Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC Performer Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.03.2013, 19:38   #1
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Hallo liebe Leute,

ich hab nun seit gut einem halben Jahr diesen Virus auf meinem Laptop, und hab zumindest mal endlich rausgefunden wie er heisst. PC Performer. Nach ein wenig erkundigen habe ich rausgefunden, dass dieser Virus durchaus weit verbreitet ist und in erster Linie dazu dient Anti Malware Programme auszuschalten, um Trojanern usw. freie Bahn zu geben sich auf meinem Computer einzunisten.

Die Symptome des Viruses sind relativ nervig. Ständig aufpoppende Werbungsfenster, die man nur durch löschen des html body's wieder entfernen kann. Nur kommen sie beim neuladen der Seite natürlich wieder hervor.

Sie führen mit ihren Links allerdings immer zu dieser Downloadseite für "PC Performer" (Den ich überigens nicht installiert habe).
Entweder ist das jetzt nur so ein kleiner "lockvirus" der mich dazu bringen will PC Performer zu installieren, oder es ist bereits PC Performer selbst (Ich verstände dabei einfach nicht weshalb es mich dann immer zu der Downloadseite directed.)

Hier also die Inhalte von OTL.txt und Gmer.txt. Extra.txt ist bei mir nicht erschienen nach dem Scann...

Code:
ATTFilter
OTL logfile created on: 3/30/2013 5:41:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicolas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.90% Memory free
7.68 Gb Paging File | 5.72 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 0.86 Gb Free Space | 0.57% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 97.59 Gb Free Space | 65.65% Space Free | Partition Type: NTFS
 
Computer Name: NICOLAS-TOSH | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/30 17:37:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL(1).exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/07/06 03:30:00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/12/14 18:40:28 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/10/19 11:01:04 | 000,581,120 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/19 17:11:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/12 21:35:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 03:30:00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/14 18:40:28 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/19 16:07:01 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/07/19 16:02:20 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/05/10 15:27:54 | 000,049,256 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/16 01:19:36 | 000,031,120 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV:64bit: - [2009/12/16 01:19:34 | 000,214,544 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2.sys -- (DGUSBAP)
DRV:64bit: - [2009/12/04 15:26:56 | 000,462,968 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV:64bit: - [2009/12/04 15:26:56 | 000,050,808 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV:64bit: - [2009/12/04 15:26:56 | 000,037,496 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV:64bit: - [2009/08/27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/26 13:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/08 19:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2008/02/18 15:54:08 | 000,041,664 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PreSonusUSB_xfer.sys -- (ControlTransferDriver)
DRV:64bit: - [2007/09/05 12:04:48 | 000,077,872 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/?l=dis&o=102876&gct=hp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35150E16-8780-450B-A9BD-D2A8B09462F8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYCH&apn_uid=81d0cd2b-6e84-477a-ad6f-254142e3bb23&apn_sauid=FB6F1533-49ED-4E42-9F36-79247A70312E
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_enCH368
IE - HKCU\..\SearchScopes\{96527F6A-30FE-4CA3-9ABF-9059C4429721}: "URL" = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{E4906BB9-7BD7-41C7-A684-4A40B3A87254}: "URL" = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com/?l=dis&o=102876&gct=hp"
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 17:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 17:11:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/17 16:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Extensions
[2013/03/30 16:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions
[2013/03/30 16:24:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/23 14:06:05 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\extension@preispilot.com.xpi
[2013/03/11 14:05:21 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/03/24 14:43:23 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 20:00:14 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/29 20:45:24 | 000,002,325 | ---- | M] () -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\searchplugins\askcom.xml
[2013/03/19 17:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/19 17:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/27 18:40:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/19 17:11:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/14 22:21:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/19 16:59:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Princess Luna Theme = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgegimlgkachmbieeilacjkonkbaken\1_0\
CHR - Extension: Dropbox = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.4_1\
CHR - Extension: Gmail = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/08/07 12:01:48 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 78.46.61.26 www.google-analytics.com.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AtwtusbIcon] C:\Windows\SysNative\AtwtusbIcon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286A21A7-DC3C-45FD-BF73-D50549AB8351}: DhcpNameServer = 194.230.1.103 194.230.1.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f3d2cff-6a26-11df-8caf-701a04306ae1}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3d2cff-6a26-11df-8caf-701a04306ae1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/30 17:37:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL(1).exe
[2013/03/30 16:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\Programs
[2013/03/30 06:08:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Egosoft
[2013/03/30 00:27:00 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\{C12652D9-14DA-4565-9620-578CBD188488}
[2013/03/26 14:55:24 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2013/03/26 14:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftColor
[2013/03/26 14:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftColor PhotoEQ
[2013/03/26 14:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftColorPhotoEQ
[2013/03/26 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013/03/26 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013/03/26 14:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/30 17:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/30 17:37:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL(1).exe
[2013/03/30 17:36:47 | 000,000,000 | ---- | M] () -- C:\Users\Nicolas\defogger_reenable
[2013/03/30 17:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/30 16:17:07 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/30 15:11:28 | 000,025,789 | ---- | M] () -- C:\Users\Nicolas\Documents\Playpony doc.odt
[2013/03/30 15:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/30 06:07:17 | 000,048,607 | ---- | M] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/03/30 03:45:58 | 000,000,041 | ---- | M] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/30 02:17:47 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/30 02:17:47 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/30 02:17:47 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/29 23:58:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 23:21:48 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\test.reason
[2013/03/27 19:01:26 | 001,310,772 | ---- | M] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/03/27 18:18:00 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/03/27 11:45:10 | 000,016,831 | ---- | M] () -- C:\Users\Nicolas\Documents\EU-M 13.odt
[2013/03/26 21:34:08 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Needs more Terrorcore.reason
[2013/03/26 21:33:22 | 001,310,772 | ---- | M] () -- C:\Users\Nicolas\Documents\frecnhcore... once again2.reason
[2013/03/26 14:12:53 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/24 21:15:57 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Ang.reason
[2013/03/24 21:15:21 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\dubstäääähp.reason
[2013/03/24 14:11:55 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 14:11:55 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 23:35:29 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\InfectedPonyz YOU MOTHERFUCKING RANDOM SHIT.reason
[2013/03/20 18:54:44 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/20 12:40:29 | 000,009,412 | ---- | M] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 17:21:22 | 000,020,128 | ---- | M] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/19 16:55:30 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/07 18:32:41 | 000,048,917 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.pdf
[2013/03/07 17:14:13 | 000,021,033 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.odt
[2013/03/06 16:55:25 | 000,127,945 | ---- | M] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
[2013/02/28 21:09:59 | 000,099,662 | ---- | M] () -- C:\Users\Nicolas\Documents\rechnung.pdf
[2013/02/28 21:08:05 | 000,079,712 | ---- | M] () -- C:\Users\Nicolas\Documents\Rechnung.png
[2013/02/28 20:57:13 | 000,032,976 | ---- | M] () -- C:\Users\Nicolas\Documents\Rechnung
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/30 17:36:47 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\defogger_reenable
[2013/03/30 06:07:17 | 000,048,607 | ---- | C] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/03/30 03:45:58 | 000,000,041 | ---- | C] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/28 23:21:46 | 000,786,484 | ---- | C] () -- C:\Users\Nicolas\Documents\test.reason
[2013/03/26 14:12:53 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/23 00:05:41 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/03/20 18:23:22 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/19 19:50:00 | 000,009,412 | ---- | C] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 17:21:19 | 000,020,128 | ---- | C] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/07 17:17:59 | 001,310,772 | ---- | C] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/03/06 16:55:21 | 000,127,945 | ---- | C] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
[2013/02/28 21:09:55 | 000,099,662 | ---- | C] () -- C:\Users\Nicolas\Documents\rechnung.pdf
[2013/02/28 21:08:03 | 000,079,712 | ---- | C] () -- C:\Users\Nicolas\Documents\Rechnung.png
[2013/02/28 20:57:13 | 000,032,976 | ---- | C] () -- C:\Users\Nicolas\Documents\Rechnung
[2012/12/31 19:37:48 | 000,004,305 | ---- | C] () -- C:\Windows\jpvxmbb64.ini
[2012/12/31 19:37:48 | 000,001,442 | ---- | C] () -- C:\Windows\crcvq.ini
[2012/12/19 18:01:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/10/06 23:21:05 | 000,019,752 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Local.rar
[2012/06/12 21:07:50 | 006,518,312 | ---- | C] () -- C:\Users\Nicolas\DSCN0218.JPG
[2012/06/12 21:07:50 | 006,489,988 | ---- | C] () -- C:\Users\Nicolas\DSCN0216.JPG
[2012/03/21 18:47:20 | 000,765,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 21:44:45 | 000,896,104 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.39.png
[2012/02/08 21:44:45 | 000,886,843 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.36.png
[2011/11/30 18:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{B642EC8E-7E2E-4957-B599-F8460982D199}
[2011/11/27 18:20:12 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{A8063AD1-FFB6-4922-AF23-C4BAC29A607E}
[2011/09/03 14:05:53 | 000,000,132 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/04 14:14:50 | 000,008,263 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010/10/27 15:34:47 | 000,007,597 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Resmon.ResmonCfg
[2010/09/11 15:32:26 | 000,000,238 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\wklnhst.dat
[2010/06/20 18:05:01 | 000,012,800 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.minecraft
[2013/02/02 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.techniclauncher
[2013/03/26 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Audacity
[2011/07/16 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Blender Foundation
[2011/06/29 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Celemony Software GmbH
[2011/12/27 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/09 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/03/24 12:21:44 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Dropbox
[2012/10/06 18:44:02 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft
[2011/11/19 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/09 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\EarMaster
[2012/10/29 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\FreeHideIP
[2013/03/30 04:11:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\gtk-2.0
[2011/10/15 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Line 6
[2012/07/19 15:43:06 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\MAGIX
[2011/12/15 20:14:20 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\OpenOffice.org
[2010/02/23 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\PACE Anti-Piracy
[2012/06/19 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Propellerhead Software
[2011/12/08 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Publish Providers
[2013/03/26 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2011/08/25 15:00:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Solveig Multimedia
[2011/12/08 14:59:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Sony
[2012/08/04 15:27:32 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SYSTEMAX Software Development
[2010/09/11 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Template
[2010/03/22 15:27:58 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Toshiba
[2012/08/08 13:03:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\TS3Client
[2011/09/30 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >
         
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 19:34:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0040 298.09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Nicolas\AppData\Local\Temp\pwliqpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077b81465 2 bytes [B8, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077b814bb 2 bytes [B8, 77]
.text   ...                                                                                                                               * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [864:1172]                                                                                        000007fefa5b59a0
Thread  C:\Windows\System32\svchost.exe [864:1248]                                                                                        000007fefd7b1a70
Thread  C:\Windows\System32\svchost.exe [864:2196]                                                                                        000007fef85320c0
Thread  C:\Windows\System32\svchost.exe [864:2204]                                                                                        000007fef85326a8
Thread  C:\Windows\System32\svchost.exe [864:2628]                                                                                        000007fef97844e0
Thread  C:\Windows\System32\svchost.exe [864:1408]                                                                                        000007fef5be42c8
Thread  C:\Windows\System32\svchost.exe [864:3132]                                                                                        000007fef5f05fd0
Thread  C:\Windows\System32\svchost.exe [864:3080]                                                                                        000007fef5f063ec
Thread  C:\Windows\System32\svchost.exe [864:2244]                                                                                        000007fef99f88f8
Thread  C:\Windows\System32\svchost.exe [864:2104]                                                                                        000007fefab7a2b0
Thread  C:\Windows\System32\svchost.exe [864:5588]                                                                                        000007fef99f9170
Thread  C:\Windows\system32\svchost.exe [936:2796]                                                                                        000007fef581506c
Thread  C:\Windows\system32\svchost.exe [936:2804]                                                                                        000007fef8a31c20
Thread  C:\Windows\system32\svchost.exe [936:2784]                                                                                        000007fef8a31c20
Thread  C:\Windows\system32\svchost.exe [936:5472]                                                                                        000007fefb6d1ab0
Thread  C:\Windows\system32\svchost.exe [936:5332]                                                                                        000007fefb484164
Thread  C:\Windows\System32\spoolsv.exe [1232:2528]                                                                                       000007fef64310c8
Thread  C:\Windows\System32\spoolsv.exe [1232:2560]                                                                                       000007fef63f6144
Thread  C:\Windows\System32\spoolsv.exe [1232:1820]                                                                                       000007fef5f05fd0
Thread  C:\Windows\System32\spoolsv.exe [1232:2548]                                                                                       000007fef5ef3438
Thread  C:\Windows\System32\spoolsv.exe [1232:2644]                                                                                       000007fef5f063ec
Thread  C:\Windows\System32\spoolsv.exe [1232:272]                                                                                        000007fef77f5e5c
Thread  C:\Windows\System32\spoolsv.exe [1232:520]                                                                                        000007fef6d75074
Thread  C:\Windows\system32\svchost.exe [1644:5352]                                                                                       000007fef5f05fd0
Thread  C:\Windows\system32\svchost.exe [1644:5356]                                                                                       000007fef5ef3438
Thread  C:\Windows\system32\svchost.exe [1644:5360]                                                                                       000007fef5f063ec
Thread  C:\Windows\system32\taskhost.exe [2840:2872]                                                                                      000007fef7a63d18
Thread  C:\Windows\system32\taskhost.exe [2840:2932]                                                                                      000007fef7a21f38
Thread  C:\Windows\system32\taskhost.exe [2840:2988]                                                                                      000007fef79c2740
Thread  C:\Windows\system32\taskhost.exe [2840:2996]                                                                                      000007feff849274
Thread  C:\Windows\system32\taskhost.exe [2840:3040]                                                                                      000007fefba31010
Thread  C:\Windows\system32\SearchIndexer.exe [3636:3476]                                                                                 000007fef33df3c0
Thread  C:\Windows\system32\svchost.exe [2268:4012]                                                                                       000007fef5aa8470
Thread  C:\Windows\system32\svchost.exe [2268:1228]                                                                                       000007fef5ab2418
Thread  C:\Windows\system32\taskhost.exe [676:1332]                                                                                       000007fef85fef24

---- EOF - GMER 2.1 ----
         

Alt 30.03.2013, 21:40   #2
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.




Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss.
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, FireJump, SearchAnonymizer, SpeedMaxPC




Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.


Schritt 4:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.
__________________

__________________

Alt 31.03.2013, 17:01   #3
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Besten Dank für die schnelle Antwort und fürs Aushelfen!

Programme sind deinstalliert. Hier die Codes:

AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.115 - Logfile created 03/30/2013 at 22:53:40
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nicolas - NICOLAS-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Nicolas\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\searchplugins\Askcom.xml
Folder Deleted : C:\Users\Nicolas\AppData\Local\APN
Folder Deleted : C:\Users\Nicolas\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://eu.ask.com/?l=dis&o=102876&gct=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=102876&gct=hp");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader");
Deleted : user_pref("extentions.y2layers.installId", "22d9b182-ee71-4980-9201-3666706027d0");

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19031 octets] - [06/10/2012 21:35:45]
AdwCleaner[R2].txt - [19092 octets] - [06/10/2012 22:51:49]
AdwCleaner[S1].txt - [20105 octets] - [06/10/2012 22:52:12]
AdwCleaner[S2].txt - [3717 octets] - [30/03/2013 22:53:40]

########## EOF - C:\AdwCleaner[S2].txt - [3777 octets] ##########
         
DDS+ dds.txt
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16470
Run by Nicolas at 16:54:39 on 2013-03-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1033.18.3933.2614 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\AtwtusbIcon.exe
C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\Nicolas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{286A21A7-DC3C-45FD-BF73-D50549AB8351} : DHCPNameServer = 194.230.1.103 194.230.1.71
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\140707C6564416378602C333 : DHCPNameServer = 194.230.1.103 194.230.1.71
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\246414D2745756374737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\465667F6C6F6D2030303243324541433340354 : DHCPNameServer = 212.98.37.128 194.230.55.99
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\8405D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\A5978554C4F5142474E4F513 : DHCPNameServer = 212.98.37.128 194.230.55.99
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtwtusbIcon] AtwtusbIcon.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-30 16:24; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-2-23 482384]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-6 682344]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-6 24176]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-2-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-4 215040]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-2-23 942080]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 ControlTransferDriver;AudioBox USB Control Transfer;C:\Windows\System32\drivers\PreSonusUSB_xfer.sys [2010-2-25 41664]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2009-12-16 214544]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2009-12-16 31120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;C:\Windows\System32\drivers\psabusbm.sys [2012-2-21 37496]
S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;C:\Windows\System32\drivers\psabusbu.sys [2012-2-21 462968]
S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;C:\Windows\System32\drivers\psabusba.sys [2012-2-21 50808]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-23 222208]
S3 SwitchBoard;SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-2-23 51512]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-3 1255736]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2011-5-10 49256]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-30 15:16:53	--------	d-----w-	C:\Users\Nicolas\AppData\Local\Programs
2013-03-29 23:27:00	--------	d-----w-	C:\Users\Nicolas\AppData\Local\{C12652D9-14DA-4565-9620-578CBD188488}
2013-03-29 09:21:21	9311288	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76F1FD14-B2C9-45D7-A4D0-2B0DE4932776}\mpengine.dll
2013-03-26 13:55:24	--------	d-----w-	C:\Users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 13:55:24	--------	d-----w-	C:\ProgramData\SoftColor
2013-03-26 13:55:18	--------	d-----w-	C:\Program Files (x86)\SoftColorPhotoEQ
2013-03-26 13:12:55	--------	d-----w-	C:\ProgramData\tmp
2013-03-26 13:12:55	--------	d-----w-	C:\ProgramData\hps
2013-03-16 23:33:11	19968	----a-w-	C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-03-12 20:35:15	73432	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 20:35:15	693976	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31	474112	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19	1392128	----a-w-	C:\Windows\System32\wininet.dll
2013-02-02 06:42:18	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51	599040	----a-w-	C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-01-17 00:28:58	273840	------w-	C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02	2560	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42	10752	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21	4096	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31	9728	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31	2560	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18	10752	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07	3584	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48	4096	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41	5632	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40	5632	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40	3072	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40	3072	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22	1988096	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31	293376	----a-w-	C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00	249856	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43	220160	----a-w-	C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35	1504768	----a-w-	C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04	1643520	----a-w-	C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28	1175552	----a-w-	C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01	604160	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58	207872	----a-w-	C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14	187392	----a-w-	C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30	2565120	----a-w-	C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17	363008	----a-w-	C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25	1080832	----a-w-	C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39	333312	----a-w-	C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32	1887232	----a-w-	C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21	296960	----a-w-	C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57	3419136	----a-w-	C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04	245248	----a-w-	C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33	648192	----a-w-	C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30	221184	----a-w-	C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42	194560	----a-w-	C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04	1238528	----a-w-	C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36	3928064	----a-w-	C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58	364544	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43	465920	----a-w-	C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52	522752	----a-w-	C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42	1158144	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09	1682432	----a-w-	C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43	5553512	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15	3967848	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11	3913064	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21	2284544	----a-w-	C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13	2776576	----a-w-	C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-01-04 02:47:35	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54	1913192	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42	288088	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 16:55:35.21 ===============
         
--- --- ---


attach.txt
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 23.02.2010 17:09:34
System Uptime: 31.03.2013 16:35:55 (0 hours ago)
.
Motherboard: TOSHIBA |  | KSWAA
Processor: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 3.815 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 101.434 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: NETGEAR Wireless Extreme WNDRMACv2
Device ID: UUID:4D696E69-444C-164E-9D42-204E7F73DC31\UMB\3&30237AD2&0&UUID:4D696E69-444C-164E-9D42-204E7F73DC31
Manufacturer: 
Name: NETGEAR Wireless Extreme WNDRMACv2
PNP Device ID: UUID:4D696E69-444C-164E-9D42-204E7F73DC31\UMB\3&30237AD2&0&UUID:4D696E69-444C-164E-9D42-204E7F73DC31
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Adobe Story
Apple Application Support
Apple Mobile Device Support
Audacity 1.3.13 (Unicode)
AudioBox USB driver
Authorizer 1.0.5
Authorizer 2.0
Authorizer Ignition Key Support
BenVista PhotoZoom Pro 4.0.6
Bing Bar
Blender
Bonjour
Canon Inkjet Printer Driver Add-On Module
CodeMeter Runtime Kit v4.01
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
DDR - FAT Recovery 4.0.1.6
DDR - FAT Recovery(Demo) 4.0.1.6
Digidesign Audio Drivers (x64)
Dropbox
EarMaster Pro 5
EASEUS Data Recovery Wizard Free Edition 5.0.1
File Recover 8.0
Free YouTube to MP3 Converter version 3.11.32.918
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HyperCam 3
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Interlok driver setup x64
iTunes
Junk Mail filter update
Line 6 Uninstaller
Livestream Procaster
Müller Foto
MacroKey Manager
MAGIX Music Maker SE
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware Version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Kinect Runtime v1.0
Microsoft Kinect Speech Recognition Language Pack (en-US)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Server Speech Platform Runtime (x64)
Microsoft Server Speech Platform Runtime (x86)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PDF Settings CS5
PDFCreator
PhotoRescue Wizard PC 3.2.6.13068
PlayReady PC Runtime amd64
Preispilot für Firefox
PreSonus 1.0.9.0 Driver
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Reason 6.0.1
Reason 6.5
Record 1.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype(TM) Launcher
Skype™ 6.1
SoftColor PhotoEQ version 1.1.6
Synaptics Pointing Device Driver
TeamSpeak 3 Client
Text-To-Speech-Runtime
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
TOSHIBA PC Health Monitor
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Trust tablet driver
TwistedBrush Open Studio
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
Vectorian Giotto 3.0.0
Vegas Pro 10.0
VirtualDJ Home FREE
VLC media player 1.0.5
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
X3 Terran Conflict v3.0
Yamaha USB-MIDI Driver
.
==== Event Viewer Messages From Past Week ========
.
31.03.2013 16:37:13, Error: Service Control Manager [7000]  - The atksgt service failed to start due to the following error:  This driver has been blocked from loading
31.03.2013 16:37:13, Error: Application Popup [875]  - Driver atksgt.sys has been blocked from loading.
31.03.2013 16:28:51, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
30.03.2013 23:24:22, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
30.03.2013 22:48:03, Error: Service Control Manager [7034]  - The FABS - Helping agent for MAGIX media database service terminated unexpectedly.  It has done this 1 time(s).
29.03.2013 23:50:21, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
         
__________________

Alt 31.03.2013, 20:19   #4
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Das ist ja schon Mal erfreulich....

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 02.04.2013, 10:18   #5
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.04.2013, 13:44   #6
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Es tut mir sehr Leid, dass ich noch nicht zurückgeschrieben hatte - ich hatte viel zu tun.

Hier die Logdatei:
Code:
ATTFilter
ComboFix 13-04-02.01 - Nicolas 03.04.2013  13:13:45.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1033.18.3933.2799 [GMT 2:00]
ausgeführt von:: c:\users\Nicolas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-03 bis 2013-04-03  ))))))))))))))))))))))))))))))
.
.
2013-04-03 11:27 . 2013-04-03 11:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-03 11:20 . 2013-04-03 11:20	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A88D61F-8312-496E-A434-DEDFB6314F0C}\offreg.dll
2013-04-02 17:00 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A88D61F-8312-496E-A434-DEDFB6314F0C}\mpengine.dll
2013-03-30 15:16 . 2013-03-30 15:16	--------	d-----w-	c:\users\Nicolas\AppData\Local\Programs
2013-03-26 13:55 . 2013-03-26 13:55	--------	d-----w-	c:\users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 13:55 . 2013-03-26 13:55	--------	d-----w-	c:\programdata\SoftColor
2013-03-26 13:55 . 2013-03-26 13:55	--------	d-----w-	c:\program files (x86)\SoftColorPhotoEQ
2013-03-26 13:12 . 2013-03-27 15:06	--------	d-----w-	c:\programdata\hps
2013-03-26 13:12 . 2013-03-27 12:55	--------	d-----w-	c:\programdata\tmp
2013-03-16 23:33 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 14:00 . 2010-02-24 16:13	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-12 20:35 . 2012-04-15 11:35	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:35 . 2011-08-09 11:23	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-14 16:22	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 16:22	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 16:22	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 16:22	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 16:22	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 16:22	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2012-02-14 16:40	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 19:52	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 19:52	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 19:52	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 19:52	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 19:52	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 19:52	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 19:52	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 19:52	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 19:52	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 19:52	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 19:52	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 19:52	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 19:52	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 19:52	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 19:52	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 19:52	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 19:52	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 19:53	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 19:52	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 19:52	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 19:52	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 19:52	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 19:52	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 19:52	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 19:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 19:52	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 19:52	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 19:52	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 19:52	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 19:53	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 19:52	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 19:52	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 19:52	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 19:52	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 19:52	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 19:52	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 19:52	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 19:52	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 19:52	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 19:52	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-14 09:19	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 09:19	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 09:19	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-28 19:53	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-28 19:53	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-14 09:19	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 09:19	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 09:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 09:19	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 09:19	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 09:19	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 09:19	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 09:19	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 ControlTransferDriver;AudioBox USB Control Transfer;c:\windows\system32\Drivers\PreSonusUsb_xfer.sys [2008-02-18 41664]
R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2009-12-16 214544]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2009-12-16 31120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [2009-12-04 37496]
R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [2009-12-04 462968]
R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [2009-12-04 50808]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-05-10 49256]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2012-10-19 581120]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 09:41	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:35]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 16:20]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AtwtusbIcon"="AtwtusbIcon.exe" [2012-09-10 3593728]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\
FF - ExtSQL: 2013-03-30 16:24; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,8d,bc,a2,45,6c,24,28,74,c7,92,20,36,1a,57,fa,0b,f3,bf,3a,f2,3d,cb,
   0b,a2,4f,4e,47,a2,81,1e,3c,b0,8d,18,c9,37,cf,9e,3c,60,f8,b6,fd,c4,71,2d,ea,\
"??"=hex:bd,35,22,92,0a,f7,23,f6,e5,92,0b,56,c4,37,96,88
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-03  13:42:06
ComboFix-quarantined-files.txt  2013-04-03 11:42
.
Vor Suchlauf: 2'471'981'056 bytes free
Nach Suchlauf: 2'734'563'328 bytes free
.
- - End Of File - - 06902832BC97DA3A587FB5C747BC18A0
         

Alt 03.04.2013, 15:56   #7
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.04.2013, 18:24   #8
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicolas :: NICOLAS-TOSH [Administrator]

Schutz: Deaktiviert

03.04.2013 16:02:14
mbam-log-2013-04-03 (16-02-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227044
Laufzeit: 3 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET fand keine Ergebnisse.

Und hier noch SecurityCheck:
Code:
ATTFilter
¨ Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (Firefox.) 
 Google Chrome 25.0.1364.172  
 Google Chrome 26.0.1410.43  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
         

Alt 03.04.2013, 19:03   #9
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Prima!

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         

Schritt 3:
Entferne Flash 10


Schritt 4:
Update: Adobe Reader
  • Deinstalliere deine alte Version von Adobe Reader (Systemsteuerung > Programme > Deinstallieren).
  • Lade dir die aktuelle Version hier herunter: get.adobe.com/de/reader/
  • Entferne dabei den Haken:
- oder -

Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:

Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.04.2013, 19:45   #10
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Besten Dank für die Hilfe!

Allerdings gibt es noch ein kleines Problem, und das ist, dass die Werbepopups nach wie vor auftauchen...

Hier eine kurze Graphik wie das Ganze noch aussieht. Oben rechts ist das Popup zu sehen. Ich nutze normalerweise Firefox, aber das Popup erscheint auch bei Chrome, weshalb ich vermute, dass es von meinem PC her kommt.
Unten dran der html code, der hinter dem Ding steckt. Löscht man die Node verschwindet auch das Pop up. Nur leider ist das ziemlich aufwändig, jedes mal wenn man die Seite reloaded im html Code diesen Abschnitt zu löschen.


Alt 03.04.2013, 20:05   #11
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Na dann schauen wir weiter:

Seit wann ungefähr tritt das Problem auf?

Scan mit ZOEK

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Klicke auch auf "Options" und wähle die folgenden Optionen aus:
    • Firefox Look
    • Chrome Look
    • Silent Runners
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.04.2013, 20:18   #12
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Die Werbung tritt schon seit gut einem halben Jahr auf. Ich hatte früher schonmal hilfe auf einem anderen Board. Dort konnten wir es aber nicht entfernen.

Schlussendlich konnte ich die Inhalte der Werbung per Ad-blocker entfernen, aber der html body blieb nach wie vor da. Die Pop ups wie sie in der Graphik zu sehen sind kommen erst seit ca zwei Wochen vor, und Add-Blocker scheint es nicht als Popup zu erkennen.

Hier die Logdatei:

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Nicolas on 03.04.2013 at 20:08:25.13.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Preispilot - %ProfilePath%\extensions\extension@preispilot.com.xpi
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default
47299371607DC2FB234444EEACB1639E	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll -	Shockwave Flash
3E21E80D10E1033D9C137440554FF724	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 6.0.370.6
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[22.09.2012 22:08]

Google Docs - Nicolas - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nicolas - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Nicolas - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nicolas - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Princess Luna Theme - Nicolas - Default\Extensions\ghgegimlgkachmbieeilacjkonkbaken
Dropbox - Nicolas - Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl
Gmail - Nicolas - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [Realtek Semiconductor]
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
AtwtusbIcon = AtwtusbIcon.exe [null data]
TPwrMain = %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [TOSHIBA Corporation]
TosWaitSrv = %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [TOSHIBA Corporation]
TosSENotify = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [TOSHIBA Corporation]
Teco = "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [TOSHIBA Corporation]
SmoothView = %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [TOSHIBA Corporation]
00TCrdMain = %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [TOSHIBA Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Windows Live ID Sign-in Helper
                 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM.Wow.CLSID} = Windows Live ID Sign-in Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Google Toolbar Helper
                 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM.Wow.CLSID} = Google Toolbar Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Java(tm) Plug-In 2 SSV Helper
                 \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
  -> {HKLM.Wow.CLSID} = Java(tm) Plug-In 2 SSV Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Windows Live ID Sign-in Helper
                 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM.Wow.CLSID} = Windows Live ID Sign-in Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided)
  -> {HKLM.Wow.CLSID} = Windows Live Messenger Companion Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Google Toolbar Helper
                 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM.Wow.CLSID} = Google Toolbar Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
  -> {HKLM.Wow.CLSID} = Bing Bar Helper
                     \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Java(tm) Plug-In 2 SSV Helper
                 \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
  -> {HKLM.Wow.CLSID} = Java(tm) Plug-In 2 SSV Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.Wow.CLSID} = DropboxExt
                     \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.Wow.CLSID} = DropboxExt
                     \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.Wow.CLSID} = DropboxExt
                     \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM.CLSID} = Microsoft Office Metadata Handler
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM.CLSID} = Microsoft Office Thumbnail Handler
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM.CLSID} = WinRAR
                 \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
  -> {HKLM.CLSID} = OpenOffice.org Property Handler
                 \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll [OpenOffice.org]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM.CLSID} = iTunes
                 \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Shim
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Editor Shim
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
  -> {HKLM.Wow.CLSID} = OpenOffice.org Property Handler
                     \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll [OpenOffice.org]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
  -> {HKLM.Wow.CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM.Wow.CLSID} = Microsoft Office Thumbnail Handler
                     \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM.Wow.CLSID} = Microsoft Office Metadata Handler
                     \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM.Wow.CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{B65F237C-AAFF-4df7-8872-91B65663E41F}\(Default) = SmartFaceVCP
  -> {HKLM.CLSID} = SmartFaceVCP
                 \InProcServer32\(Default) = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll [TOSHIBA Corporation]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM.CLSID} = Microsoft Office InfoPath XML Mime Filter
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
  -> {HKCU.Wow.CLSID} = DropboxExt
                     \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                 \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                     \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM.CLSID} = MBAMShlExt Class
                 \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
  -> {HKCU.Wow.CLSID} = DropboxExt
                     \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                 \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                     \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                 \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                     \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                 \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
  -> {HKCU.Wow.CLSID} = DropboxExt
                     \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM.CLSID} = GraphicsShellExt Class
                 \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
  -> {HKLM.CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll [OpenOffice.org]
  -> {HKLM.Wow.CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM.CLSID} = MBAMShlExt Class
                 \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                 \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                     \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                 \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                     \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

disableregistrytools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}

EnableSecureUIAPath = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS5.1ImportMediaOnArrival\
Provider = Adobe Bridge CS5.1
InvokeProgID = Adobe.adobebridgeCS5.1
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5.1\shell\launch\command\(Default) = C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

Fotoimport3018-38\
Provider = CEWE FOTOIMPORTER
InvokeProgID = Fotoimport3018-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoimport3018-38\shell\play\command\(Default) = "D:\Mueller Photo\Mueller Foto\CEWE FOTOIMPORTER.exe" -startDirectory %1 [null data]

Fotoschau3018-38\
Provider = CEWE FOTOSCHAU
InvokeProgID = Fotoschau3018-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoschau3018-38\shell\play\command\(Default) = "D:\Mueller Photo\Mueller Foto\CEWE FOTOSCHAU.exe" -d %1 [null data]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                 \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

TosDVDPlayHandler\
Provider = TOSHIBA DVD PLAYER
InvokeProgID = TosDvdPlayer
InvokeVerb = play
HKLM\SOFTWARE\Classes\TosDvdPlayer\shell\play\command\(Default) = "C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe" [TOSHIBA Corporation]

WIA_{0553DF1C-4F8F-4CCD-8F4E-5FB384A4963D}\
Provider = Photoshop
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;F:\Adobe_PS_CS5_PORTABLE\APSCS5PODT\Adobe Photoshop CS5\App\PhotoshopCS5\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM.CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{43C64962-5AAD-40F3-A959-E2CFEA45E98C}\
Provider = Photoshop
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;G:\Adobe_PS_CS5_PORTABLE\APSCS5PODT\Adobe Photoshop CS5\App\PhotoshopCS5\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM.CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{F9591107-1C8B-419D-8DA7-11A4A7E95DF2}\
Provider = Photoshop
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Users\Nicolas\Downloads\Adobe_PS_CS5_PORTABLE\APSCS5PODT\Adobe Photoshop CS5\App\PhotoshopCS5\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM.CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Startup items in "Nicolas" & "All Users" startup folders:
---------------------------------------------------------

C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Nicolas-TOSH-Nicolas ->  launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [file not found]
ConfigFree Startup Programs ->  launches: C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [TOSHIBA CORPORATION]
CreateChoiceProcessTask ->  launches: C:\Windows\System32\browserchoice.exe /launch [MS]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
{5457E41B-0AAA-4E25-8C87-FDB2D586DC1E} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nicolas\Downloads\Digidesign_Audio_Drivers_70\Digidesign Audio Drivers 7.0\Digidesign Audio Drivers Setup.exe" -d "C:\Users\Nicolas\Downloads\Digidesign_Audio_Drivers_70\Digidesign Audio Drivers 7.0" [MS]
{77E055D8-B9B0-469B-B04F-384BCA60E9C9} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nicolas\AppData\Local\Temp\Temp1_PTLE_Audio_Drivers_64bit_v804b_63887.zip\Digidesign Audio Drivers Setup (x64).exe" [MS]
{97F3DC05-419E-4FCA-BFB1-B02D0A42A32E} ->  launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nicolas\Downloads\tbrusha_open_studio.exe -d C:\Users\Nicolas\Downloads [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM.Wow.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM.CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM.Wow.CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM.CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM.Wow.CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM.CLSID} = KernelCeipCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader ->  launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM.CLSID} = UsbCeip
                 \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM.Wow.CLSID} = UsbCeip
                     \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM.CLSID} = ScheduledDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM.CLSID} = WinSAT Task Manger Task
                 \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM.Wow.CLSID} = WinSAT Task Manger Task
                     \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM.CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM.CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM.CLSID} = HotStart User Agent
                 \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM.CLSID} = Microsoft PlaySoundService Class
                 \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM.Wow.CLSID} = Microsoft PlaySoundService Class
                     \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40b4-8963-D3C761B18371}
  -> {HKLM.CLSID} = PerfTrack TaskHandler class
                 \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM.CLSID} = ReliabilityAnalysisCustomHandler
                 \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM.Wow.CLSID} = ReliabilityAnalysisCustomHandler
                     \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM.CLSID} = RasMobilityManager
                 \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM.CLSID} = RegistryIdleBackupHandler
                 \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM.CLSID} = GadgetsManager Class
                 \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC
InputPersonalization ->  launches: %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM.CLSID} = RunTask
                 \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM.Wow.CLSID} = RunTask
                     \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM.CLSID} = MsCtfMonitor task handler
                 \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM.Wow.CLSID} = MsCtfMonitor task handler
                     \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM.CLSID} = DiagnosticInfrastructureCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM.Wow.CLSID} = DiagnosticInfrastructureCustomHandler
                     \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
MpIdleTask -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM.Wow.CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3180819497-3685930599-3810110381-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{2318C2B1-4965-11D4-9B18-009027A5CD4F}
  -> {HKLM.CLSID} = Google Toolbar
                 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM.CLSID} = Google Toolbar
                 \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8DCB7100-DF86-4384-8842-8FA844297B3F} = Bing
  -> {HKLM.Wow.CLSID} = Bing Bar
                     \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM.Wow.CLSID} = Google Toolbar
                     \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Explorer Bars

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{0000036B-C524-4050-81A0-243669A86B9F}\
ButtonText = @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600
CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}
  -> {HKLM.Wow.CLSID} = Windows Live Messenger Companion Command Bar Button
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS]

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM.Wow.CLSID} = BlogThisToolbarButton Class
                     \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM.Wow.CLSID} = Send to OneNote from Internet Explorer button
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM.Wow.CLSID} = &Research
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS]


HOSTS file
----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 8 domain names to IP addresses,
      6 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
CodeMeter Runtime Server, CodeMeter.exe, "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [WIBU-SYSTEMS AG]
ConfigFree Gadget Service, ConfigFree Gadget Service, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [TOSHIBA CORPORATION]
ConfigFree Service, ConfigFree Service, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [TOSHIBA CORPORATION]
ConfigFree WiMAX Service, cfWiMAXService, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [TOSHIBA CORPORATION]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Digidesign MME Refresh Service, DigiRefresh, C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [Avid, Inc. All rights reserved.]
iPod-Dienst, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
Notebook Performance Tuning Service (TEMPRO), TemproMonitoringService, "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [null data]
SeaPort, SeaPort, "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [MS]
TOSHIBA eco Utility Service, TOSHIBA eco Utility Service, "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [TOSHIBA Corporation]
TOSHIBA HDD SSD Alert Service, TOSHIBA HDD SSD Alert Service, "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [TOSHIBA Corporation]
TOSHIBA Optical Disc Drive Service, TODDSrv, C:\Windows\system32\TODDSrv.exe [TOSHIBA Corporation]
TOSHIBA Power Saver, TosCoSrv, "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [TOSHIBA Corporation]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
WTService, WTService, C:\Windows\system32\atwtusb.exe -s [null data]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MpfService, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
CutePDF Writer Monitor\Driver = cpwmon64.dll [null data]
PDFCreator\Driver = pdfcmnnt.dll [null data]
         

Alt 03.04.2013, 20:55   #13
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Nun es ist nicht wirklich irgendwas zu sehen...

Anders gefragt, taucht das nur an diesem Computer auf oder auch an anderen Computern die über deinen Anschuss mit Internet versorgt werden?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 03.04.2013, 21:17   #14
Leyanor
 
PC Performer Virus - Standard

PC Performer Virus



Soweit ich weiss tritt das nur bei mir auf. Allerdings bin ich auch der einzige im Haus, der Windows nutzt. Könnte sein, dass Mac diese Pop-ups schon bekannt sind.

Seltsamerweise tritt es aber nicht bei jeder Internetseite auf.
Am häufigsten treten die Pop ups bei populären Seiten auf. Ganz extrem tumblr.
Facebook wiederum bleibt komplett verschohnt. Meine eigene Website zeigt ebenfalls keine Aktivität. Outlook und Paypal sind ebenfalls frei.
Deviantart wiederum "verseucht" und viele Foren, darunter das Trojaner-Board, ebenfalls.

Alt 03.04.2013, 21:30   #15
ryder
/// TB-Ausbilder
 
PC Performer Virus - Standard

PC Performer Virus



Tritt es in Firefox auf, wenn du abgesichert startest?

Abgesicherter Modus | Hilfe zu Firefox
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu PC Performer Virus
autorun, bho, bingbar, black, bonjour, computer, converter, defender, entfernen, error, firefox, flash player, format, helper, home, index, logfile, malware, mozilla, mp3, nicht installiert, performer, realtek, registry, scan, search the web, software, svchost.exe, taskhost.exe, trojaner, virus, windows



Ähnliche Themen: PC Performer Virus


  1. Deinstallation von PC Performer
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (18)
  2. PC Performer entfernen!
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (7)
  3. Pc Performer deinstallieren
    Log-Analyse und Auswertung - 13.12.2013 (5)
  4. PC Performer deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 15.10.2013 (4)
  5. PC Performer löschen-wie?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (5)
  6. PC Performer entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (9)
  7. PC Performer - Virus
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (9)
  8. PC Performer eingefangen
    Log-Analyse und Auswertung - 15.06.2013 (1)
  9. PC Performer
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (9)
  10. Wie lösche ich Pc Performer?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (21)
  11. PC Performer (Log-Files)
    Log-Analyse und Auswertung - 27.05.2013 (11)
  12. PC Performer Manager
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (25)
  13. PC Performer
    Log-Analyse und Auswertung - 16.04.2013 (48)
  14. Performer-Virus
    Log-Analyse und Auswertung - 15.03.2013 (23)
  15. Virus durch PC Performer
    Plagegeister aller Art und deren Bekämpfung - 26.12.2012 (23)
  16. Performer Virus ,Trojaner bei Googlesuche
    Log-Analyse und Auswertung - 20.12.2012 (2)
  17. Was ist PC Performer?
    Alles rund um Windows - 20.07.2012 (2)

Zum Thema PC Performer Virus - Hallo liebe Leute, ich hab nun seit gut einem halben Jahr diesen Virus auf meinem Laptop, und hab zumindest mal endlich rausgefunden wie er heisst. PC Performer. Nach ein wenig - PC Performer Virus...
Archiv
Du betrachtest: PC Performer Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.