tut mir Leid weil ich auch am Wochenende arbeite hab ich nicht immer Zeit.

Hier ist das adw cleaner log

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/02/2012 um 20:15:43 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kevin - KEVIN-TOSH
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Kevin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Users\Kevin\AppData\Local\vghd
Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562CEF75-F09F-40F0-8253-1DB0AB096E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60757BDE-F16E-4D43-8A71-9FD72A0F2998}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97B075D1-25D7-40AF-8DD8-EF5C24EC86D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v12.0 (en-US)

Profilname : default 
Datei : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\prefs.js

C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "AT");
Gelöscht : user_pref("extensions.Softonic.cv", "cv5");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "F8120948C47546B90C956EFD3A22D0C5");
Gelöscht : user_pref("extensions.Softonic.hmpg", false);
Gelöscht : user_pref("extensions.Softonic.id", "687e0c9d000000000000f2df9a395f3e");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15552");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MON1207T10");
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.323:45:25");
Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.Softonic.newTab", false);
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gelöscht : user_pref("extensions.Softonic.sg", "az");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1207T10/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.4.3");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.4.323:45:25");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.4.3");
Gelöscht : user_pref("extensions.Softonic_i.newTab", false);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.323:45:25");
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8517 octets] - [31/08/2012 13:13:06]
AdwCleaner[R2].txt - [8577 octets] - [31/08/2012 21:15:20]
AdwCleaner[R3].txt - [9151 octets] - [31/08/2012 21:20:07]
AdwCleaner[S1].txt - [376 octets] - [02/09/2012 20:09:01]
AdwCleaner[S2].txt - [376 octets] - [02/09/2012 20:10:36]
AdwCleaner[R4].txt - [9040 octets] - [02/09/2012 20:15:22]
AdwCleaner[S3].txt - [8873 octets] - [02/09/2012 20:15:43]

########## EOF - C:\AdwCleaner[S3].txt - [8933 octets] ##########
         

Alt 03.09.2012, 19:37   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.09.2012, 22:46   #13
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Bei mir geht alles wieder ganz normal seit ich Malwarebytes ausgeführt habe und bis jetzt ist mir noch nicht aufgefallen, dass etwas fehlt.

Alt 04.09.2012, 13:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.09.2012, 22:05   #15
Versuchstier
 
Polizei-Trojaner hat mich erwischt - Standard

Polizei-Trojaner hat mich erwischt



Hier ist das OTL Log:

Code:
ATTFilter
OTL logfile created on: 9/4/2012 10:19:53 PM - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Kevin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7.91 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 68.69% Memory free
15.82 Gb Paging File | 13.00 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.20 Gb Total Space | 446.49 Gb Free Space | 65.45% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-TOSH | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (DVB7700ALL) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120903.025\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120903.025\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120831.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120823.007\BHDrvx64.sys (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7CF3FA9B-4D75-4A99-9D05-0092AFDC9FD2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comoestamos.com/search/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{68A72E44-9F07-436B-ADC8-000512CCE1DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = hxxp://www.comoestamos.com/search/searchgoogle.asp?q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\UpdatusUser\Desktop
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kevin\Desktop
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT448
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/22 00:55:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/08/16 04:43:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/09/02 20:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 19:57:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/26 19:15:29 | 000,000,000 | ---D | M]
 
[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012/09/02 20:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions
[2012/08/20 21:18:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/20 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\EXTENSIONS\FFXTLBRA@SOFTONIC.COM
[2012/04/25 19:57:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: preisspion.de = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.0_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2011/09/10 05:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk =  File not found
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mcx1-KEVIN-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.28.128.34 195.96.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1EFD16-CBA1-4C51-9DE0-2DD4AFBFE634}: DhcpNameServer = 81.28.128.34 195.96.0.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{193E3B0D-2BA7-44D7-BEF1-DC8545885B0F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/30 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\WillowTree#-2.2.1.102
[2012/08/26 19:13:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/20 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/08/20 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/08/20 21:18:26 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012/08/19 14:23:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Virenkiller logs
[2012/08/19 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/17 08:55:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/17 08:55:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/17 08:55:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/17 08:55:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/17 08:55:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/17 08:55:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/17 08:55:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/17 08:55:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/17 08:55:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/17 08:55:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/17 08:55:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/17 08:54:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/17 08:54:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/17 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/16 04:47:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/16 04:47:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/16 04:46:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/16 04:46:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/16 04:46:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/16 04:46:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/16 04:46:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/16 04:46:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/16 04:42:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/16 04:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/16 04:41:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/16 04:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/16 04:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/16 03:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\ff11
[2012/08/16 03:47:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/08/16 02:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012/08/16 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/16 02:56:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/16 02:56:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/16 01:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\rsiogkxqxettjhl
[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Songbird2
[2012/08/14 12:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[2012/08/14 12:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird
[2012/08/08 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Skyrim
[2012/08/08 08:38:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2012/08/08 08:38:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2012/08/08 08:38:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2012/08/08 08:38:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2012/08/08 08:38:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2012/08/08 08:38:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2012/08/08 08:38:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2012/08/08 08:38:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2012/08/08 08:38:37 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2012/08/08 08:38:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2012/08/08 08:38:37 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2012/08/08 08:38:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2012/08/08 08:38:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2012/08/08 08:38:36 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2012/08/08 08:38:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2012/08/08 08:38:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2012/08/08 08:38:35 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2012/08/08 08:38:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2012/08/08 08:38:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2012/08/08 08:38:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2012/08/08 08:38:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2012/08/08 08:38:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2012/08/08 08:38:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2012/08/08 08:38:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2012/08/08 08:38:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2012/08/08 08:38:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2012/08/08 08:38:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2012/08/08 08:38:30 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2012/08/08 08:38:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2012/08/08 08:38:30 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2012/08/08 08:38:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2012/08/08 08:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2012/08/08 08:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2012/08/08 08:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2012/08/08 08:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2012/08/08 08:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2012/08/08 08:38:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2012/08/08 08:38:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2012/08/08 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Games
[2012/08/07 02:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/08/06 05:54:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\XboxMB
[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\windows\XSxS
[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Xenocode
[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2012/08/06 05:53:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Downloads
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/04 22:15:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/04 12:06:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/04 11:44:28 | 085,196,800 | ---- | M] () -- C:\Users\Kevin\Desktop\TN_00033_-_382Mb.mp4.9u13woz.partial
[2012/09/03 11:56:06 | 001,614,892 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/03 11:56:06 | 000,697,534 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/09/03 11:56:06 | 000,652,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/03 11:56:06 | 000,148,540 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/09/03 11:56:06 | 000,121,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/02 20:29:59 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 20:29:59 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 20:18:54 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 20:08:26 | 000,511,265 | ---- | M] () -- C:\Users\Kevin\Desktop\adwcleaner.exe
[2012/09/02 01:29:18 | 000,102,400 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0004.sav
[2012/09/02 01:20:53 | 000,106,496 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0004.sav.bak1
[2012/08/31 23:36:18 | 000,155,648 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0003.sav.bak1
[2012/08/30 09:03:38 | 000,000,211 | ---- | M] () -- C:\Users\Kevin\Desktop\Wicked MA.url
[2012/08/29 06:47:24 | 000,000,219 | ---- | M] () -- C:\Users\Kevin\Desktop\ESET Online Scanner.url
[2012/08/26 19:15:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/26 16:21:46 | 000,000,190 | ---- | M] () -- C:\Users\Kevin\Desktop\Anime Online Database - Anime Videos Reviews Pictures Forums And More.url
[2012/08/26 15:34:06 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/26 15:34:06 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/24 04:41:55 | 001,524,173 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/19 21:10:58 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012/08/17 09:15:01 | 000,002,512 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/08/17 09:14:28 | 000,276,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/16 04:42:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/16 04:42:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/16 04:42:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/16 04:30:46 | 000,921,344 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe
[2012/08/16 04:17:09 | 000,002,046 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/08/16 03:47:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/08/16 02:56:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/16 02:56:26 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/16 01:29:48 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038
[2012/08/16 01:25:07 | 000,000,051 | ---- | M] () -- C:\ProgramData\oewjvtfvpnesgyz
[2012/08/14 12:37:17 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk
[2012/08/10 07:28:35 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/08 14:02:08 | 016,314,368 | ---- | M] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs
[2012/08/08 09:00:08 | 000,000,221 | ---- | M] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/04 11:21:54 | 085,196,800 | ---- | C] () -- C:\Users\Kevin\Desktop\TN_00033_-_382Mb.mp4.9u13woz.partial
[2012/09/02 20:08:08 | 000,511,265 | ---- | C] () -- C:\Users\Kevin\Desktop\adwcleaner.exe
[2012/09/02 01:28:25 | 000,106,496 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0004.sav.bak1
[2012/09/02 01:20:53 | 000,102,400 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0004.sav
[2012/08/31 23:42:49 | 000,155,648 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0003.sav.bak1
[2012/08/30 09:03:38 | 000,000,211 | ---- | C] () -- C:\Users\Kevin\Desktop\Wicked MA.url
[2012/08/29 06:47:24 | 000,000,219 | ---- | C] () -- C:\Users\Kevin\Desktop\ESET Online Scanner.url
[2012/08/16 23:00:36 | 000,000,190 | ---- | C] () -- C:\Users\Kevin\Desktop\Anime Online Database - Anime Videos Reviews Pictures Forums And More.url
[2012/08/16 04:42:37 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/16 04:42:37 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/16 04:42:31 | 000,002,512 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/08/16 04:30:17 | 000,921,344 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe
[2012/08/16 02:56:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/16 01:25:00 | 000,000,051 | ---- | C] () -- C:\ProgramData\oewjvtfvpnesgyz
[2012/08/14 12:37:17 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk
[2012/08/08 14:00:44 | 016,314,368 | ---- | C] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs
[2012/08/08 09:00:08 | 000,000,221 | ---- | C] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url
[2012/06/17 23:22:41 | 000,000,300 | ---- | C] () -- C:\windows\ACTIVEJP.INI
[2012/01/24 04:49:22 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/09/10 05:47:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/09/10 05:47:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/09/10 05:47:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/09/10 05:47:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/09/10 05:47:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/09/02 15:07:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/02 14:52:25 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\treeskp.sys
[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\sbacknt.bin
[2011/08/06 18:24:27 | 001,592,786 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/06 14:20:04 | 000,059,685 | ---- | C] () -- C:\windows\War3Unin.dat
[2011/06/17 06:12:01 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/04/05 05:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/05 05:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/05 05:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 21:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/03/24 13:36:03 | 000,000,000 | -HSD | M] -- C:\Users\Kevin\AppData\Roaming\.#
[2011/08/11 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\3DataManager
[2011/08/13 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2012/07/30 17:22:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AnvSoft
[2012/02/18 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Clickteam
[2011/08/13 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Datel
[2012/06/19 02:25:14 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DivX
[2012/08/25 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft
[2012/08/20 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/06 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities
[2011/04/12 04:33:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2012/08/16 02:57:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2012/08/16 02:05:27 | 000,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2012/04/20 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2012/08/16 02:12:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Software
[2011/08/30 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Swift Sound
[2011/11/16 18:54:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Nero
[2011/08/29 23:09:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OCS
[2011/08/29 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Opera
[2011/08/11 16:27:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips
[2011/08/10 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips-Songbird
[2011/08/10 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Program Files (x86)
[2012/05/28 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Real
[2012/03/29 16:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype
[2012/07/11 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SoftGrid Client
[2012/08/14 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2011/08/07 01:39:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba
[2011/08/06 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TOSHIBA Online Product Information
[2011/08/06 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TP
[2012/07/31 23:12:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\vlc
[2011/08/06 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch
 
< %APPDATA%\*.exe /s >
[2010/09/20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kevin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007/08/29 15:36:06 | 000,167,424 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe
[2008/02/13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2011/04/20 11:16:26 | 000,985,088 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\ffmpeg11\x264stub.exe
[2011/09/05 14:22:58 | 001,270,801 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\x264enc2\x264enc2.exe
[2011/08/29 23:09:00 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011/08/29 23:09:00 | 000,040,960 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012/07/12 04:03:46 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012/06/28 07:50:02 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe
[2012/06/05 14:56:14 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          Schliesse bitte nun alle Programme. (Wichtig)  >
 
< Klicke nun bitte auf den Quick Scan Button >
 
========== Files - Unicode (All) ==========
[2012/02/18 13:33:45 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説
[2012/02/18 13:20:16 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説

< End of report >
         

Antwort

Themen zu Polizei-Trojaner hat mich erwischt
7-zip, alles blockiert, bho, blockiert, conduit, desktop, diner dash, error, failed, fehler, firefox, flash player, format, google, home, iexplore.exe, index, logfile, microsoft office starter 2010, netzwerk, nodrives, nvidia update, nvpciflt.sys, programm, realtek, registry, remote control, rundll, scan, security, software, svchost.exe, symantec, udp, usb 3.0, wildtangent games



Ähnliche Themen: Polizei-Trojaner hat mich erwischt


  1. gvu trojaner hat mich erwischt
    Log-Analyse und Auswertung - 09.09.2013 (10)
  2. GVU Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (24)
  3. GVU Trojaner - Mich hat es auch erwischt!
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (21)
  4. GVU Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (11)
  5. Auch mich aht der GVU Trojaner erwischt
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (2)
  6. GVU-Trojaner ... hat mich auch erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (9)
  7. GVU-Trojaner hat mich auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (7)
  8. Polizei Trojaner hat mich erwischt
    Log-Analyse und Auswertung - 06.10.2012 (9)
  9. Trojaner hat mich ebenfalls erwischt.
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  10. Polizei-Trojaner Österreich erwischt
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (13)
  11. BKA Trojaner (mit Webcamfenster) hat mich erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (5)
  12. AKM Trojaner hat mich erwischt, wie vorgehen?
    Log-Analyse und Auswertung - 23.07.2012 (3)
  13. GVU-Trojaner 2.07 hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (14)
  14. Bundespolizei Trojaner hat mich erwischt!!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (13)
  15. 50€ Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  16. Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.11.2011 (2)
  17. Nu hat es mich auch erwischt! trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.09.2005 (6)

Zum Thema Polizei-Trojaner hat mich erwischt - Hallo Liebes Trojaner-Team Heute habe ich mir beim Surfen einen dieser miesen Polizei-Trojaner eingefangen bei dem durch diese Meldung alles blockiert ist. Ich habe den Laptop dann im abgesicherten Modus - Polizei-Trojaner hat mich erwischt...
Archiv
Du betrachtest: Polizei-Trojaner hat mich erwischt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.