Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC Performer Virus (https://www.trojaner-board.de/133002-pc-performer-virus.html)

Leyanor 30.03.2013 19:38
PC Performer Virus
 
Hallo liebe Leute,

ich hab nun seit gut einem halben Jahr diesen Virus auf meinem Laptop, und hab zumindest mal endlich rausgefunden wie er heisst. PC Performer. Nach ein wenig erkundigen habe ich rausgefunden, dass dieser Virus durchaus weit verbreitet ist und in erster Linie dazu dient Anti Malware Programme auszuschalten, um Trojanern usw. freie Bahn zu geben sich auf meinem Computer einzunisten.

Die Symptome des Viruses sind relativ nervig. Ständig aufpoppende Werbungsfenster, die man nur durch löschen des html body's wieder entfernen kann. Nur kommen sie beim neuladen der Seite natürlich wieder hervor.

Sie führen mit ihren Links allerdings immer zu dieser Downloadseite für "PC Performer" (Den ich überigens nicht installiert habe).
Entweder ist das jetzt nur so ein kleiner "lockvirus" der mich dazu bringen will PC Performer zu installieren, oder es ist bereits PC Performer selbst (Ich verstände dabei einfach nicht weshalb es mich dann immer zu der Downloadseite directed.)

Hier also die Inhalte von OTL.txt und Gmer.txt. Extra.txt ist bei mir nicht erschienen nach dem Scann...

Code:
OTL logfile created on: 3/30/2013 5:41:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Nicolas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.90% Memory free
7.68 Gb Paging File | 5.72 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 0.86 Gb Free Space | 0.57% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 97.59 Gb Free Space | 65.65% Space Free | Partition Type: NTFS
 
Computer Name: NICOLAS-TOSH | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/30 17:37:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL(1).exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/07/06 03:30:00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/12/14 18:40:28 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/10/19 11:01:04 | 000,581,120 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/19 17:11:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/12 21:35:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 03:30:00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/14 18:40:28 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/19 16:07:01 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/07/19 16:02:20 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/05/10 15:27:54 | 000,049,256 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/16 01:19:36 | 000,031,120 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV:64bit: - [2009/12/16 01:19:34 | 000,214,544 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgmbx2.sys -- (DGUSBAP)
DRV:64bit: - [2009/12/04 15:26:56 | 000,462,968 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV:64bit: - [2009/12/04 15:26:56 | 000,050,808 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV:64bit: - [2009/12/04 15:26:56 | 000,037,496 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV:64bit: - [2009/08/27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/26 13:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/08 19:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2008/02/18 15:54:08 | 000,041,664 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PreSonusUSB_xfer.sys -- (ControlTransferDriver)
DRV:64bit: - [2007/09/05 12:04:48 | 000,077,872 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/?l=dis&o=102876&gct=hp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35150E16-8780-450B-A9BD-D2A8B09462F8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYCH&apn_uid=81d0cd2b-6e84-477a-ad6f-254142e3bb23&apn_sauid=FB6F1533-49ED-4E42-9F36-79247A70312E
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_enCH368
IE - HKCU\..\SearchScopes\{96527F6A-30FE-4CA3-9ABF-9059C4429721}: "URL" = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{E4906BB9-7BD7-41C7-A684-4A40B3A87254}: "URL" = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com/?l=dis&o=102876&gct=hp"
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 17:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 17:11:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/17 16:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Extensions
[2013/03/30 16:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions
[2013/03/30 16:24:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/23 14:06:05 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\extension@preispilot.com.xpi
[2013/03/11 14:05:21 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/03/24 14:43:23 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 20:00:14 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/29 20:45:24 | 000,002,325 | ---- | M] () -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\searchplugins\askcom.xml
[2013/03/19 17:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/19 17:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/27 18:40:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/19 17:11:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/14 22:21:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/19 16:59:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Princess Luna Theme = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgegimlgkachmbieeilacjkonkbaken\1_0\
CHR - Extension: Dropbox = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.4_1\
CHR - Extension: Gmail = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/08/07 12:01:48 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 78.46.61.26 www.google-analytics.com.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AtwtusbIcon] C:\Windows\SysNative\AtwtusbIcon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286A21A7-DC3C-45FD-BF73-D50549AB8351}: DhcpNameServer = 194.230.1.103 194.230.1.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f3d2cff-6a26-11df-8caf-701a04306ae1}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3d2cff-6a26-11df-8caf-701a04306ae1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/30 17:37:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL(1).exe
[2013/03/30 16:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\Programs
[2013/03/30 06:08:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Egosoft
[2013/03/30 00:27:00 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\{C12652D9-14DA-4565-9620-578CBD188488}
[2013/03/26 14:55:24 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2013/03/26 14:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftColor
[2013/03/26 14:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftColor PhotoEQ
[2013/03/26 14:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftColorPhotoEQ
[2013/03/26 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013/03/26 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013/03/26 14:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/30 17:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/30 17:37:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL(1).exe
[2013/03/30 17:36:47 | 000,000,000 | ---- | M] () -- C:\Users\Nicolas\defogger_reenable
[2013/03/30 17:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/30 16:17:07 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/30 15:11:28 | 000,025,789 | ---- | M] () -- C:\Users\Nicolas\Documents\Playpony doc.odt
[2013/03/30 15:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/30 06:07:17 | 000,048,607 | ---- | M] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/03/30 03:45:58 | 000,000,041 | ---- | M] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/30 02:17:47 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/30 02:17:47 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/30 02:17:47 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/29 23:58:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 23:21:48 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\test.reason
[2013/03/27 19:01:26 | 001,310,772 | ---- | M] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/03/27 18:18:00 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/03/27 11:45:10 | 000,016,831 | ---- | M] () -- C:\Users\Nicolas\Documents\EU-M 13.odt
[2013/03/26 21:34:08 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Needs more Terrorcore.reason
[2013/03/26 21:33:22 | 001,310,772 | ---- | M] () -- C:\Users\Nicolas\Documents\frecnhcore... once again2.reason
[2013/03/26 14:12:53 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/24 21:15:57 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Ang.reason
[2013/03/24 21:15:21 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\dubstäääähp.reason
[2013/03/24 14:11:55 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 14:11:55 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 23:35:29 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\InfectedPonyz YOU MOTHERFUCKING RANDOM SHIT.reason
[2013/03/20 18:54:44 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/20 12:40:29 | 000,009,412 | ---- | M] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 17:21:22 | 000,020,128 | ---- | M] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/19 16:55:30 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/07 18:32:41 | 000,048,917 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.pdf
[2013/03/07 17:14:13 | 000,021,033 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.odt
[2013/03/06 16:55:25 | 000,127,945 | ---- | M] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
[2013/02/28 21:09:59 | 000,099,662 | ---- | M] () -- C:\Users\Nicolas\Documents\rechnung.pdf
[2013/02/28 21:08:05 | 000,079,712 | ---- | M] () -- C:\Users\Nicolas\Documents\Rechnung.png
[2013/02/28 20:57:13 | 000,032,976 | ---- | M] () -- C:\Users\Nicolas\Documents\Rechnung
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/30 17:36:47 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\defogger_reenable
[2013/03/30 06:07:17 | 000,048,607 | ---- | C] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/03/30 03:45:58 | 000,000,041 | ---- | C] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/28 23:21:46 | 000,786,484 | ---- | C] () -- C:\Users\Nicolas\Documents\test.reason
[2013/03/26 14:12:53 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/23 00:05:41 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/03/20 18:23:22 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/19 19:50:00 | 000,009,412 | ---- | C] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 17:21:19 | 000,020,128 | ---- | C] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/07 17:17:59 | 001,310,772 | ---- | C] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/03/06 16:55:21 | 000,127,945 | ---- | C] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
[2013/02/28 21:09:55 | 000,099,662 | ---- | C] () -- C:\Users\Nicolas\Documents\rechnung.pdf
[2013/02/28 21:08:03 | 000,079,712 | ---- | C] () -- C:\Users\Nicolas\Documents\Rechnung.png
[2013/02/28 20:57:13 | 000,032,976 | ---- | C] () -- C:\Users\Nicolas\Documents\Rechnung
[2012/12/31 19:37:48 | 000,004,305 | ---- | C] () -- C:\Windows\jpvxmbb64.ini
[2012/12/31 19:37:48 | 000,001,442 | ---- | C] () -- C:\Windows\crcvq.ini
[2012/12/19 18:01:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/10/06 23:21:05 | 000,019,752 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Local.rar
[2012/06/12 21:07:50 | 006,518,312 | ---- | C] () -- C:\Users\Nicolas\DSCN0218.JPG
[2012/06/12 21:07:50 | 006,489,988 | ---- | C] () -- C:\Users\Nicolas\DSCN0216.JPG
[2012/03/21 18:47:20 | 000,765,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 21:44:45 | 000,896,104 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.39.png
[2012/02/08 21:44:45 | 000,886,843 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.36.png
[2011/11/30 18:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{B642EC8E-7E2E-4957-B599-F8460982D199}
[2011/11/27 18:20:12 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{A8063AD1-FFB6-4922-AF23-C4BAC29A607E}
[2011/09/03 14:05:53 | 000,000,132 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/04 14:14:50 | 000,008,263 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010/10/27 15:34:47 | 000,007,597 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Resmon.ResmonCfg
[2010/09/11 15:32:26 | 000,000,238 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\wklnhst.dat
[2010/06/20 18:05:01 | 000,012,800 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.minecraft
[2013/02/02 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.techniclauncher
[2013/03/26 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Audacity
[2011/07/16 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Blender Foundation
[2011/06/29 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Celemony Software GmbH
[2011/12/27 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/09 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/03/24 12:21:44 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Dropbox
[2012/10/06 18:44:02 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft
[2011/11/19 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/09 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\EarMaster
[2012/10/29 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\FreeHideIP
[2013/03/30 04:11:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\gtk-2.0
[2011/10/15 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Line 6
[2012/07/19 15:43:06 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\MAGIX
[2011/12/15 20:14:20 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\OpenOffice.org
[2010/02/23 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\PACE Anti-Piracy
[2012/06/19 16:25:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Propellerhead Software
[2011/12/08 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Publish Providers
[2013/03/26 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2011/08/25 15:00:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Solveig Multimedia
[2011/12/08 14:59:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Sony
[2012/08/04 15:27:32 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SYSTEMAX Software Development
[2010/09/11 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Template
[2010/03/22 15:27:58 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Toshiba
[2012/08/08 13:03:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\TS3Client
[2011/09/30 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >
Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 19:34:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0040 298.09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Nicolas\AppData\Local\Temp\pwliqpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077b81465 2 bytes [B8, 77]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077b814bb 2 bytes [B8, 77]
.text  ...                                                                                                                              * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [864:1172]                                                                                        000007fefa5b59a0
Thread  C:\Windows\System32\svchost.exe [864:1248]                                                                                        000007fefd7b1a70
Thread  C:\Windows\System32\svchost.exe [864:2196]                                                                                        000007fef85320c0
Thread  C:\Windows\System32\svchost.exe [864:2204]                                                                                        000007fef85326a8
Thread  C:\Windows\System32\svchost.exe [864:2628]                                                                                        000007fef97844e0
Thread  C:\Windows\System32\svchost.exe [864:1408]                                                                                        000007fef5be42c8
Thread  C:\Windows\System32\svchost.exe [864:3132]                                                                                        000007fef5f05fd0
Thread  C:\Windows\System32\svchost.exe [864:3080]                                                                                        000007fef5f063ec
Thread  C:\Windows\System32\svchost.exe [864:2244]                                                                                        000007fef99f88f8
Thread  C:\Windows\System32\svchost.exe [864:2104]                                                                                        000007fefab7a2b0
Thread  C:\Windows\System32\svchost.exe [864:5588]                                                                                        000007fef99f9170
Thread  C:\Windows\system32\svchost.exe [936:2796]                                                                                        000007fef581506c
Thread  C:\Windows\system32\svchost.exe [936:2804]                                                                                        000007fef8a31c20
Thread  C:\Windows\system32\svchost.exe [936:2784]                                                                                        000007fef8a31c20
Thread  C:\Windows\system32\svchost.exe [936:5472]                                                                                        000007fefb6d1ab0
Thread  C:\Windows\system32\svchost.exe [936:5332]                                                                                        000007fefb484164
Thread  C:\Windows\System32\spoolsv.exe [1232:2528]                                                                                      000007fef64310c8
Thread  C:\Windows\System32\spoolsv.exe [1232:2560]                                                                                      000007fef63f6144
Thread  C:\Windows\System32\spoolsv.exe [1232:1820]                                                                                      000007fef5f05fd0
Thread  C:\Windows\System32\spoolsv.exe [1232:2548]                                                                                      000007fef5ef3438
Thread  C:\Windows\System32\spoolsv.exe [1232:2644]                                                                                      000007fef5f063ec
Thread  C:\Windows\System32\spoolsv.exe [1232:272]                                                                                        000007fef77f5e5c
Thread  C:\Windows\System32\spoolsv.exe [1232:520]                                                                                        000007fef6d75074
Thread  C:\Windows\system32\svchost.exe [1644:5352]                                                                                      000007fef5f05fd0
Thread  C:\Windows\system32\svchost.exe [1644:5356]                                                                                      000007fef5ef3438
Thread  C:\Windows\system32\svchost.exe [1644:5360]                                                                                      000007fef5f063ec
Thread  C:\Windows\system32\taskhost.exe [2840:2872]                                                                                      000007fef7a63d18
Thread  C:\Windows\system32\taskhost.exe [2840:2932]                                                                                      000007fef7a21f38
Thread  C:\Windows\system32\taskhost.exe [2840:2988]                                                                                      000007fef79c2740
Thread  C:\Windows\system32\taskhost.exe [2840:2996]                                                                                      000007feff849274
Thread  C:\Windows\system32\taskhost.exe [2840:3040]                                                                                      000007fefba31010
Thread  C:\Windows\system32\SearchIndexer.exe [3636:3476]                                                                                000007fef33df3c0
Thread  C:\Windows\system32\svchost.exe [2268:4012]                                                                                      000007fef5aa8470
Thread  C:\Windows\system32\svchost.exe [2268:1228]                                                                                      000007fef5ab2418
Thread  C:\Windows\system32\taskhost.exe [676:1332]                                                                                      000007fef85fef24

---- EOF - GMER 2.1 ----

ryder 30.03.2013 21:40
!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.


:hallo:

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss.
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, FireJump, SearchAnonymizer, SpeedMaxPC




Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.


Schritt 4:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.

Leyanor 31.03.2013 16:01
Besten Dank für die schnelle Antwort und fürs Aushelfen! :)

Programme sind deinstalliert. Hier die Codes:

AdwCleaner
Code:
# AdwCleaner v2.115 - Logfile created 03/30/2013 at 22:53:40
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nicolas - NICOLAS-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Nicolas\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\searchplugins\Askcom.xml
Folder Deleted : C:\Users\Nicolas\AppData\Local\APN
Folder Deleted : C:\Users\Nicolas\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://eu.ask.com/?l=dis&o=102876&gct=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=102876&gct=hp");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader");
Deleted : user_pref("extentions.y2layers.installId", "22d9b182-ee71-4980-9201-3666706027d0");

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19031 octets] - [06/10/2012 21:35:45]
AdwCleaner[R2].txt - [19092 octets] - [06/10/2012 22:51:49]
AdwCleaner[S1].txt - [20105 octets] - [06/10/2012 22:52:12]
AdwCleaner[S2].txt - [3717 octets] - [30/03/2013 22:53:40]

########## EOF - C:\AdwCleaner[S2].txt - [3777 octets] ##########
DDS+ dds.txt
DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Nicolas at 16:54:39 on 2013-03-31
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1033.18.3933.2614 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\AtwtusbIcon.exe
C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
StartupFolder: C:\Users\Nicolas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{286A21A7-DC3C-45FD-BF73-D50549AB8351} : DHCPNameServer = 194.230.1.103 194.230.1.71
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\140707C6564416378602C333 : DHCPNameServer = 194.230.1.103 194.230.1.71
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\246414D2745756374737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\465667F6C6F6D2030303243324541433340354 : DHCPNameServer = 212.98.37.128 194.230.55.99
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\8405D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}\A5978554C4F5142474E4F513 : DHCPNameServer = 212.98.37.128 194.230.55.99
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtwtusbIcon] AtwtusbIcon.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-30 16:24; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-2-23 482384]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-6 682344]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-6 24176]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-2-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-4 215040]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-2-23 942080]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 ControlTransferDriver;AudioBox USB Control Transfer;C:\Windows\System32\drivers\PreSonusUSB_xfer.sys [2010-2-25 41664]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2009-12-16 214544]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2009-12-16 31120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;C:\Windows\System32\drivers\psabusbm.sys [2012-2-21 37496]
S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;C:\Windows\System32\drivers\psabusbu.sys [2012-2-21 462968]
S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;C:\Windows\System32\drivers\psabusba.sys [2012-2-21 50808]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-23 222208]
S3 SwitchBoard;SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-2-23 51512]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-3 1255736]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2011-5-10 49256]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-30 15:16:53        --------        d-----w-        C:\Users\Nicolas\AppData\Local\Programs
2013-03-29 23:27:00        --------        d-----w-        C:\Users\Nicolas\AppData\Local\{C12652D9-14DA-4565-9620-578CBD188488}
2013-03-29 09:21:21        9311288        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76F1FD14-B2C9-45D7-A4D0-2B0DE4932776}\mpengine.dll
2013-03-26 13:55:24        --------        d-----w-        C:\Users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 13:55:24        --------        d-----w-        C:\ProgramData\SoftColor
2013-03-26 13:55:18        --------        d-----w-        C:\Program Files (x86)\SoftColorPhotoEQ
2013-03-26 13:12:55        --------        d-----w-        C:\ProgramData\tmp
2013-03-26 13:12:55        --------        d-----w-        C:\ProgramData\hps
2013-03-16 23:33:11        19968        ----a-w-        C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-03-12 20:35:15        73432        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 20:35:15        693976        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24        135168        ----a-w-        C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22        350208        ----a-w-        C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22        308736        ----a-w-        C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22        111104        ----a-w-        C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31        474112        ----a-w-        C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26        2176512        ----a-w-        C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02        2312704        ----a-w-        C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24        1494528        ----a-w-        C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19        1392128        ----a-w-        C:\Windows\System32\wininet.dll
2013-02-02 06:42:18        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51        599040        ----a-w-        C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35        1800704        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32        1427968        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21        1129472        ----a-w-        C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47        142848        ----a-w-        C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21        420864        ----a-w-        C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2013-01-17 00:28:58        273840        ------w-        C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03        9728        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02        2560        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42        10752        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46        3584        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21        4096        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08        5632        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07        5632        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31        9728        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31        2560        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18        10752        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07        3584        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48        4096        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41        5632        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40        5632        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40        3072        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40        3072        ---ha-w-        C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00        1247744        ----a-w-        C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22        1988096        ----a-w-        C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31        293376        ----a-w-        C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00        249856        ----a-w-        C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43        220160        ----a-w-        C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35        1504768        ----a-w-        C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04        1643520        ----a-w-        C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28        1175552        ----a-w-        C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01        604160        ----a-w-        C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58        207872        ----a-w-        C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14        187392        ----a-w-        C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30        2565120        ----a-w-        C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17        363008        ----a-w-        C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47        161792        ----a-w-        C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25        1080832        ----a-w-        C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21        1230336        ----a-w-        C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39        333312        ----a-w-        C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32        1887232        ----a-w-        C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21        296960        ----a-w-        C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57        3419136        ----a-w-        C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04        245248        ----a-w-        C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33        648192        ----a-w-        C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30        221184        ----a-w-        C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42        194560        ----a-w-        C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04        1238528        ----a-w-        C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40        1424384        ----a-w-        C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36        3928064        ----a-w-        C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06        417792        ----a-w-        C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58        364544        ----a-w-        C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43        465920        ----a-w-        C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52        522752        ----a-w-        C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42        1158144        ----a-w-        C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09        1682432        ----a-w-        C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43        5553512        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15        3967848        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11        3913064        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21        2284544        ----a-w-        C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13        2776576        ----a-w-        C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09        215040        ----a-w-        C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16        5120        ----a-w-        C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21        44032        ----a-w-        C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48        3153408        ----a-w-        C:\Windows\System32\win32k.sys
2013-01-04 02:47:35        25600        ----a-w-        C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34        7680        ----a-w-        C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34        2048        ----a-w-        C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33        14336        ----a-w-        C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54        1913192        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42        288088        ----a-w-        C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 16:55:35.21 ===============
--- --- ---


attach.txt
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23.02.2010 17:09:34
System Uptime: 31.03.2013 16:35:55 (0 hours ago)
.
Motherboard: TOSHIBA |  | KSWAA
Processor: Intel(R) Core(TM)2 Duo CPU    T6600  @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 3.815 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 101.434 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: NETGEAR Wireless Extreme WNDRMACv2
Device ID: UUID:4D696E69-444C-164E-9D42-204E7F73DC31\UMB\3&30237AD2&0&UUID:4D696E69-444C-164E-9D42-204E7F73DC31
Manufacturer:
Name: NETGEAR Wireless Extreme WNDRMACv2
PNP Device ID: UUID:4D696E69-444C-164E-9D42-204E7F73DC31\UMB\3&30237AD2&0&UUID:4D696E69-444C-164E-9D42-204E7F73DC31
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Adobe Story
Apple Application Support
Apple Mobile Device Support
Audacity 1.3.13 (Unicode)
AudioBox USB driver
Authorizer 1.0.5
Authorizer 2.0
Authorizer Ignition Key Support
BenVista PhotoZoom Pro 4.0.6
Bing Bar
Blender
Bonjour
Canon Inkjet Printer Driver Add-On Module
CodeMeter Runtime Kit v4.01
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
DDR - FAT Recovery 4.0.1.6
DDR - FAT Recovery(Demo) 4.0.1.6
Digidesign Audio Drivers (x64)
Dropbox
EarMaster Pro 5
EASEUS Data Recovery Wizard Free Edition 5.0.1
File Recover 8.0
Free YouTube to MP3 Converter version 3.11.32.918
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HyperCam 3
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Interlok driver setup x64
iTunes
Junk Mail filter update
Line 6 Uninstaller
Livestream Procaster
Müller Foto
MacroKey Manager
MAGIX Music Maker SE
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware Version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Kinect Runtime v1.0
Microsoft Kinect Speech Recognition Language Pack (en-US)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Server Speech Platform Runtime (x64)
Microsoft Server Speech Platform Runtime (x86)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PDF Settings CS5
PDFCreator
PhotoRescue Wizard PC 3.2.6.13068
PlayReady PC Runtime amd64
Preispilot für Firefox
PreSonus 1.0.9.0 Driver
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Reason 6.0.1
Reason 6.5
Record 1.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype(TM) Launcher
Skype™ 6.1
SoftColor PhotoEQ version 1.1.6
Synaptics Pointing Device Driver
TeamSpeak 3 Client
Text-To-Speech-Runtime
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
TOSHIBA PC Health Monitor
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Trust tablet driver
TwistedBrush Open Studio
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
Vectorian Giotto 3.0.0
Vegas Pro 10.0
VirtualDJ Home FREE
VLC media player 1.0.5
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
X3 Terran Conflict v3.0
Yamaha USB-MIDI Driver
.
==== Event Viewer Messages From Past Week ========
.
31.03.2013 16:37:13, Error: Service Control Manager [7000]  - The atksgt service failed to start due to the following error:  This driver has been blocked from loading
31.03.2013 16:37:13, Error: Application Popup [875]  - Driver atksgt.sys has been blocked from loading.
31.03.2013 16:28:51, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
30.03.2013 23:24:22, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
30.03.2013 22:48:03, Error: Service Control Manager [7034]  - The FABS - Helping agent for MAGIX media database service terminated unexpectedly.  It has done this 1 time(s).
29.03.2013 23:50:21, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

ryder 31.03.2013 19:19
Das ist ja schon Mal erfreulich....

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ryder 02.04.2013 09:18
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Leyanor 03.04.2013 12:44
Es tut mir sehr Leid, dass ich noch nicht zurückgeschrieben hatte - ich hatte viel zu tun.

Hier die Logdatei:
Code:
ComboFix 13-04-02.01 - Nicolas 03.04.2013  13:13:45.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1033.18.3933.2799 [GMT 2:00]
ausgeführt von:: c:\users\Nicolas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-03 bis 2013-04-03  ))))))))))))))))))))))))))))))
.
.
2013-04-03 11:27 . 2013-04-03 11:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-04-03 11:20 . 2013-04-03 11:20        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A88D61F-8312-496E-A434-DEDFB6314F0C}\offreg.dll
2013-04-02 17:00 . 2013-03-15 06:28        9311288        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A88D61F-8312-496E-A434-DEDFB6314F0C}\mpengine.dll
2013-03-30 15:16 . 2013-03-30 15:16        --------        d-----w-        c:\users\Nicolas\AppData\Local\Programs
2013-03-26 13:55 . 2013-03-26 13:55        --------        d-----w-        c:\users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 13:55 . 2013-03-26 13:55        --------        d-----w-        c:\programdata\SoftColor
2013-03-26 13:55 . 2013-03-26 13:55        --------        d-----w-        c:\program files (x86)\SoftColorPhotoEQ
2013-03-26 13:12 . 2013-03-27 15:06        --------        d-----w-        c:\programdata\hps
2013-03-26 13:12 . 2013-03-27 12:55        --------        d-----w-        c:\programdata\tmp
2013-03-16 23:33 . 2013-02-12 04:12        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 14:00 . 2010-02-24 16:13        72013344        ----a-w-        c:\windows\system32\MRT.exe
2013-03-12 20:35 . 2012-04-15 11:35        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:35 . 2011-08-09 11:23        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-14 16:22        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 16:22        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 16:22        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 16:22        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 16:22        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 16:22        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2012-02-14 16:40        273840        ------w-        c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 19:52        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 19:52        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 19:52        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 19:52        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 19:52        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 19:52        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 19:52        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 19:52        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 19:52        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 19:52        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 19:52        1988096        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 19:52        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 19:52        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 19:52        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 19:52        1504768        ----a-w-        c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 19:52        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 19:52        1175552        ----a-w-        c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 19:52        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 19:52        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 19:53        187392        ----a-w-        c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 19:52        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 19:52        363008        ----a-w-        c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 19:52        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 19:52        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 19:52        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 19:52        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 19:52        1887232        ----a-w-        c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 19:52        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 19:52        3419136        ----a-w-        c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 19:52        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 19:52        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 19:53        221184        ----a-w-        c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 19:52        194560        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 19:52        1238528        ----a-w-        c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 19:52        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 19:52        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 19:52        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 19:52        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 19:52        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 19:52        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 19:52        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 19:52        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-14 09:19        5553512        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 09:19        3967848        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 09:19        3913064        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-28 19:53        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-28 19:53        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-14 09:19        215040        ----a-w-        c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 09:19        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 09:19        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 09:19        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 09:19        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 09:19        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 09:19        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 09:19        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 ControlTransferDriver;AudioBox USB Control Transfer;c:\windows\system32\Drivers\PreSonusUsb_xfer.sys [2008-02-18 41664]
R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2009-12-16 214544]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2009-12-16 31120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [2009-12-04 37496]
R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [2009-12-04 462968]
R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [2009-12-04 50808]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-17 30336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-05-10 49256]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2012-10-19 581120]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 09:41        1642448        ----a-w-        c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:35]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 16:20]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AtwtusbIcon"="AtwtusbIcon.exe" [2012-09-10 3593728]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\
FF - ExtSQL: 2013-03-30 16:24; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,8d,bc,a2,45,6c,24,28,74,c7,92,20,36,1a,57,fa,0b,f3,bf,3a,f2,3d,cb,
  0b,a2,4f,4e,47,a2,81,1e,3c,b0,8d,18,c9,37,cf,9e,3c,60,f8,b6,fd,c4,71,2d,ea,\
"??"=hex:bd,35,22,92,0a,f7,23,f6,e5,92,0b,56,c4,37,96,88
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-03  13:42:06
ComboFix-quarantined-files.txt  2013-04-03 11:42
.
Vor Suchlauf: 2'471'981'056 bytes free
Nach Suchlauf: 2'734'563'328 bytes free
.
- - End Of File - - 06902832BC97DA3A587FB5C747BC18A0

ryder 03.04.2013 14:56
Gut! :daumenhoc

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern! :kaffee:

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Leyanor 03.04.2013 17:24
Malwarebytes:
Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nicolas :: NICOLAS-TOSH [Administrator]

Schutz: Deaktiviert

03.04.2013 16:02:14
mbam-log-2013-04-03 (16-02-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227044
Laufzeit: 3 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET fand keine Ergebnisse.

Und hier noch SecurityCheck:
Code:
¨ Results of screen317's Security Check version 0.99.61 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.70.0.1100 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.6.602.180 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (Firefox.)
 Google Chrome 25.0.1364.172 
 Google Chrome 26.0.1410.43 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

ryder 03.04.2013 18:03
Prima! :daumenhoc

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"

Schritt 3:
Entferne Flash 10


Schritt 4:
Update: Adobe Reader
- oder -

Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:

Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Leyanor 03.04.2013 18:45
Besten Dank für die Hilfe! :dankeschoen:

Allerdings gibt es noch ein kleines Problem, und das ist, dass die Werbepopups nach wie vor auftauchen...

Hier eine kurze Graphik wie das Ganze noch aussieht. Oben rechts ist das Popup zu sehen. Ich nutze normalerweise Firefox, aber das Popup erscheint auch bei Chrome, weshalb ich vermute, dass es von meinem PC her kommt.
Unten dran der html code, der hinter dem Ding steckt. Löscht man die Node verschwindet auch das Pop up. Nur leider ist das ziemlich aufwändig, jedes mal wenn man die Seite reloaded im html Code diesen Abschnitt zu löschen.

http://fc07.deviantart.net/fs71/f/20...or-d60axyv.png

ryder 03.04.2013 19:05
Na dann schauen wir weiter:

Seit wann ungefähr tritt das Problem auf?

Scan mit ZOEK

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Klicke auch auf "Options" und wähle die folgenden Optionen aus:
    • Firefox Look
    • Chrome Look
    • Silent Runners
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Leyanor 03.04.2013 19:18
Die Werbung tritt schon seit gut einem halben Jahr auf. Ich hatte früher schonmal hilfe auf einem anderen Board. Dort konnten wir es aber nicht entfernen.

Schlussendlich konnte ich die Inhalte der Werbung per Ad-blocker entfernen, aber der html body blieb nach wie vor da. Die Pop ups wie sie in der Graphik zu sehen sind kommen erst seit ca zwei Wochen vor, und Add-Blocker scheint es nicht als Popup zu erkennen.

Hier die Logdatei:

Code:
Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Nicolas on 03.04.2013 at 20:08:25.13.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Preispilot - %ProfilePath%\extensions\extension@preispilot.com.xpi
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default
47299371607DC2FB234444EEACB1639E        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll -        Shockwave Flash
3E21E80D10E1033D9C137440554FF724        - C:\Windows\SysWOW64\npdeployJava1.dll -        Java Deployment Toolkit 6.0.370.6
15E298B5EC5B89C5994A59863969D9FF        - C:\Windows\SysWOW64\npmproxy.dll -        Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[22.09.2012 22:08]

Google Docs - Nicolas - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nicolas - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Nicolas - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nicolas - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Princess Luna Theme - Nicolas - Default\Extensions\ghgegimlgkachmbieeilacjkonkbaken
Dropbox - Nicolas - Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl
Gmail - Nicolas - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [Realtek Semiconductor]
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
AtwtusbIcon = AtwtusbIcon.exe [null data]
TPwrMain = %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [TOSHIBA Corporation]
TosWaitSrv = %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [TOSHIBA Corporation]
TosSENotify = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [TOSHIBA Corporation]
Teco = "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [TOSHIBA Corporation]
SmoothView = %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [TOSHIBA Corporation]
00TCrdMain = %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [TOSHIBA Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Windows Live ID Sign-in Helper
                \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM.Wow.CLSID} = Windows Live ID Sign-in Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Google Toolbar Helper
                \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM.Wow.CLSID} = Google Toolbar Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Java(tm) Plug-In 2 SSV Helper
                \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
  -> {HKLM.Wow.CLSID} = Java(tm) Plug-In 2 SSV Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Windows Live ID Sign-in Helper
                \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM.Wow.CLSID} = Windows Live ID Sign-in Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided)
  -> {HKLM.Wow.CLSID} = Windows Live Messenger Companion Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Google Toolbar Helper
                \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM.Wow.CLSID} = Google Toolbar Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
  -> {HKLM.Wow.CLSID} = Bing Bar Helper
                    \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM.CLSID} = Java(tm) Plug-In 2 SSV Helper
                \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
  -> {HKLM.Wow.CLSID} = Java(tm) Plug-In 2 SSV Helper
                    \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.Wow.CLSID} = DropboxExt
                    \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.Wow.CLSID} = DropboxExt
                    \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.Wow.CLSID} = DropboxExt
                    \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM.CLSID} = Microsoft Office Metadata Handler
                \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM.CLSID} = Microsoft Office Thumbnail Handler
                \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM.CLSID} = WinRAR
                \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
  -> {HKLM.CLSID} = OpenOffice.org Property Handler
                \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll [OpenOffice.org]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM.CLSID} = iTunes
                \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Shim
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Editor Shim
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
  -> {HKLM.Wow.CLSID} = OpenOffice.org Property Handler
                    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll [OpenOffice.org]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
  -> {HKLM.Wow.CLSID} = (no title provided)
                    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM.Wow.CLSID} = Microsoft Office Thumbnail Handler
                    \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM.Wow.CLSID} = Microsoft Office Metadata Handler
                    \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM.Wow.CLSID} = (no title provided)
                    \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM.Wow.CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{B65F237C-AAFF-4df7-8872-91B65663E41F}\(Default) = SmartFaceVCP
  -> {HKLM.CLSID} = SmartFaceVCP
                \InProcServer32\(Default) = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll [TOSHIBA Corporation]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM.CLSID} = Microsoft Office InfoPath XML Mime Filter
                \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
  -> {HKCU.Wow.CLSID} = DropboxExt
                    \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM.CLSID} = MBAMShlExt Class
                \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
  -> {HKCU.Wow.CLSID} = DropboxExt
                    \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU.CLSID} = DropboxExt
                \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
  -> {HKCU.Wow.CLSID} = DropboxExt
                    \InProcServer32\(Default) = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM.CLSID} = GraphicsShellExt Class
                \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
  -> {HKLM.CLSID} = (no title provided)
                \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll [OpenOffice.org]
  -> {HKLM.Wow.CLSID} = (no title provided)
                    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM.CLSID} = MBAMShlExt Class
                \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM.CLSID} = WinRAR
                \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM.Wow.CLSID} = WinRAR
                    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

disableregistrytools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}

EnableSecureUIAPath = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS5.1ImportMediaOnArrival\
Provider = Adobe Bridge CS5.1
InvokeProgID = Adobe.adobebridgeCS5.1
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5.1\shell\launch\command\(Default) = C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

Fotoimport3018-38\
Provider = CEWE FOTOIMPORTER
InvokeProgID = Fotoimport3018-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoimport3018-38\shell\play\command\(Default) = "D:\Mueller Photo\Mueller Foto\CEWE FOTOIMPORTER.exe" -startDirectory %1 [null data]

Fotoschau3018-38\
Provider = CEWE FOTOSCHAU
InvokeProgID = Fotoschau3018-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoschau3018-38\shell\play\command\(Default) = "D:\Mueller Photo\Mueller Foto\CEWE FOTOSCHAU.exe" -d %1 [null data]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

TosDVDPlayHandler\
Provider = TOSHIBA DVD PLAYER
InvokeProgID = TosDvdPlayer
InvokeVerb = play
HKLM\SOFTWARE\Classes\TosDvdPlayer\shell\play\command\(Default) = "C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe" [TOSHIBA Corporation]

WIA_{0553DF1C-4F8F-4CCD-8F4E-5FB384A4963D}\
Provider = Photoshop
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;F:\Adobe_PS_CS5_PORTABLE\APSCS5PODT\Adobe Photoshop CS5\App\PhotoshopCS5\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM.CLSID} = WPDShextAutoplay
                \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{43C64962-5AAD-40F3-A959-E2CFEA45E98C}\
Provider = Photoshop
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;G:\Adobe_PS_CS5_PORTABLE\APSCS5PODT\Adobe Photoshop CS5\App\PhotoshopCS5\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM.CLSID} = WPDShextAutoplay
                \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{F9591107-1C8B-419D-8DA7-11A4A7E95DF2}\
Provider = Photoshop
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Users\Nicolas\Downloads\Adobe_PS_CS5_PORTABLE\APSCS5PODT\Adobe Photoshop CS5\App\PhotoshopCS5\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM.CLSID} = WPDShextAutoplay
                \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Startup items in "Nicolas" & "All Users" startup folders:
---------------------------------------------------------

C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Nicolas-TOSH-Nicolas ->  launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [file not found]
ConfigFree Startup Programs ->  launches: C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [TOSHIBA CORPORATION]
CreateChoiceProcessTask ->  launches: C:\Windows\System32\browserchoice.exe /launch [MS]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
{5457E41B-0AAA-4E25-8C87-FDB2D586DC1E} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nicolas\Downloads\Digidesign_Audio_Drivers_70\Digidesign Audio Drivers 7.0\Digidesign Audio Drivers Setup.exe" -d "C:\Users\Nicolas\Downloads\Digidesign_Audio_Drivers_70\Digidesign Audio Drivers 7.0" [MS]
{77E055D8-B9B0-469B-B04F-384BCA60E9C9} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nicolas\AppData\Local\Temp\Temp1_PTLE_Audio_Drivers_64bit_v804b_63887.zip\Digidesign Audio Drivers Setup (x64).exe" [MS]
{97F3DC05-419E-4FCA-BFB1-B02D0A42A32E} ->  launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nicolas\Downloads\tbrusha_open_studio.exe -d C:\Users\Nicolas\Downloads [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM.Wow.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                    \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM.CLSID} = Certificate Services Client Task Handler
                \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM.Wow.CLSID} = Certificate Services Client Task Handler
                    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM.CLSID} = Certificate Services Client Task Handler
                \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM.Wow.CLSID} = Certificate Services Client Task Handler
                    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM.CLSID} = KernelCeipCustomHandler
                \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader ->  launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM.CLSID} = UsbCeip
                \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM.Wow.CLSID} = UsbCeip
                    \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM.CLSID} = ScheduledDiagnosticCustomHandler
                \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM.CLSID} = WinSAT Task Manger Task
                \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM.Wow.CLSID} = WinSAT Task Manger Task
                    \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM.CLSID} = MemoryDiagnosticCustomHandler
                \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM.CLSID} = MemoryDiagnosticCustomHandler
                \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM.CLSID} = HotStart User Agent
                \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM.CLSID} = Microsoft PlaySoundService Class
                \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM.Wow.CLSID} = Microsoft PlaySoundService Class
                    \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40b4-8963-D3C761B18371}
  -> {HKLM.CLSID} = PerfTrack TaskHandler class
                \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM.CLSID} = ReliabilityAnalysisCustomHandler
                \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM.Wow.CLSID} = ReliabilityAnalysisCustomHandler
                    \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM.CLSID} = RasMobilityManager
                \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM.CLSID} = RegistryIdleBackupHandler
                \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM.CLSID} = GadgetsManager Class
                \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC
InputPersonalization ->  launches: %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM.CLSID} = RunTask
                \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM.Wow.CLSID} = RunTask
                    \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM.CLSID} = MsCtfMonitor task handler
                \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM.Wow.CLSID} = MsCtfMonitor task handler
                    \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM.CLSID} = DiagnosticInfrastructureCustomHandler
                \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM.Wow.CLSID} = DiagnosticInfrastructureCustomHandler
                    \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
MpIdleTask -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM.Wow.CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3180819497-3685930599-3810110381-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{2318C2B1-4965-11D4-9B18-009027A5CD4F}
  -> {HKLM.CLSID} = Google Toolbar
                \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM.CLSID} = Google Toolbar
                \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8DCB7100-DF86-4384-8842-8FA844297B3F} = Bing
  -> {HKLM.Wow.CLSID} = Bing Bar
                    \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM.Wow.CLSID} = Google Toolbar
                    \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Explorer Bars

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{0000036B-C524-4050-81A0-243669A86B9F}\
ButtonText = @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600
CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}
  -> {HKLM.Wow.CLSID} = Windows Live Messenger Companion Command Bar Button
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS]

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM.Wow.CLSID} = BlogThisToolbarButton Class
                    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM.Wow.CLSID} = Send to OneNote from Internet Explorer button
                    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM.Wow.CLSID} = &Research
                    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS]


HOSTS file
----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 8 domain names to IP addresses,
      6 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
CodeMeter Runtime Server, CodeMeter.exe, "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [WIBU-SYSTEMS AG]
ConfigFree Gadget Service, ConfigFree Gadget Service, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [TOSHIBA CORPORATION]
ConfigFree Service, ConfigFree Service, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [TOSHIBA CORPORATION]
ConfigFree WiMAX Service, cfWiMAXService, "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [TOSHIBA CORPORATION]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Digidesign MME Refresh Service, DigiRefresh, C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [Avid, Inc. All rights reserved.]
iPod-Dienst, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
Notebook Performance Tuning Service (TEMPRO), TemproMonitoringService, "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [null data]
SeaPort, SeaPort, "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [MS]
TOSHIBA eco Utility Service, TOSHIBA eco Utility Service, "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [TOSHIBA Corporation]
TOSHIBA HDD SSD Alert Service, TOSHIBA HDD SSD Alert Service, "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [TOSHIBA Corporation]
TOSHIBA Optical Disc Drive Service, TODDSrv, C:\Windows\system32\TODDSrv.exe [TOSHIBA Corporation]
TOSHIBA Power Saver, TosCoSrv, "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [TOSHIBA Corporation]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
WTService, WTService, C:\Windows\system32\atwtusb.exe -s [null data]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MpfService, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
CutePDF Writer Monitor\Driver = cpwmon64.dll [null data]
PDFCreator\Driver = pdfcmnnt.dll [null data]

ryder 03.04.2013 19:55
Nun es ist nicht wirklich irgendwas zu sehen...

Anders gefragt, taucht das nur an diesem Computer auf oder auch an anderen Computern die über deinen Anschuss mit Internet versorgt werden?

Leyanor 03.04.2013 20:17
Soweit ich weiss tritt das nur bei mir auf. Allerdings bin ich auch der einzige im Haus, der Windows nutzt. Könnte sein, dass Mac diese Pop-ups schon bekannt sind.

Seltsamerweise tritt es aber nicht bei jeder Internetseite auf.
Am häufigsten treten die Pop ups bei populären Seiten auf. Ganz extrem tumblr.
Facebook wiederum bleibt komplett verschohnt. Meine eigene Website zeigt ebenfalls keine Aktivität. Outlook und Paypal sind ebenfalls frei.
Deviantart wiederum "verseucht" und viele Foren, darunter das Trojaner-Board, ebenfalls.

ryder 03.04.2013 20:30
Tritt es in Firefox auf, wenn du abgesichert startest?

Abgesicherter Modus | Hilfe zu Firefox

Leyanor 03.04.2013 20:34
Die ersten zwei Minuten schien es zu funktionieren, leider ist dann während dem Schreiben dieser Antwort wieder eins aufgetaucht...

ryder 03.04.2013 20:36
Installiere dir mal zum Spass Opera und schau ob es da auch passiert.

Leyanor 03.04.2013 20:41
Die Popups die seit zwei Wochen vorkommen scheinen da nicht aufzutauchen, dafür aber die, die davor da waren. - ist also nicht weg.
Scheint aber irgendwie von ILivid zu kommen. Problem ist nur, dass ich ILivid nicht auf meinem PC habe - oder zumindest nicht mehr.

ryder 03.04.2013 20:53
Das ist ja echt verzwickt bei dir. Ich möchte mir das gerne nochmal genauer ansehen.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Wir machen nochmal

AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 3:
Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

Leyanor 04.04.2013 13:47
AdwCleaner:
Code:
# AdwCleaner v2.200 - Logfile created 04/04/2013 at 13:42:49
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nicolas - NICOLAS-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Nicolas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [892 octets] - [04/04/2013 13:42:49]

########## EOF - C:\AdwCleaner[S1].txt - [951 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nicolas on 04.04.2013 at 13:49:57.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Emptied folder: C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\minidumps [81 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2013 at 14:20:03.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL.txt
Code:
OTL logfile created on: 4/4/2013 2:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Nicolas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.92% Memory free
7.68 Gb Paging File | 5.67 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 3.57 Gb Free Space | 2.39% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 97.59 Gb Free Space | 65.65% Space Free | Partition Type: NTFS
 
Computer Name: NICOLAS-TOSH | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nicolas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid, Inc. All rights reserved.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WTService) -- C:\Windows\SysNative\atwtusb.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DigiRefresh) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid, Inc. All rights reserved.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (YMIDUSBW) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MBX2DFU) -- C:\Windows\SysNative\drivers\dgmbx2fu.sys (Avid Technology, Inc.)
DRV:64bit: - (DGUSBAP) -- C:\Windows\SysNative\drivers\dgmbx2.sys (Avid Technology, Inc.)
DRV:64bit: - (PRESONUS_AUDIOBOX_USB) -- C:\Windows\SysNative\drivers\psabusbu.sys (Ploytec GmbH)
DRV:64bit: - (PRESONUS_AUDIOBOX_WDM) -- C:\Windows\SysNative\drivers\psabusba.sys (Ploytec GmbH)
DRV:64bit: - (PRESONUS_AUDIOBOX_MIDI) -- C:\Windows\SysNative\drivers\psabusbm.sys (Ploytec GmbH)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\walvhid.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (moufiltr) -- C:\Windows\SysNative\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (ControlTransferDriver) -- C:\Windows\SysNative\drivers\PreSonusUSB_xfer.sys (PreSonus Audio Electronics)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{35150E16-8780-450B-A9BD-D2A8B09462F8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYCH&apn_uid=81d0cd2b-6e84-477a-ad6f-254142e3bb23&apn_sauid=FB6F1533-49ED-4E42-9F36-79247A70312E
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_enCH368
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{96527F6A-30FE-4CA3-9ABF-9059C4429721}: "URL" = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\SearchScopes\{E4906BB9-7BD7-41C7-A684-4A40B3A87254}: "URL" = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 18:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/19 18:11:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/17 17:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Extensions
[2013/04/03 19:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions
[2013/04/03 19:38:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\yyj2h0a1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/23 15:06:05 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\extension@preispilot.com.xpi
[2013/03/11 15:05:21 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/03/24 15:43:23 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/14 21:00:14 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\firefox\profiles\yyj2h0a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 14:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/19 18:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/19 18:11:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/14 23:21:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/19 17:59:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.ch/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Princess Luna Theme = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgegimlgkachmbieeilacjkonkbaken\1_0\
CHR - Extension: Dropbox = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.4_1\
CHR - Extension: Gmail = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/08/07 13:01:48 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 78.46.61.26 www.google-analytics.com.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AtwtusbIcon] C:\Windows\SysNative\AtwtusbIcon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nicolas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3180819497-3685930599-3810110381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286A21A7-DC3C-45FD-BF73-D50549AB8351}: DhcpNameServer = 194.230.1.71 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD6D1BFD-E142-4B04-9FF0-B192D3D03EF1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/04 14:23:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2013/04/04 13:49:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/04 13:48:19 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nicolas\Desktop\JRT.exe
[2013/04/03 21:42:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/03 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Opera
[2013/04/03 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\Opera
[2013/04/03 21:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera x64
[2013/04/03 21:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera x64
[2013/04/03 20:05:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/03 19:48:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/03 13:42:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/03 13:09:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/30 17:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\Programs
[2013/03/30 07:08:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Egosoft
[2013/03/26 15:55:24 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2013/03/26 15:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftColor
[2013/03/26 15:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftColor PhotoEQ
[2013/03/26 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftColorPhotoEQ
[2013/03/26 15:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013/03/26 15:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013/03/26 15:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 14:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2013/04/04 13:52:27 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:52:27 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:51:50 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 13:51:50 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 13:51:50 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 13:48:27 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nicolas\Desktop\JRT.exe
[2013/04/04 13:47:21 | 000,001,020 | ---- | M] () -- C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/04 13:46:59 | 000,000,992 | ---- | M] () -- C:\Users\Nicolas\Desktop\Dropbox.lnk
[2013/04/04 13:45:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 13:44:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 13:44:01 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 13:42:02 | 000,010,754 | ---- | M] () -- C:\Users\Nicolas\Documents\Meine Bestellungen.odt
[2013/04/04 13:41:17 | 000,613,083 | ---- | M] () -- C:\Users\Nicolas\Desktop\adwcleaner.exe
[2013/04/04 13:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 13:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 13:28:49 | 000,026,115 | ---- | M] () -- C:\Users\Nicolas\Documents\Playpony doc.odt
[2013/04/03 21:38:05 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/04/03 20:08:10 | 001,266,704 | ---- | M] () -- C:\Users\Nicolas\Desktop\zoek.exe
[2013/04/03 18:50:49 | 000,063,465 | ---- | M] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/04/03 16:00:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 22:58:22 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
[2013/04/02 21:26:39 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/04/02 21:18:40 | 001,310,772 | ---- | M] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/04/02 21:02:35 | 033,816,628 | ---- | M] () -- C:\Users\Nicolas\Documents\test.reason
[2013/04/02 21:01:24 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\frecnhcore... once again2.reason
[2013/03/30 19:00:26 | 000,037,365 | ---- | M] () -- C:\Users\Nicolas\Documents\Anti malware forums post.odt
[2013/03/30 04:45:58 | 000,000,041 | ---- | M] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/27 12:45:10 | 000,016,831 | ---- | M] () -- C:\Users\Nicolas\Documents\EU-M 13.odt
[2013/03/26 22:34:08 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Needs more Terrorcore.reason
[2013/03/26 15:12:53 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/24 22:15:57 | 000,786,484 | ---- | M] () -- C:\Users\Nicolas\Documents\IP Ang.reason
[2013/03/24 22:15:21 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\dubstäääähp.reason
[2013/03/23 00:35:29 | 001,572,916 | ---- | M] () -- C:\Users\Nicolas\Documents\InfectedPonyz YOU MOTHERFUCKING RANDOM SHIT.reason
[2013/03/20 19:54:44 | 001,048,628 | ---- | M] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/20 13:40:29 | 000,009,412 | ---- | M] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 18:21:22 | 000,020,128 | ---- | M] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/07 19:32:41 | 000,048,917 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.pdf
[2013/03/07 18:14:13 | 000,021,033 | ---- | M] () -- C:\Users\Nicolas\Documents\Schule Black Rider text.odt
[2013/03/06 17:55:25 | 000,127,945 | ---- | M] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/04 13:41:11 | 000,613,083 | ---- | C] () -- C:\Users\Nicolas\Desktop\adwcleaner.exe
[2013/04/04 13:30:43 | 000,010,754 | ---- | C] () -- C:\Users\Nicolas\Documents\Meine Bestellungen.odt
[2013/04/03 21:38:05 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013/04/03 21:38:05 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/04/03 20:08:02 | 001,266,704 | ---- | C] () -- C:\Users\Nicolas\Desktop\zoek.exe
[2013/04/03 18:50:49 | 000,063,465 | ---- | C] () -- C:\Users\Nicolas\.recently-used.xbel
[2013/04/02 21:18:38 | 001,572,916 | ---- | C] () -- C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
[2013/03/30 19:00:24 | 000,037,365 | ---- | C] () -- C:\Users\Nicolas\Documents\Anti malware forums post.odt
[2013/03/30 04:45:58 | 000,000,041 | ---- | C] () -- C:\Users\Nicolas\.gtk-bookmarks
[2013/03/29 00:21:46 | 033,816,628 | ---- | C] () -- C:\Users\Nicolas\Documents\test.reason
[2013/03/26 15:12:53 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2013/03/23 01:05:41 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\rev bass sounddesg.reason
[2013/03/20 19:23:22 | 001,048,628 | ---- | C] () -- C:\Users\Nicolas\Documents\Jonas Mix.reason
[2013/03/19 20:50:00 | 000,009,412 | ---- | C] () -- C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
[2013/03/19 18:21:19 | 000,020,128 | ---- | C] () -- C:\Users\Nicolas\Documents\plpny.odt
[2013/03/07 18:17:59 | 001,310,772 | ---- | C] () -- C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
[2013/03/06 17:55:21 | 000,127,945 | ---- | C] () -- C:\Users\Nicolas\Documents\adress Achim.pdf
[2012/12/31 20:37:48 | 000,004,305 | ---- | C] () -- C:\Windows\jpvxmbb64.ini
[2012/12/31 20:37:48 | 000,001,442 | ---- | C] () -- C:\Windows\crcvq.ini
[2012/12/19 19:01:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/10/07 00:21:05 | 000,019,752 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Local.rar
[2012/06/12 22:07:50 | 006,518,312 | ---- | C] () -- C:\Users\Nicolas\DSCN0218.JPG
[2012/06/12 22:07:50 | 006,489,988 | ---- | C] () -- C:\Users\Nicolas\DSCN0216.JPG
[2012/03/21 19:47:20 | 000,765,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 22:44:45 | 000,896,104 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.39.png
[2012/02/08 22:44:45 | 000,886,843 | ---- | C] () -- C:\Users\Nicolas\2012-02-08_18.32.36.png
[2011/11/30 19:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{B642EC8E-7E2E-4957-B599-F8460982D199}
[2011/11/27 19:20:12 | 000,000,000 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\{A8063AD1-FFB6-4922-AF23-C4BAC29A607E}
[2011/09/03 15:05:53 | 000,000,132 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/04 15:14:50 | 000,008,263 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010/10/27 16:34:47 | 000,007,597 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\Resmon.ResmonCfg
[2010/09/11 16:32:26 | 000,000,238 | ---- | C] () -- C:\Users\Nicolas\AppData\Roaming\wklnhst.dat
[2010/06/20 19:05:01 | 000,012,800 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.minecraft
[2013/02/02 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\.techniclauncher
[2013/04/01 17:03:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Audacity
[2011/07/16 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Blender Foundation
[2011/06/29 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Celemony Software GmbH
[2011/12/27 17:31:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/09 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/04/04 13:47:30 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Dropbox
[2012/10/06 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft
[2012/02/09 15:56:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\EarMaster
[2012/10/29 21:46:39 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\FreeHideIP
[2013/04/03 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\gtk-2.0
[2011/10/15 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Line 6
[2012/07/19 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\MAGIX
[2011/12/15 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\OpenOffice.org
[2013/04/03 21:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Opera
[2010/02/23 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\PACE Anti-Piracy
[2012/06/19 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Propellerhead Software
[2011/12/08 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Publish Providers
[2013/03/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SoftColor
[2013/04/03 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Solveig Multimedia
[2011/12/08 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Sony
[2012/08/04 16:27:32 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SYSTEMAX Software Development
[2010/09/11 16:34:07 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Template
[2010/03/22 16:27:58 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Toshiba
[2012/08/08 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\TS3Client
[2011/09/30 18:23:29 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >

ryder 04.04.2013 17:13
Zwischenfrage:

Zitat:
O1 - Hosts: 78.46.61.26 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O1 - Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
Hast du diese Hosts mit Absicht gesetzt?

Ausserdem: Entferne bitte mal den Preispilot, der hat eine schlechte Bewertung.

Wenn es dann immer noch nicht weg ist, schauen wir nochmal ob wir so etwas finden:

Scan mit Farbar's Recovery Scan Tool

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick:
Farbar Recovery Scan Tool 32-Bit-Version
Farbar Recovery Scan Tool 64-Bit-Version

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Leyanor 05.04.2013 17:37
Diese Hosts habe ich ziemlich sicher ohne Absicht gesetzt, da ich noch nie überhaupt einen Host gesetzt habe (Was davon herrühren könnte, dass ich Host nur als "Hostserver" kenne... Und ich damit kaum eine Ahnung habe was es ist.)

Zitat:
Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Hier habe ich kurz eine Frage, bevor ich das durchführe:
Ist das ein "entweder oder"?
Also kann ich das per F8 machen, oder brauche ich zwingend die Windows CD?

Was noch wichtig sein könnte:
Ich bin dieses Wochenende wieder sehr beschäftigt und kaum zuhause, weshalb die Zeit vielleicht nicht reicht den Scan durchzuführen. Es könnte also sein, dass ich erst Dienstags die Resultate posten kann.
http://fc07.deviantart.net/fs70/f/20...or-d60it3l.jpg :glaskugel2:


Wenns mir reicht werde ich die Logdatei aber Samstag oder Sonntag Nachmittag posten!

ryder 05.04.2013 17:39
entweder oder ... und dann werden wir die hosts entfernen bei zeiten.

ryder 07.04.2013 12:52
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

ryder 09.04.2013 12:52
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Leyanor 09.04.2013 18:17
So, wie angekündigt, Dienstag und wieder da ;)
Tut mir Leid, dass es so lang gedauert hat, werd gleich ne PM an dich senden.

Hier die Logdatei von frst:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 27 days old)
Ran by SYSTEM at 09-04-2013 19:06:48
Running from G:\Zymbiont
Windows 7 Home Premium  (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [AtwtusbIcon] AtwtusbIcon.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Nicolas\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-04] (Google Inc.)
HKU\Nicolas\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [116104 2009-08-06] (Toshiba Europe GmbH)
2 WTService; C:\Windows\system32\atwtusb.exe -s [581120 2012-10-19] ()
3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x]

==================== Drivers (Whitelisted) =====================

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [312480 2011-07-19] ()
3 ControlTransferDriver; C:\Windows\System32\Drivers\PreSonusUsb_xfer.sys [41664 2008-02-18] (PreSonus Audio Electronics)
3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [214544 2009-12-15] (Avid Technology, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2011-07-19] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [31120 2009-12-15] (Avid Technology, Inc.)
3 moufiltr; C:\Windows\System32\Drivers\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [37496 2009-12-04] (Ploytec GmbH)
3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [462968 2009-12-04] (Ploytec GmbH)
3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [50808 2009-12-04] (Ploytec GmbH)
3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [30336 2007-08-16] (Razer (Asia-Pacific) Pte Ltd)
3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 swmidi;  [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-09 08:52 - 2013-04-09 08:53 - 01466241 ____A (Farbar) C:\Users\Nicolas\Downloads\FRST64.exe
2013-04-08 12:07 - 2013-04-08 12:07 - 00062896 ____A C:\Users\Nicolas\.recently-used.xbel
2013-04-04 04:39 - 2013-04-04 04:39 - 00090976 ____A C:\Users\Nicolas\Desktop\OTL.Txt
2013-04-04 04:39 - 2013-04-04 04:39 - 00076110 ____A C:\Users\Nicolas\Desktop\Extras.Txt
2013-04-04 04:23 - 2013-04-04 04:23 - 00602112 ____A (OldTimer Tools) C:\Users\Nicolas\Desktop\OTL.exe
2013-04-04 04:20 - 2013-04-04 04:20 - 00000880 ____A C:\Users\Nicolas\Desktop\JRT.txt
2013-04-04 03:49 - 2013-04-04 03:49 - 00000000 ____D C:\JRT
2013-04-04 03:48 - 2013-04-04 03:48 - 00551246 ____A (Oleg N. Scherbakov) C:\Users\Nicolas\Desktop\JRT.exe
2013-04-04 03:47 - 2013-04-04 03:47 - 00001019 ____A C:\Users\Nicolas\Documents\AdwCleaner[S1].txt
2013-04-04 03:42 - 2013-04-04 03:43 - 00001019 ____A C:\AdwCleaner[S1].txt
2013-04-04 03:41 - 2013-04-04 03:41 - 00613083 ____A C:\Users\Nicolas\Desktop\adwcleaner.exe
2013-04-04 03:30 - 2013-04-04 03:42 - 00010754 ____A C:\Users\Nicolas\Documents\Meine Bestellungen.odt
2013-04-03 11:38 - 2013-04-03 11:38 - 00001826 ____A C:\Users\Public\Desktop\Opera.lnk
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files\Opera x64
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files (x86)\Opera x64
2013-04-03 11:37 - 2013-04-03 11:37 - 14515560 ____A (Opera Software ASA) C:\Users\Nicolas\Downloads\Opera_1214_int_Setup_x64.exe
2013-04-03 10:09 - 2013-04-03 10:11 - 00050988 ____A C:\zoek-results.log
2013-04-03 10:08 - 2013-04-03 10:08 - 01266704 ____A C:\Users\Nicolas\Desktop\zoek.exe
2013-04-03 10:03 - 2013-04-03 10:03 - 00001252 ____A C:\Users\Nicolas\Documents\DelFix.txt
2013-04-03 09:52 - 2013-04-03 09:52 - 16461048 ____A (Foxit Corporation                                          ) C:\Users\Nicolas\Downloads\FoxitReader545.0124_enu_Setup.exe
2013-04-03 09:48 - 2013-04-04 03:49 - 00000000 ____D C:\Windows\ERUNT
2013-04-03 09:48 - 2013-04-03 09:48 - 00001252 ____A C:\DelFix.txt
2013-04-03 09:34 - 2013-04-03 09:34 - 00000248 ____A C:\Windows\SysWOW64\defogger_enable.log
2013-04-03 06:00 - 2013-04-03 06:00 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100(1).exe
2013-04-03 03:09 - 2013-04-03 09:37 - 00000000 ____D C:\Windows\erdnt
2013-04-02 11:18 - 2013-04-02 12:58 - 01572916 ____A C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
2013-04-02 11:04 - 2013-04-02 11:04 - 00009321 ____A C:\Users\Nicolas\Downloads\Hardwell_-_Encoded__0_0_20111020120035.mid
2013-04-02 03:39 - 2013-04-02 03:50 - 00008121 ____A C:\Windows\IE10_main.log
2013-03-31 06:55 - 2013-03-31 06:55 - 00012701 ____A C:\Users\Nicolas\Desktop\attach.txt
2013-03-30 10:34 - 2013-03-30 10:34 - 00006337 ____A C:\Users\Nicolas\Desktop\Gmer.txt
2013-03-30 09:01 - 2013-03-30 09:01 - 00377856 ____A C:\Users\Nicolas\Downloads\gmer_2.1.19155.exe
2013-03-30 09:00 - 2013-03-30 09:00 - 00037365 ____A C:\Users\Nicolas\Documents\Anti malware forums post.odt
2013-03-30 08:50 - 2013-03-30 08:50 - 00101370 ____A C:\Users\Nicolas\Documents\OTL.Txt
2013-03-30 07:16 - 2013-03-30 07:16 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-29 21:08 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Nicolas\Documents\Egosoft
2013-03-29 18:45 - 2013-03-29 18:45 - 00000041 ____A C:\Users\Nicolas\.gtk-bookmarks
2013-03-28 14:21 - 2013-04-02 11:02 - 33816628 ____A C:\Users\Nicolas\Documents\test.reason
2013-03-27 02:59 - 2013-03-27 02:59 - 00027445 ____A C:\Users\Nicolas\Downloads\rainbow-dash-and-the-infinite-party-favors-of-pinkie-pie.epub
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\ProgramData\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Program Files (x86)\SoftColorPhotoEQ
2013-03-26 05:53 - 2013-03-26 05:53 - 13077576 ____A (SoftColor Oy                                                ) C:\Users\Nicolas\Downloads\PhotoEQSetup.exe
2013-03-26 05:12 - 2013-03-27 07:06 - 00000000 ____D C:\ProgramData\hps
2013-03-26 05:12 - 2013-03-27 04:55 - 00000000 ____D C:\ProgramData\tmp
2013-03-26 05:12 - 2013-03-26 05:12 - 00000715 ____A C:\Users\Public\Desktop\Müller Foto.lnk
2013-03-26 05:09 - 2013-03-26 05:09 - 01567824 ____A C:\Users\Nicolas\Downloads\setup_Mueller_Fotowelt.exe
2013-03-22 15:05 - 2013-04-02 11:26 - 01048628 ____A C:\Users\Nicolas\Documents\rev bass sounddesg.reason
2013-03-20 09:23 - 2013-03-20 09:54 - 01048628 ____A C:\Users\Nicolas\Documents\Jonas Mix.reason
2013-03-19 10:50 - 2013-03-20 03:40 - 00009412 ____A C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
2013-03-19 08:21 - 2013-03-19 08:21 - 00020128 ____A C:\Users\Nicolas\Documents\plpny.odt
2013-03-16 15:33 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-15 05:55 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-15 05:55 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-15 05:55 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-15 05:55 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-15 05:55 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-15 05:55 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-15 05:55 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-15 05:55 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-15 05:55 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-15 05:55 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-15 05:55 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-15 05:55 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-15 05:55 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-15 05:55 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-15 05:55 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-15 05:55 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-15 05:55 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-15 05:55 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-15 05:55 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-15 05:55 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-15 05:55 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-15 05:55 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-15 05:55 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-15 05:55 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 05:55 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-15 05:55 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-15 05:55 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 05:55 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 05:55 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-15 05:55 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-15 05:55 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 05:55 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-12 11:37 - 2013-03-12 11:37 - 00016323 ____A C:\Users\Nicolas\Downloads\hs_err_pid4656.log


==================== One Month Modified Files and Folders =======

2013-04-09 19:06 - 2013-04-09 19:06 - 00000000 ____D C:\FRST
2013-04-09 08:58 - 2010-02-23 08:51 - 01790406 ____A C:\Windows\WindowsUpdate.log
2013-04-09 08:56 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 08:54 - 2011-11-13 09:00 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Skype
2013-04-09 08:53 - 2013-04-09 08:52 - 01466241 ____A (Farbar) C:\Users\Nicolas\Downloads\FRST64.exe
2013-04-09 08:52 - 2011-08-04 04:39 - 00000000 ____D C:\Users\Nicolas\.gimp-2.6
2013-04-09 08:50 - 2013-01-10 14:00 - 00026196 ____A C:\Users\Nicolas\Documents\Playpony doc.odt
2013-04-09 08:41 - 2010-02-23 08:20 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-09 08:35 - 2012-04-15 03:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-09 08:19 - 2011-12-13 13:47 - 00011973 ____A C:\Windows\IE9_main.log
2013-04-08 12:07 - 2013-04-08 12:07 - 00062896 ____A C:\Users\Nicolas\.recently-used.xbel
2013-04-08 12:07 - 2010-02-23 08:09 - 00000000 ____D C:\users\Nicolas
2013-04-08 12:03 - 2011-08-04 04:48 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\gtk-2.0
2013-04-08 11:55 - 2009-07-13 20:51 - 00267386 ____A C:\Windows\setupact.log
2013-04-08 11:55 - 2009-07-13 18:34 - 00000550 ____A C:\Windows\win.ini
2013-04-08 10:41 - 2010-02-23 08:20 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-08 03:15 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-08 03:15 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-07 09:46 - 2012-12-31 10:37 - 00004311 ____A C:\Windows\jpvxmbb64.ini
2013-04-04 04:39 - 2013-04-04 04:39 - 00090976 ____A C:\Users\Nicolas\Desktop\OTL.Txt
2013-04-04 04:39 - 2013-04-04 04:39 - 00076110 ____A C:\Users\Nicolas\Desktop\Extras.Txt
2013-04-04 04:23 - 2013-04-04 04:23 - 00602112 ____A (OldTimer Tools) C:\Users\Nicolas\Desktop\OTL.exe
2013-04-04 04:20 - 2013-04-04 04:20 - 00000880 ____A C:\Users\Nicolas\Desktop\JRT.txt
2013-04-04 03:49 - 2013-04-04 03:49 - 00000000 ____D C:\JRT
2013-04-04 03:49 - 2013-04-03 09:48 - 00000000 ____D C:\Windows\ERUNT
2013-04-04 03:48 - 2013-04-04 03:48 - 00551246 ____A (Oleg N. Scherbakov) C:\Users\Nicolas\Desktop\JRT.exe
2013-04-04 03:47 - 2013-04-04 03:47 - 00001019 ____A C:\Users\Nicolas\Documents\AdwCleaner[S1].txt
2013-04-04 03:47 - 2012-03-16 06:41 - 00000000 ___RD C:\Users\Nicolas\Dropbox
2013-04-04 03:47 - 2012-03-16 06:39 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Dropbox
2013-04-04 03:46 - 2012-03-16 06:41 - 00000992 ____A C:\Users\Nicolas\Desktop\Dropbox.lnk
2013-04-04 03:44 - 2009-09-04 06:38 - 00577092 ____A C:\Windows\PFRO.log
2013-04-04 03:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-04 03:43 - 2013-04-04 03:42 - 00001019 ____A C:\AdwCleaner[S1].txt
2013-04-04 03:42 - 2013-04-04 03:30 - 00010754 ____A C:\Users\Nicolas\Documents\Meine Bestellungen.odt
2013-04-04 03:41 - 2013-04-04 03:41 - 00613083 ____A C:\Users\Nicolas\Desktop\adwcleaner.exe
2013-04-03 11:38 - 2013-04-03 11:38 - 00001826 ____A C:\Users\Public\Desktop\Opera.lnk
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Opera
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files\Opera x64
2013-04-03 11:38 - 2013-04-03 11:38 - 00000000 ____D C:\Program Files (x86)\Opera x64
2013-04-03 11:37 - 2013-04-03 11:37 - 14515560 ____A (Opera Software ASA) C:\Users\Nicolas\Downloads\Opera_1214_int_Setup_x64.exe
2013-04-03 10:11 - 2013-04-03 10:09 - 00050988 ____A C:\zoek-results.log
2013-04-03 10:08 - 2013-04-03 10:08 - 01266704 ____A C:\Users\Nicolas\Desktop\zoek.exe
2013-04-03 10:04 - 2012-07-19 06:35 - 00000000 ____D C:\ProgramData\MAGIX
2013-04-03 10:03 - 2013-04-03 10:03 - 00001252 ____A C:\Users\Nicolas\Documents\DelFix.txt
2013-04-03 10:03 - 2011-08-25 06:00 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Solveig Multimedia
2013-04-03 09:52 - 2013-04-03 09:52 - 16461048 ____A (Foxit Corporation                                          ) C:\Users\Nicolas\Downloads\FoxitReader545.0124_enu_Setup.exe
2013-04-03 09:48 - 2013-04-03 09:48 - 00001252 ____A C:\DelFix.txt
2013-04-03 09:37 - 2013-04-03 03:09 - 00000000 ____D C:\Windows\erdnt
2013-04-03 09:34 - 2013-04-03 09:34 - 00000248 ____A C:\Windows\SysWOW64\defogger_enable.log
2013-04-03 06:00 - 2013-04-03 06:00 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100(1).exe
2013-04-03 06:00 - 2012-10-06 12:09 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-03 06:00 - 2012-10-06 12:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-03 03:42 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-04-03 03:28 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-04-02 12:58 - 2013-04-02 11:18 - 01572916 ____A C:\Users\Nicolas\Documents\Zymbiont - another hardstyle song.reason
2013-04-02 11:26 - 2013-03-22 15:05 - 01048628 ____A C:\Users\Nicolas\Documents\rev bass sounddesg.reason
2013-04-02 11:18 - 2013-03-07 08:17 - 01310772 ____A C:\Users\Nicolas\Documents\Zymbiont - A Hardstyle Song.reason
2013-04-02 11:04 - 2013-04-02 11:04 - 00009321 ____A C:\Users\Nicolas\Downloads\Hardwell_-_Encoded__0_0_20111020120035.mid
2013-04-02 11:02 - 2013-03-28 14:21 - 33816628 ____A C:\Users\Nicolas\Documents\test.reason
2013-04-02 11:01 - 2013-01-13 14:22 - 01572916 ____A C:\Users\Nicolas\Documents\frecnhcore... once again2.reason
2013-04-02 03:50 - 2013-04-02 03:39 - 00008121 ____A C:\Windows\IE10_main.log
2013-04-01 07:03 - 2011-09-02 05:33 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Audacity
2013-03-31 06:55 - 2013-03-31 06:55 - 00012701 ____A C:\Users\Nicolas\Desktop\attach.txt
2013-03-30 13:56 - 2012-05-13 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-30 11:08 - 2011-08-06 11:37 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Procaster
2013-03-30 10:34 - 2013-03-30 10:34 - 00006337 ____A C:\Users\Nicolas\Desktop\Gmer.txt
2013-03-30 09:01 - 2013-03-30 09:01 - 00377856 ____A C:\Users\Nicolas\Downloads\gmer_2.1.19155.exe
2013-03-30 09:00 - 2013-03-30 09:00 - 00037365 ____A C:\Users\Nicolas\Documents\Anti malware forums post.odt
2013-03-30 08:50 - 2013-03-30 08:50 - 00101370 ____A C:\Users\Nicolas\Documents\OTL.Txt
2013-03-30 07:16 - 2013-03-30 07:16 - 10156344 ____A (Malwarebytes Corporation                                    ) C:\Users\Nicolas\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-29 21:08 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Nicolas\Documents\Egosoft
2013-03-29 18:45 - 2013-03-29 18:45 - 00000041 ____A C:\Users\Nicolas\.gtk-bookmarks
2013-03-27 07:06 - 2013-03-26 05:12 - 00000000 ____D C:\ProgramData\hps
2013-03-27 04:55 - 2013-03-26 05:12 - 00000000 ____D C:\ProgramData\tmp
2013-03-27 02:59 - 2013-03-27 02:59 - 00027445 ____A C:\Users\Nicolas\Downloads\rainbow-dash-and-the-infinite-party-favors-of-pinkie-pie.epub
2013-03-27 02:45 - 2013-01-08 12:56 - 00016831 ____A C:\Users\Nicolas\Documents\EU-M 13.odt
2013-03-26 12:34 - 2012-12-26 05:41 - 00786484 ____A C:\Users\Nicolas\Documents\IP Needs more Terrorcore.reason
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\ProgramData\SoftColor
2013-03-26 05:55 - 2013-03-26 05:55 - 00000000 ____D C:\Program Files (x86)\SoftColorPhotoEQ
2013-03-26 05:53 - 2013-03-26 05:53 - 13077576 ____A (SoftColor Oy                                                ) C:\Users\Nicolas\Downloads\PhotoEQSetup.exe
2013-03-26 05:12 - 2013-03-26 05:12 - 00000715 ____A C:\Users\Public\Desktop\Müller Foto.lnk
2013-03-26 05:09 - 2013-03-26 05:09 - 01567824 ____A C:\Users\Nicolas\Downloads\setup_Mueller_Fotowelt.exe
2013-03-24 12:15 - 2013-02-09 08:09 - 01048628 ____A C:\Users\Nicolas\Documents\dubstäääähp.reason
2013-03-24 12:15 - 2013-01-07 03:05 - 00786484 ____A C:\Users\Nicolas\Documents\IP Ang.reason
2013-03-22 14:35 - 2012-12-20 08:33 - 01572916 ____A C:\Users\Nicolas\Documents\InfectedPonyz YOU MOTHERFUCKING RANDOM SHIT.reason
2013-03-20 09:54 - 2013-03-20 09:23 - 01048628 ____A C:\Users\Nicolas\Documents\Jonas Mix.reason
2013-03-20 03:40 - 2013-03-19 10:50 - 00009412 ____A C:\Users\Nicolas\Documents\aaall the links to print you own label on stuff.odt
2013-03-19 08:21 - 2013-03-19 08:21 - 00020128 ____A C:\Users\Nicolas\Documents\plpny.odt
2013-03-19 08:11 - 2013-02-27 09:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-19 07:55 - 2012-05-14 03:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-19 07:55 - 2012-05-14 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-03-19 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-03-18 07:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-17 05:42 - 2012-04-17 07:15 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\.minecraft
2013-03-15 06:00 - 2010-02-24 08:13 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-15 05:59 - 2009-09-04 06:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-12 12:35 - 2012-04-15 03:35 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-12 12:35 - 2011-08-09 03:23 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-12 11:37 - 2013-03-12 11:37 - 00016323 ____A C:\Users\Nicolas\Downloads\hs_err_pid4656.log

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3932.88 MB
Available physical RAM: 3317.27 MB
Total Pagefile: 3931.02 MB
Available Pagefile: 3317.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:2.92 GB) NTFS
2 Drive e: (Data) (Fixed) (Total:148.65 GB) (Free:97.59 GB) NTFS
4 Drive g: (USB-HDD) (Fixed) (Total:931.51 GB) (Free:796.43 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status        Size    Free    Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B       
  Disk 1    Online          931 GB      0 B       

Partitions of Disk 0:
===============

Disk ID: C541C82A

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            400 MB  1024 KB
  Partition 2    Primary            149 GB  401 MB
  Partition 3    Primary            148 GB  149 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1    Y  SYSTEM      NTFS  Partition    400 MB  Healthy           

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2    C  WINDOWS      NTFS  Partition    149 GB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3    E  Data        NTFS  Partition    148 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: 715D6887

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB    31 KB

==================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    G  USB-HDD      NTFS  Partition    931 GB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: C541C82A

Partition 1:
=========
Hex: 80202100071E2B330008000000800C00
Active: YES
Type: 07 (NTFS)
Size: 400 MB

Partition 2:
=========
Hex: 001E2C3307FEFFFF00880C000070A112
Active: NO
Type: 07 (NTFS)
Size: 149 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00F8AD1200F09412
Active: NO
Type: 07 (NTFS)
Size: 149 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 715D6887

Partition 1:
=========
Hex: 0001010007FEFFFE3F00000082597074
Active: NO
Type: 07 (NTFS)
Size: 932 GB


Last Boot: 2013-02-15 03:54

==================== End Of Log =============================

ryder 09.04.2013 18:45
Okay andere Idee

Scan mit ZOEK

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Klicke auch auf "Options" und wähle die folgenden Optionen aus:
    • Reset Hosts
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Hat es das schon beseitigt?

ryder 11.04.2013 08:44
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Leyanor 11.04.2013 17:05
Hmm, immernoch da...

Code:
Zoek.exe Version 4.0.0.2 Updated 08-April-2013
Tool run by Nicolas on 11.04.2013 at 17:48:20.49.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results03.04.2013-2011.log        50988 bytes

After Reboot

==== Reset Hosts File ======================

Failed to Reset Hosts File

ryder 11.04.2013 17:24
Immer noch? Das ist echt seltsam.

Mal ganz was anderes. Prüfe doch mal ob es im abgesicherten Modus auch auftritt.

Leyanor 11.04.2013 19:31
Moment, Fehler meinerseits.

Als ich das Log posten wollte hat es mich wieder auf die Downloadseite von PC Performer redirected. Seither ist aber kein Pop up mehr und keine Redirection vorgekommen. Sofern es also in nächster Zeit nicht mehr vorkommt scheint es behoben zu sein.

ryder 11.04.2013 19:34
Lösche mal den Browsercache. Es sollte eigentlich nicht mehr kommen.

Leyanor 11.04.2013 19:57
Yup, scheint weg zu sein.
Vielen herzlichen Dank für die Hilfe! Fühlt sich gut an wieder normal arbeiten zu können :Boogie:

:dankeschoen:

ryder 11.04.2013 20:17
Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20