Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner - Dateinamen vollständig erhalten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.06.2012, 13:17   #1
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Hallo,
ich habe mir heute den Verschlüsselungstrojaner eingefangen, der einen mit der Nachricht "Sie haben sich mit einem Windows Verschlüsselungstrojaner infiziert." begrüßt.

Mittlerweile habe ich schon einige Threads überflogen. Überall ist die Rede von Dateien, deren Name mit "locked" versehen wird oder deren Name ausschließlich zufällige Buchstabenfolgen enthält.
In meinem Fall sieht es jedoch anders aus. Ich habe meinen Rechner im abgesicherten Modus gestartet und lasse momentan Malwarebytes laufen. Währenddessen habe ich festgestellt, dass meine Dateinamen alle vollständig erhalten sind, die Dateien selbst aber natürlich verschlüsselt.
EDIT: Komischerweise trifft das nicht auf alle Dateien zu. Manche haben ihren ursprünglichen Namen behalten, andere einen Namen mit wirrer Buchstabenfolge. Möglicherweise war die Verschlüsselung noch nicht abgeschlossen?

An Symptomen kann ich sonst nur beschreiben, dass die Systemwiederherstellung deaktiviert ist, obwohl ich diese laufen hatte.
Außerdem befindet sich eine "ACHTUNG - LESEN".txt auf meinem Desktop. Ich weiß nicht, ob das bisher immer der Fall war.


Wie soll ich als erstes vorgehen? Den Trojaner entfernen?

Außerdem: Kann ich meine externe Festplatte jetzt an einen nicht infizierten Rechner anschließen oder wird der Trojaner dadurch möglicherweise übertragen? Die Festplatte war zum Zeitpunkt der Infektion am infizierten Rechner angeschlossen. Als ich bemerkt hatte, dass sich einige Dateien nicht mehr öffnen ließen und die Festplatte arbeitet, obwohl ich keinen Befehl gegeben hatte, habe ich den Rechner sofort heruntergefahren und die Festplatte entfernt. Sie ist also nicht im Malwayrebytes-Scan eingeschlossen.

PS: Hier endlich der Malwarebytes-Scan. Bin mir nicht sicher ob der aussagekräftig ist, also werde ich noch einen OTL-Scan nachliefern.
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.23.03

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Toshiba :: TOSHIBA-TOSH [Administrator]

23.06.2012 13:00:24
mbam-log-2012-06-23 (14-12-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 565318
Laufzeit: 1 Stunde(n), 5 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\$Recycle.Bin\S-1-5-21-3237340785-2373809859-641640779-1001\$RAS8PR0.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Toshiba\AppData\Roaming\Fffiw\urrtvftkyj.exe (Trojan.Ransom.AMNGen) -> Keine Aktion durchgeführt.

(Ende)
         

Alt 23.06.2012, 13:34   #2
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Hier jetzt auch der OTL-Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.06.2012 14:23:00 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 71,05% Memory free
7,86 Gb Paging File | 6,95 Gb Available in Paging File | 88,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,10 Gb Total Space | 249,09 Gb Free Space | 54,73% Space Free | Partition Type: NTFS
 
Computer Name: TOSHIBA-TOSH | User Name: Toshiba | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.22 23:55:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 15:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010.02.23 18:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.10.21 10:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.06.09 16:50:15 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.04 18:12:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.30 21:05:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.04.15 02:58:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.17 15:37:10 | 000,189,808 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.06.30 21:05:51 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 21:05:51 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.05 02:43:56 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.12.23 16:36:54 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.04.09 16:49:20 | 000,330,856 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.02.03 12:04:00 | 000,060,408 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010.01.28 07:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.01.15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009.09.23 11:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.05 13:56:00 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.30 22:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.28 21:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.07.24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009.06.29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.29 11:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.19 11:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.19 10:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.06.17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.19 22:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.04.24 19:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006.10.23 17:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F25AC26F-DAC3-47C5-BD78-8E92E86FCA71}
IE:64bit: - HKLM\..\SearchScopes\{F25AC26F-DAC3-47C5-BD78-8E92E86FCA71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {58B8D8D1-4BCF-41DC-B042-04471E12AC65}
IE - HKLM\..\SearchScopes\{58B8D8D1-4BCF-41DC-B042-04471E12AC65}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.msn.com [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {58B8D8D1-4BCF-41DC-B042-04471E12AC65}
IE - HKCU\..\SearchScopes\{1DE67BD1-D915-4A66-A0C9-BAE966E9CD1A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{37BC099D-EF52-4DB1-A685-579613C72A6E}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{8EDE9C3B-2F05-47B4-A66F-A3FC9856220D}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Toshiba\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Toshiba\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 18:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 12:43:06 | 000,000,000 | ---D | M]
 
[2012.04.15 00:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions
[2012.04.15 00:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.05.04 18:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\kq7syvmu.default\extensions
[2011.07.17 21:38:55 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\kq7syvmu.default\extensions\firefox-support@vworldc.com
[2011.06.05 02:44:01 | 000,002,055 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\kq7syvmu.default\searchplugins\daemon-search.xml
[2011.10.29 17:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.20 11:06:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.11 19:38:08 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KQ7SYVMU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.04 18:01:57 | 000,216,913 | ---- | M] () (No name found) -- C:\USERS\TOSHIBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KQ7SYVMU.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI
[2012.05.04 18:12:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.05.04 18:12:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.04 18:12:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.04 18:12:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 18:12:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.04 18:12:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 18:12:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Share Button = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\idaeealfhcijmeigljaopafdapgijdcb\1.1.0.12_0\
CHR - Extension: Skype Click to Call = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Mail-Checker = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Google Mail = C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE570C23-503A-4907-83BF-025329CA2BEB}: DhcpNameServer = 129.143.2.1 129.143.2.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b347d20-cd8a-11e0-a01c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b347d20-cd8a-11e0-a01c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{6a24c0c0-9028-11e0-be01-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a24c0c0-9028-11e0-be01-806e6f6e6963}\Shell\AutoRun\command - "" = G:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 13:36:03 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\sample pictures
[2012.06.23 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
[2012.06.23 12:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.23 12:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.23 12:59:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.06.23 12:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.23 11:48:11 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Fffiw
[2012.06.21 22:18:06 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\magic eye
[2012.06.21 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Macromedia
[2012.06.18 19:55:48 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\TagScanner
[2012.06.18 19:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
[2012.06.18 19:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagScanner
[2012.06.17 10:53:16 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\progress
[2012.06.17 10:48:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\New folder
[2012.06.10 13:07:08 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Tierphys Kurs
[2012.06.08 11:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.08 11:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.06.03 16:18:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\verschiedene bilder
[2012.06.01 10:26:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\VL
[2012.05.27 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\The Elder Scrolls V- Skyrim
[2012.05.27 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Skyrim
[2012.05.27 01:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012.05.27 01:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.05.27 01:02:42 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Oblivion
[2012.05.27 01:02:42 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\My Games
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 13:37:27 | 000,019,458 | ---- | M] () -- C:\Users\Toshiba\Desktop\DecryptHelper-0.5.jar
[2012.06.23 12:55:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.06.23 12:55:04 | 3166,703,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.23 12:12:15 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.23 11:14:00 | 000,001,128 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237340785-2373809859-641640779-1001UA.job
[2012.06.23 11:14:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.23 09:49:47 | 000,001,076 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3237340785-2373809859-641640779-1001Core.job
[2012.06.22 18:06:10 | 000,528,417 | ---- | M] () -- C:\Users\Toshiba\Desktop\Protokoll A.pdf
[2012.06.22 12:40:17 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 12:40:17 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 15:42:50 | 000,001,067 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.20 15:40:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.06.20 15:40:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.27 05:22:25 | 000,000,059 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\GoodnightTimer.ini
[2012.05.25 08:39:05 | 000,652,006 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.05.25 08:39:05 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.05.25 08:39:05 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.05.25 08:39:04 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.05.25 08:39:04 | 000,129,674 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.23 13:37:36 | 000,019,458 | ---- | C] () -- C:\Users\Toshiba\Desktop\DecryptHelper-0.5.jar
[2012.04.13 17:30:04 | 000,001,225 | ---- | C] () -- C:\windows\eReg.dat
[2011.12.18 22:34:03 | 000,000,088 | ---- | C] () -- C:\windows\nfsc_patch.ini
[2011.10.09 04:10:28 | 000,000,059 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\GoodnightTimer.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011.09.21 01:02:28 | 000,003,584 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.05 03:29:32 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.08.03 02:07:25 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\SIntfNT.dll
[2011.08.03 02:07:25 | 000,017,212 | ---- | C] () -- C:\windows\SysWow64\SIntf32.dll
[2011.08.03 02:07:25 | 000,012,067 | ---- | C] () -- C:\windows\SysWow64\SIntf16.dll
[2011.08.03 01:52:27 | 000,041,072 | ---- | C] () -- C:\windows\DIIUnin.dat
[2011.06.05 02:12:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.27 06:34:50 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.12.23 16:56:13 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[1601.02.13 10:28:18 | 000,004,210 | ---- | C] () -- C:\Users\Toshiba\.recently-used.xbel
[1601.02.13 10:28:18 | 000,001,095 | ---- | C] () -- C:\Users\Toshiba\.DarwinRocks.def
[1601.02.13 10:28:18 | 000,000,085 | ---- | C] () -- C:\ProgramData\sadlyQpEjATTDDxG
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:527CEDF7AE1974DF

< End of report >
         
--- --- ---

Und Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 23.06.2012 14:23:00 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 71,05% Memory free
7,86 Gb Paging File | 6,95 Gb Available in Paging File | 88,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,10 Gb Total Space | 249,09 Gb Free Space | 54,73% Space Free | Partition Type: NTFS
 
Computer Name: TOSHIBA-TOSH | User Name: Toshiba | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{152B2F0A-8D98-4DB4-8BC0-80AFCD2BB0B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26ADC2F9-89EC-4E7F-B192-D53D86D108DA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28ECDBE2-46E1-4E4E-8BA2-837B8F053E64}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2D6E4D87-BF33-4177-AF9E-576F5F3ADF2D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{36415209-AE07-4421-AA9E-DCBA7C97D2EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4D461586-6EFB-46A5-858E-7039AA257B56}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5698D40C-4E77-4D92-A9A2-88B4886585F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5A706A0D-E96D-46F6-AE3E-32BAF21800BF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5B48EE07-63F4-4F2E-ACCB-46B1FEE06E1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DE062E3-A28C-404D-B7A1-6FA0FBC9398D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{6386245C-67FD-4A63-AFC1-DDDEE75B29D1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{735E9702-5B86-4977-AD91-5452502451A0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7A2EC5FC-5A59-4D34-834A-2093B3EBE8A7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7D5A483A-6C11-459B-8B5D-5E841D227CE2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7F7F5A50-56FD-41E2-9911-1295957C5545}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6ED5D9C-AF4E-4564-A8AC-0FD639202B23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C54AB0A5-B141-4976-B7A5-ED80AB546A18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C68F7096-C481-4E68-97E1-222717D70F32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D150004D-A86B-4E79-A114-BDE5357A7980}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D8FDBFAB-D393-45BB-8D81-DDEF3C12724B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DD6CF07E-2A4D-4905-9F80-47D23B999ED3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F2281205-BDB4-4C28-853C-FECC016E0514}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2E127CA-80E8-4274-93D9-9314D7216CA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3200C49-B63B-42E5-AEDE-C9EFB6251791}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F35062A8-B27F-42E1-8512-29A8079C81E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F48F926C-3077-41DE-9EA3-B2624B1247CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA866F12-D3FD-4C79-9320-EF8F19798156}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A232B8-277D-4E98-9C23-FB89DD00669C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{057AFBEC-A7E9-43A6-AD60-34495A678E46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{083F439E-D992-44E4-8666-2D49BF67F653}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{08E12CEF-DAA2-425D-9DF0-50916148D2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{0972862C-196F-4E8F-9B64-81E217E4BD7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0B52A548-510B-4F1E-958A-FEB01FC6CFC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{12DCF7DE-8919-4C41-B1A2-5503C2D4FEF2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{147C6676-76B9-4731-8341-E8CA7C72BFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{16292E9D-E139-4DA5-9491-9BFFDD74F231}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{1DB66669-04AE-46F5-9F70-4574A817E840}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1EFF75E1-3E04-4C45-962E-7D6AD532379A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{20C6EFE9-8167-4139-8CA5-030565A9A08A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{20F0E5C6-2BD5-4D45-A8B3-2C3FC68BBC0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{29826CC7-AC87-4EF2-8B65-CD556F1AE620}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{3177363D-B77D-4208-B16B-BE0C49B5758E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{32D5391C-FF95-4A79-8AE9-FA9B7AD8F23C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{32E9715A-B485-4E68-B095-AB4D99511EB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34E35D05-02EC-41C0-B16D-8D45AC57CFD1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{36FB3856-B650-4F20-A631-3227FA4E1C19}" = protocol=6 | dir=in | app=c:\users\toshiba\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3729E092-318E-4A91-836D-4CD5CA797E44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{38DBA4BB-5594-4AD7-B9F2-0F385619975E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DC843C9-BA9C-46BB-B1AF-868C9A6A26B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4060859D-811D-4EE9-B39F-8A6D3D7F1A94}" = protocol=6 | dir=in | app=f:\fritz\toshibackup\akte f\gamedata\jamp.exe | 
"{43069400-612F-4781-9E34-008F37F87EEA}" = protocol=17 | dir=in | app=f:\fritz\toshibackup\akte f\gamedata\jamp.exe | 
"{43B31420-0AC0-4E22-96A7-6AE85EEF4033}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C93840C-2DC7-4748-A019-CB385416C0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5550B1ED-2A1B-40A6-8B93-68ECDB4E249F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{584DBB4C-9267-4561-A5DC-80C0F6BC13C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{660A8700-8BDC-493B-8552-A7CC5729CF6D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{677BB3D4-DDA6-4318-9BE8-AF28E768A805}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6A2AB1CD-65FD-4870-84F4-6890065DC1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{74AC578E-13D7-4E0A-8C7B-75969286CD51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"{74E687C6-7848-4CD9-AC4F-6A57E4DAFD7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{76E4E4FD-51EC-4B18-8ECA-09F0617FAFD8}" = protocol=58 | dir=in | app=system | 
"{7717E1AC-C046-463D-851C-8F3751CDAF88}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{78D63955-EDC7-4895-A185-871EC0A76E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{790BAB9D-35D6-4B9E-BAE2-D1E0F876B35A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{8232C409-BA3D-4DA1-8C17-A02618CA0709}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{843B8D23-CFDC-4FB0-A8BC-EE43712163A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{850DD409-EEE5-402A-86EC-584EC91B33CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{87DE409F-89B5-482B-B9DD-A29EFED0AB50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{8BA498C5-82E1-4F47-BF52-E873EB2764CE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{8BB4FD6F-F716-4C6F-9CAF-09C87D94408C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{8F2465A6-EC01-4F8C-99ED-D20827CC5BBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8FD84315-D387-4547-BBA4-C7529A0563F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{91221832-5C5A-471D-8824-A023BD35F9D5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{935A1AAF-E600-4FF5-981B-29DCD42E4FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | 
"{955746F1-A10B-482E-9955-F48FCEDDF5DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97DD48DF-9A54-4C5D-82BC-762AC8EC45CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9E0D58C6-9B02-4E73-BF61-DE0FB53FE11A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A226D7D3-9FD1-4EC5-974F-F0CB80421392}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A28DDBC2-AFD0-4B06-A88F-F4B2592954AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{A2AC950F-1EE9-4D46-ACD7-D4CE0086D9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{A4B55D43-CC73-47D2-9663-012F90005E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{AB102D4D-A440-4A6F-9ACC-A5E7B35B6B65}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{AB806B66-ED90-475B-BFCA-A4190402CDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AE2C4727-7772-4A73-B1DE-C28938D4726B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe | 
"{AE98E3E1-FC04-4526-9836-2E2396732A67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{B1396589-A622-4CA3-A5B5-E48A6DA9A48F}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{B6AA0335-345A-4A08-BB38-F2AA39AE4570}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B71B549A-3E83-442F-BFA0-5EC91C6C380D}" = protocol=6 | dir=out | app=system | 
"{B93A6A0A-ADAF-443B-A730-D55A725E296A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B984D97D-50BF-4D10-96DF-9528406AB4F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB64C5E6-A0AB-4007-9CD3-EF2DB617D7B2}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{BB67399E-C47A-4ADF-924F-0300CD0D0B13}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BC3F2915-2740-4DC3-8BDD-136E076D61EF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{BCC33F9E-7F5C-4F24-8B6B-520B67DB6FF9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{BF03CA9F-44FA-45F5-B008-A7892F06533B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"{C0A7E084-06A5-4A18-8E01-ED67A6D75BB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C2444FE3-9906-42DC-BCF8-336E37E6CC4D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA6AF00D-99CF-4679-95AF-5B2F1466BA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | 
"{CCF2C459-C2BD-4679-8D71-C2D763AD34C4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{CE11DDC9-CE3C-492B-A7C4-15F214D0C025}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CFE34FC9-873C-4340-83BD-CBFE717BF8DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D049A301-93FE-404E-BBA5-0A9C8E81A1B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DEDE7DBA-32F8-4DFE-98D8-E173572D339F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA8347AF-5060-4972-A554-C6057F9824DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{EC4D73F9-AD22-42B2-BF48-F03370882E8E}" = protocol=17 | dir=in | app=c:\users\toshiba\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F6748ED5-A71B-4D75-B242-99C13B31CA7D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{F772ED87-AD7C-4690-8595-340BB82C4039}" = protocol=6 | dir=in | app=c:\users\toshiba\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FE7B325D-0B4C-4AC2-B1E3-9A751634A297}" = protocol=17 | dir=in | app=c:\users\toshiba\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FE95928B-B5E7-4ED0-9BEA-FD3DA6DE4648}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{0093C758-411C-43B4-B94D-1AE99EA1D158}F:\fritz\toshibackup\akte f\gamedata\jamp.exe" = protocol=6 | dir=in | app=f:\fritz\toshibackup\akte f\gamedata\jamp.exe | 
"TCP Query User{021D6F2D-2D18-43E7-9718-5F5FDD2E626B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{0B666AAC-C86E-488B-9D36-75741F5FC0E8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{19D258FF-E34D-4A99-A7EC-67D470D78683}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{502D1A07-7D1C-4ACF-A840-B4CC61916DF0}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{6FA8C31E-EDAB-4AC1-8BE2-E18FA25A679D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{75239E64-6A9D-4425-9F4C-C97A43473997}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{76FF757A-2AF8-4968-8E82-4B9E20640BDB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{779AE5BB-38E7-4B96-8423-BAAD4CBAA04D}C:\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\downloads\mtgoiii_helper.exe | 
"TCP Query User{96769B48-87A3-40DA-8FF2-F42DE86F919D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B0E07B6F-52B7-4171-ABD3-2DBD530A3E8E}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{B30F9C20-3699-43A5-89EC-FFC160FAF9A3}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"TCP Query User{C2CC7687-C38A-4969-9E47-FB63678BF4ED}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{C34DE4BC-AE2B-4EBD-8877-FEAEBA0F0AF9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D59916C4-7336-4BA6-ADED-B70034B9260D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{F5508442-0DE6-4881-ADED-C452EA016CF9}C:\program files (x86)\wizards of the coast llc\magic the gathering dotp 2012\magic_2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wizards of the coast llc\magic the gathering dotp 2012\magic_2012.exe | 
"TCP Query User{F9C0169E-7F4D-4E7F-9EE6-187C60726D0C}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{1C5D39F3-CE03-4302-A135-DA6AB52E10B2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{1E7A94DC-6624-47C4-B6C3-C530BDE3E9E9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{22D8E80E-016F-4821-B249-D0BDB09FCE1A}F:\fritz\toshibackup\akte f\gamedata\jamp.exe" = protocol=17 | dir=in | app=f:\fritz\toshibackup\akte f\gamedata\jamp.exe | 
"UDP Query User{233699DD-E6F3-4C72-8823-13687C5864AC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{4D372617-F0E9-46DA-8418-755C9FB92A44}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{5104DC5B-C246-4BAE-99CC-0A69F9C3FEEA}C:\program files (x86)\wizards of the coast llc\magic the gathering dotp 2012\magic_2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wizards of the coast llc\magic the gathering dotp 2012\magic_2012.exe | 
"UDP Query User{57D451A5-C33F-45B0-A4CD-64C042E6F88F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{58AAB8A5-0E2F-48B3-9B97-AA4C1D569B4D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{862BD0C0-ADC3-4E92-AEC0-C14F26281202}C:\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\downloads\mtgoiii_helper.exe | 
"UDP Query User{94FD9C6F-5C46-4F6B-956E-858E87DC1E16}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"UDP Query User{986761A4-ECF3-4CCA-A196-8FAF995231F1}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{9E25A467-1B18-4E7E-9CF8-D14E4BA7FE62}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9FFF47D2-9D85-42EC-AE71-264DAB559F73}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{AE478EDD-DD5B-40AB-BA15-2B19D80E9F8B}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{C24CB79F-D37B-428D-87FA-F5677FAEE7A0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{D56A470B-7733-4BF6-A5DF-D0C02FF445B6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{FF65EE2E-EFF0-48D5-87B1-5BBC8FBA157F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{477FE2C1-1F93-4CC1-B695-5E912A91E666}" = jAlbum
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = Die Sims - Hokus Pokus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A919AABD-61FA-4E16-0000-26966C3D2481}" = GameJack 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F33DF3CA-8107-41E4-A024-4F238B1C62E7}" = Wie man's spricht Demoversion
"{F77685F4-49DC-4B8E-B41F-F399FE2787C7}_is1" = particleIllusion 3.0.4
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1190-3857-8766-9166" = PersonalBrain 6
"3DSexVilla2-099.001" = thriXXX 3DSexVilla2-099.001
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Anki" = Anki
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced 9.25
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"Diablo III Beta" = Diablo III Beta
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.0
"FormatFactory" = FormatFactory 2.60
"Goodnight Timer_is1" = Goodnight Timer 1.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic The Gathering - Duels of the Planeswalkers 2012_is1" = Magic The Gathering - Duels of the Planeswalkers 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Messenger Plus!" = Messenger Plus! 5
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA.Updatus" = NVIDIA Updatus
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"Orbit_is1" = Orbit Downloader
"Plasma Pong_is1" = Plasma Pong v1.3b
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"Postal 2_is1" = Portal 2
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 201210" = PoxNora
"Steam App 22000" = World of Goo
"Steam App 29180" = Osmos
"Steam App 38740" = EDGE
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 91200" = Anomaly Warzone Earth
"TagScanner_is1" = TagScanner 5.1.611
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DarwinRocks" = DarwinRocks
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
"MiKTeX 2.9" = MiKTeX 2.9
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.10.2011 13:03:18 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 13:03:18 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 13:33:27 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 13:33:27 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 13:33:27 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 13:33:27 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 14:05:47 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 14:05:47 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 14:05:47 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
Error - 10.10.2011 14:05:47 | Computer Name = Toshiba-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: Die Daten sind unzulässig.  .
 
[ OSession Events ]
Error - 16.07.2011 16:14:23 | Computer Name = Toshiba-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 1659
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.05.2012 13:59:50 | Computer Name = Toshiba-TOSH | Source = DCOM | ID = 10016
Description = 
 
Error - 08.05.2012 14:15:50 | Computer Name = Toshiba-TOSH | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:34:40 on ?07.?05.?2012 was unexpected.
 
Error - 08.05.2012 14:15:51 | Computer Name = TOSHIBA-TOSH | Source = BugCheck | ID = 1001
Description = 
 
Error - 08.05.2012 14:17:09 | Computer Name = Toshiba-TOSH | Source = DCOM | ID = 10016
Description = 
 
Error - 08.05.2012 14:17:19 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Media Player Network Sharing Service service to connect.
 
Error - 08.05.2012 14:17:19 | Computer Name = Toshiba-TOSH | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
 start due to the following error:   %%1053
 
Error - 08.05.2012 15:12:09 | Computer Name = Toshiba-TOSH | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:10:30 on ?08.?05.?2012 was unexpected.
 
Error - 09.05.2012 10:05:28 | Computer Name = Toshiba-TOSH | Source = DCOM | ID = 10016
Description = 
 
Error - 11.05.2012 04:25:31 | Computer Name = Toshiba-TOSH | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:49:37 on ?10.?05.?2012 was unexpected.
 
Error - 11.05.2012 04:26:50 | Computer Name = Toshiba-TOSH | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
__________________


Alt 28.06.2012, 11:47   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
__________________

Alt 29.06.2012, 08:08   #4
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Danke für die Antwort.

Hier ist der Malwarebytes-Vollscan. Nicht viel mehr als der erste.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.08

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Toshiba :: TOSHIBA-TOSH [Administrator]

28.06.2012 17:47:14
mbam-log-2012-06-28 (17-47-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 658107
Laufzeit: 1 Stunde(n), 43 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Toshiba\AppData\Roaming\Fffiw\urrtvftkyj.exe (Trojan.Ransom.AMNGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\fff-ea97.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\Adobe Photoshop CS5 Extended v12.0 Multilanguage - TIw\keygen.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\Microsoft Windows XP Professional [Deutsch, SP3 Integrated, Juli 2008]\HackedEdition\HackedEdition_Main.bmp (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\Microsoft.Office.2010.VL.Edition-ZWTiSO\activator\activator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und hier noch der ESET-Scan.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2097f0d44faa0d489f23cd88c75c13b0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 07:37:13
# local_time=2012-06-28 09:37:13 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775146 100 94 537251 77435225 691532 0
# compatibility_mode=5893 16776573 100 94 1052882 92528254 0 0
# compatibility_mode=8192 67108863 100 0 142 142 0 0
# scanned=422427
# found=14
# cleaned=0
# scan_time=13828
C:\$Recycle.Bin\S-1-5-21-3237340785-2373809859-641640779-1001\$RAS8PR0.exe	a variant of Win32/SoftonicDownloader.D application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Toshiba\AppData\Local\Temp\V.class	Java/Agent.EQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Toshiba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c34ce27-65236215	Java/Exploit.CVE-2012-0507.BW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Toshiba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4e2fce68-2a00fbb1	Java/Agent.DJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Toshiba\AppData\Roaming\Fffiw\urrtvftkyj.exe	a variant of Win32/Injector.TDX trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\1ef0ff47.msi	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
F:\fritz\software\Programme\arrkanoid.rar	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\fritz\software\Programme\Microsoft.Office.2010.VL.Edition-ZWTiSO\activator.rar	a variant of Win32/HackKMS.A application (unable to clean)	00000000000000000000000000000000	I
F:\fritz\software\Programme\Microsoft.Office.2010.VL.Edition-ZWTiSO\activator\activator.exe	a variant of Win32/HackKMS.A application (unable to clean)	00000000000000000000000000000000	I
F:\fritz\Spiele\POSTAL2\SONSTIGES\POSTAL 2\Postal 2 Weekend\postal2aw_eu-version.iso	probably a variant of Win32/Agent.FJVYVQQ trojan (unable to clean)	00000000000000000000000000000000	I
         

Vielen Dank für deine Hilfe!

Alt 29.06.2012, 11:45   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Code:
ATTFilter
F:\fritz\software\Programme\fff-ea97.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\Adobe Photoshop CS5 Extended v12.0 Multilanguage - TIw\keygen.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\Microsoft Windows XP Professional [Deutsch, SP3 Integrated, Juli 2008]\HackedEdition\HackedEdition_Main.bmp (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\fritz\software\Programme\Microsoft.Office.2010.VL.Edition-ZWTiSO\activator\activator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.06.2012, 13:49   #6
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Entschuldigung, das war mir nicht bewusst.
Bedeutet das jetzt, dass ich hier nie wieder Hilfe bekomme?

Alt 01.07.2012, 15:51   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Nein stand da was zu?
Du bekommst jetzt hier keine Hilfe mehr bei der Bereinigung, Fragen zur Datensicherung und Neuinstallation werden aber beantwortet

Zukünftige Fälle sind wieder neue Geschichten, falls da was ist hilft man sicherlich, aber jetzt musst du neu installieren
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.07.2012, 18:51   #8
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Bin grad dabei, alles fürs Neuaufsetzen vorzubereiten, sprich Datensicherung. Ist es dabei sinnvoll, die verschlüsselten Dateien aufzuheben, falls irgendwann in Zukunft mal eine Möglichkeit zum Entschlüsseln gefunden wird?

Und ganz nebenbei: Zur Datensicherung wird Parted Magic empfohlen. Spricht irgendwas dagegen, die Dateien stattdessen wie üblich im Explorer zu managen?

Alt 03.07.2012, 11:54   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Zitat:
Und ganz nebenbei: Zur Datensicherung wird Parted Magic empfohlen. Spricht irgendwas dagegen, die Dateien stattdessen wie üblich im Explorer zu managen?
Oder ein anderes sauberes Live-System, Bgeründung wurde dazu auch gepostet warum man die Datensicherung optimalerweise darüber macht und nicht über ein versifftes Windows
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2012, 15:26   #10
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Verstehe. Hab da aber leider keine direkte Begründung gefunden (außer, dass man es nimmt, wenn Windows nicht bootet). Sonst hätte ich nicht gefragt.

Ich nehme an, es schadet nichts, einige wichtige verschlüsselte Dateien aufzuheben. Oder besteht dabei die Gefahr, dass ich den Trojaner "mit sichere"?

Alt 03.07.2012, 16:08   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Meinst du nicht "meine" Anleitung?


Also diese hier

Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist



4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.07.2012, 09:53   #12
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Nein, die meinte ich nicht. Ich habe irgendeine andere gelesen. Wie auch immer. Danke dafür.

Parted läuft, aber leider kann meine externe Festplatte nicht gemountet werden, auf der ich die Dateien sichern möchte.

Code:
ATTFilter
Failed to read last sector (2930275119): Invalid argument
HINTS: Either the volume is a RAID/LDM but it wasn't setup yet,
   or it was not setup correctly (e.g. by not using mdadm --build ...),
   or a wrong device is tried to be mounted,
   or the partition table is corrupt (partition is smaller than NTFS),
   or the NTFS boot sector is corrupt (NTFS size is not valid).
Failed to mount '/dev/sdb1': Invalid argument
The device '/dev/sdb1' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?
         
Dazu kann ich nur sagen, dass es sich nicht um ein RAID-System handelt. Was könnte ich da tun?

Alt 04.07.2012, 13:36   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Code:
ATTFilter
The device '/dev/sdb1' doesn't seem to have a valid NTFS.
         
Linux mag wohl das NTFS nicht lesen, weil das Dateisystem möglichweise fehlerhaft ist
Kann die Platte von einem anderen Rechner mit sauberem Windows gelesen werden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 10:12   #14
Niskat
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Ja, lesen funktioniert und schreiben auch.

Alt 05.07.2012, 11:41   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Standard

Verschlüsselungstrojaner - Dateinamen vollständig erhalten



Dann mach mal eine Datenträgerüberprüfung unter Windows auf diese externe Platte - mittels chkdsk x: /f /v

x steht für den Laufwerksbuchstaben der ext. Platte

Ich kenn solche bzw. ähnliche Fehler unter Linux nur wenn man zB Window snicht sauber runtergefahren oder eine ext. Platte einfach so abgesteckt hat ohne die Hardware sicher zu entfernen über das Symbol bei der Uhr

Linux meckert dann, dass die NTFS-Partitionen dann als "dirty" markiert sind und mann kann sie wenn überhaupt nur noch readonly mounten

Probier evtl. auch mal Xubuntu statt PartedMagic aus für die Datenrettung
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Verschlüsselungstrojaner - Dateinamen vollständig erhalten
administrator, anti-malware, appdata, arbeitet, autostart, code, datei, dateien, dateisystem, entfernen, explorer, externe festplatte, festgestellt, festplatte, folge, heuristiks/extra, heuristiks/shuriken, infektion, infiziert., infizierte, malwarebytes, nicht mehr, nicht mehr öffnen, nicht sicher, rechner, recycle.bin, roaming, schließen, systemwiederherstellung, tan, trojan.ransom.amngen, windows, windows verschlüsselungstrojaner, öffnen




Ähnliche Themen: Verschlüsselungstrojaner - Dateinamen vollständig erhalten


  1. Endungen an den Dateinamen
    Alles rund um Windows - 31.01.2014 (4)
  2. BKA Trojaner verschlüsselte Dateinamen, wiederherstellbar?
    Log-Analyse und Auswertung - 06.01.2014 (9)
  3. Cybercrime unit Belgien Verschlüsselungstrojaner: wie Computer vollständig reinigen?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (5)
  4. BKA-Trojaner - nur Dateinamen verschluesselt
    Log-Analyse und Auswertung - 21.09.2012 (7)
  5. bilder mit komischen dateinamen
    Log-Analyse und Auswertung - 19.09.2012 (1)
  6. Verschlüsselungstrojaner TR/Matsnu.EB.24 per Email erhalten + 3 Erkennungsmuster Exploits EXP/JAVA.N
    Log-Analyse und Auswertung - 16.07.2012 (11)
  7. Dateiformat und Dateiname vollständig geändert nach Verschlüsselungstrojaner.
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  8. Windows XP Pro, Verschlüsselungstrojaner, Windows fährt nicht vollständig hoch
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (1)
  9. Verschlüsselungstrojaner - Entschlüsseln (zufallsgenerierte Dateinamen)
    Log-Analyse und Auswertung - 21.06.2012 (1)
  10. Verschlüsselungstrojaner mit unveränderten Dateinamen.
    Log-Analyse und Auswertung - 03.06.2012 (5)
  11. Verschlüsselungstrojaner - ohne "locked" - im Dateinamen
    Log-Analyse und Auswertung - 24.05.2012 (2)
  12. Verschlüsselungstrojaner normale Dateinamen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (3)
  13. Verschlüsselungstrojaner per email erhalten
    Log-Analyse und Auswertung - 27.04.2012 (7)
  14. Alle Dateinamen geändert
    Plagegeister aller Art und deren Bekämpfung - 31.01.2010 (2)
  15. Malware die ständig den Dateinamen ändert
    Log-Analyse und Auswertung - 21.07.2006 (1)
  16. Dateinamen der Windowsanwendungen
    Alles rund um Windows - 28.04.2005 (2)
  17. Netsky_P und seine Dateinamen...
    Plagegeister aller Art und deren Bekämpfung - 27.03.2004 (3)

Zum Thema Verschlüsselungstrojaner - Dateinamen vollständig erhalten - Hallo, ich habe mir heute den Verschlüsselungstrojaner eingefangen, der einen mit der Nachricht "Sie haben sich mit einem Windows Verschlüsselungstrojaner infiziert." begrüßt. Mittlerweile habe ich schon einige Threads überflogen. Überall - Verschlüsselungstrojaner - Dateinamen vollständig erhalten...
Archiv
Du betrachtest: Verschlüsselungstrojaner - Dateinamen vollständig erhalten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.