Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein PC hat prefill Trojaner und ich kriegs nicht weg -

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.07.2012, 15:01   #1
Leoni123
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



Hallo, ich bin am Verzweifeln. Jetz sind bereits meine Loginsachen fürs Onlinebanking gesperrt, weil mein PC angeblich einen Trojaner haben soll der prefill heisst. Kennt sich damit jemand aus? Wie bekomme ich den weg? Mein Virenprogramm findet ihn nicht und ich bin hier am Rotieren. Der Laptop ist gleichzeitig auch mein Laptop für meine Arbeit, ich dreh sowas von am Rad. Ich hab keine Ahnung von PCs und Laptops bitte bitte helft einer kleinen Frau!

Alt 03.07.2012, 15:12   #2
markusg
/// Malware-holic
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



hi,
1. ist das das einzige gerät von dem du onlinebanking machst?
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.07.2012, 18:33   #3
Leoni123
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



Hallo danke, aber OTL lässt sich nicht herunterladen, der Link ist irgendwie defekt.
__________________

Alt 03.07.2012, 19:29   #4
markusg
/// Malware-holic
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



hi da sind 2 links, beide probiert?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.07.2012, 20:27   #5
Leoni123
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



ich kann nur das OTL direkt anklicken, aber da komm ich nicht weiter, kann ich das Programm, falls es denn eines ist, auch woanders herunterladen?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.07.2012 21:42:00 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Leoni\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 41,52% Memory free
5,49 Gb Paging File | 2,28 Gb Available in Paging File | 41,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 83,20 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 141,62 Gb Free Space | 95,12% Space Free | Partition Type: NTFS
 
Computer Name: LEONI-TOSH | User Name: Leoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.03 21:40:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Leoni\Desktop\OTL.exe
PRC - [2012.05.12 10:26:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.12 10:25:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.12 10:25:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.15 11:00:54 | 000,357,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2012.03.01 14:45:29 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.03.22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.09 02:23:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010.02.22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.12.03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 23:58:19 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.15 23:57:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.15 23:57:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.12 11:31:28 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\1435db5dea878f59191dc112a40e2185\CustomMarshalers.ni.dll
MOD - [2012.05.12 10:18:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012.05.12 10:16:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b5b9223f5e18a1089a4fe3a896909d9d\System.Xml.ni.dll
MOD - [2012.05.12 10:16:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.12 10:16:46 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.12 10:16:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.03.15 11:00:54 | 000,357,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2012.01.11 08:40:08 | 009,843,600 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010.11.11 11:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010.09.09 23:02:12 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.07.13 15:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010.07.05 11:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010.06.24 03:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010.06.02 07:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010.06.02 04:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010.06.02 04:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010.06.02 04:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010.06.02 04:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
MOD - [2010.05.17 02:19:02 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 23:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.15 09:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.12 10:26:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.12 10:25:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.11 02:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.12 10:26:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.12 10:26:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.03.15 10:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.15 09:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.04 17:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.11.06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 09:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.04.24 15:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{3CB60794-4047-4975-AE6D-F86CE64545EB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Analysis of program downloads scanned for viruses and spyware.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f89bb8630000000000000626b6e25993&tlver=1.4.19.19&affID=17160
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {ba23315d-608c-4984-b402-3438dcfc5b82} - SOFTWARE\Classes\CLSID\{ba23315d-608c-4984-b402-3438dcfc5b82}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{53BBFBCA-2633-4E31-9D00-283594D3B684}: "URL" = Analysis of program downloads scanned for viruses and spyware.
IE - HKLM\..\SearchScopes\{5D1932BA-65C0-4D70-8F7E-6F015B127C7F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{BB459A59-A1D8-42A3-8010-62BA196828BE}: "URL" = Analysis of program downloads scanned for viruses and spyware.
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110614201050024&tb_oid=14-06-2011&tb_mrud=14-06-2011
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Toshiba | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {ba23315d-608c-4984-b402-3438dcfc5b82} - SOFTWARE\Classes\CLSID\{ba23315d-608c-4984-b402-3438dcfc5b82}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=310311_olt&babsrc=SP_ss&mntrId=f89bb8630000000000000626b6e25993
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f89bb8630000000000000626b6e25993&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{47A6FC62-F56B-4AE1-B957-B8584A37A85D}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{53BBFBCA-2633-4E31-9D00-283594D3B684}: "URL" = Analysis of program downloads scanned for viruses and spyware.
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE401
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{BB459A59-A1D8-42A3-8010-62BA196828BE}: "URL" = Analysis of program downloads scanned for viruses and spyware.
IE - HKCU\..\SearchScopes\{D4944A9B-0F0B-428D-A6D7-2765255B3E0E}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{E960B608-BFF8-42F8-8F3D-2D30FEC351CB}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=irtest1&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110614201050024&tb_oid=14-06-2011&tb_mrud=14-06-2011
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.ftp: "94.102.153.147"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.http: "109.123.126.253"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "94.102.153.147"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "94.102.153.147"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..browser.startup.homepage: "hxxp://start.funmoods.com/?f=1&a=irtest1"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.defaultenginename: "Search"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Leoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Leoni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.05.15 14:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leoni\AppData\Roaming\mozilla\Extensions
[2012.07.03 15:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leoni\AppData\Roaming\mozilla\Firefox\Profiles\c6ogcy40.default\extensions
[2012.03.27 11:19:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Leoni\AppData\Roaming\mozilla\Firefox\Profiles\c6ogcy40.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.03 15:02:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Leoni\AppData\Roaming\mozilla\Firefox\Profiles\c6ogcy40.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.15 14:51:38 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Leoni\AppData\Roaming\mozilla\Firefox\Profiles\c6ogcy40.default\extensions\crossriderapp2258@crossrider.com
[2012.05.15 14:49:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Leoni\AppData\Roaming\mozilla\Firefox\Profiles\c6ogcy40.default\extensions\ffxtlbr@babylon.com
[2012.05.15 14:51:28 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Leoni\AppData\Roaming\mozilla\Firefox\Profiles\c6ogcy40.default\extensions\ffxtlbr@funmoods.com
[2012.05.15 15:08:00 | 000,001,801 | ---- | M] () -- C:\Users\Leoni\AppData\Roaming\Mozilla\Firefox\Profiles\c6ogcy40.default\searchplugins\funmoods.xml
[2012.05.08 16:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.13 09:46:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012.05.02 07:51:49 | 000,181,438 | ---- | M] () (No name found) -- C:\USERS\LEONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C6OGCY40.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.06.10 16:41:53 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\Leoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Users\Leoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Leoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: No name found = C:\Users\Leoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.0.1.4_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Leoni\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll (Media Finder)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Abacho Toolbar) - {ba23315d-608c-4984-b402-3438dcfc5b82} - C:\Program Files (x86)\Abacho\prxtbAbac.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll File not found
O3 - HKLM\..\Toolbar: (Abacho Toolbar) - {ba23315d-608c-4984-b402-3438dcfc5b82} - C:\Program Files (x86)\Abacho\prxtbAbac.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Abacho Toolbar) - {BA23315D-608C-4984-B402-3438DCFC5B82} - C:\Program Files (x86)\Abacho\prxtbAbac.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe File not found
O4 - HKCU..\Run: [Eqecepduhy] C:\Users\Leoni\AppData\Roaming\Dizeu\uwnu.exe File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [UpgradeChecker] C:\Users\Leoni\AppData\Roaming\TeamViewer\{86D286FF-F81A-4B29-AD53-2EE7EF33662E}\UpgradeChecker.exe File not found
O4 - Startup: C:\Users\Leoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.901883919597903567f76.exe.lnk =  File not found
O4 - Startup: C:\Users\Leoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Leoni\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Leoni\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://webcam.fantasy.de/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4020D08F-280B-4B31-822E-17CADC81CCEE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{707FCC3C-5207-482D-BBCA-56DADAD272CA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15f64c6e-dda7-11df-bd3d-00266c64acd3}\Shell - "" = AutoRun
O33 - MountPoints2\{15f64c6e-dda7-11df-bd3d-00266c64acd3}\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.03 21:40:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Leoni\Desktop\OTL.exe
[2012.07.03 21:12:05 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{EF4DC79E-FE5B-4FF9-8B21-77C56D4088EE}
[2012.07.03 21:11:42 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{C69514F3-A74F-4508-98BE-3158E06E8C41}
[2012.07.03 15:02:44 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.03 15:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.03 15:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.07.03 15:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.07.03 08:32:15 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{A1AC9BD0-2FC9-41DF-8B6E-2ED87FB4F019}
[2012.07.03 08:32:01 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{55CBEBF5-6DD3-4F39-966C-89D38C0319E9}
[2012.07.02 08:47:47 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{21BFC443-8C9B-4CBE-AE65-0F6BA8642830}
[2012.07.02 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{C19B3878-E3CD-411B-85BE-347491AA4435}
[2012.06.29 07:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.06.29 07:48:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.29 07:46:53 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{53B54F75-3DE5-4981-A4B0-8F5EB8C9667F}
[2012.06.29 07:46:27 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{F6455C75-30DA-4153-8DC5-F3D3D4A3CA2F}
[2012.06.28 12:55:21 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.06.27 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{18FA1689-9330-4B49-A01A-63497F2BDB0C}
[2012.06.27 22:49:40 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{881304A6-17AC-418E-8767-2F46031371E7}
[2012.06.27 16:13:27 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.06.27 08:19:31 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{61E2A46F-0DEB-4FDA-B6BB-B649BC70B6D3}
[2012.06.27 08:19:14 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{555228C9-D20F-466A-A89F-E56402F6C354}
[2012.06.26 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{3DAFD8D7-97D8-4177-B7F9-2BBA95A09699}
[2012.06.26 20:18:19 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{96193FF1-F12F-44D6-AF96-2729E6EDF651}
[2012.06.26 08:14:24 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{62FE9B2E-DA83-499C-8B2B-AD38097DBFE0}
[2012.06.26 08:14:00 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{64D33257-1B98-4146-92C0-06D7E8C401D6}
[2012.06.25 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{DA25765C-116F-4058-A065-FCD8BF483D4E}
[2012.06.25 20:13:19 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{6B510322-11BC-49B2-8759-A9B90453ED3D}
[2012.06.25 08:13:03 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{7A5E3C5C-ECEB-4962-AE2C-E9F91A133569}
[2012.06.25 08:12:48 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{CBC4C6CA-4E83-4F62-BC02-F8265D6E0D02}
[2012.06.24 10:05:45 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{6325D3CC-3216-41A5-895E-A5278B6E03BE}
[2012.06.24 10:05:20 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{F8B0D2BC-2210-46C7-9B32-FF204C5DF5C0}
[2012.06.23 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{9C418832-D861-4DBD-B1FA-9BC730916C1B}
[2012.06.23 22:04:42 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{2304BE2E-B251-4981-A4B6-989A425FAD4C}
[2012.06.23 10:14:40 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\cache
[2012.06.23 10:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
[2012.06.23 10:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VTech
[2012.06.23 10:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTech
[2012.06.23 10:04:26 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{9FCDE489-6464-4FF0-A060-2BDB01409B06}
[2012.06.23 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{95225E88-0976-4843-B2AD-8A247541796A}
[2012.06.22 22:03:33 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{2722DC28-9F33-4770-9911-D9A89D0AEC3F}
[2012.06.22 22:03:10 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{E4A2C088-1D18-4C2F-87E4-A85B425B6FD9}
[2012.06.22 10:02:56 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{B2644DD1-CCE6-41E5-9107-EA4854C5A4CE}
[2012.06.22 10:02:34 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{723B1C1F-03AB-4E28-A2A5-076DED804C29}
[2012.06.21 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{864A7CEA-D451-4F49-8AE8-1FBA6C2702BC}
[2012.06.21 21:37:14 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{01B3E58A-B4E8-4194-B09A-BC688E05324A}
[2012.06.21 09:13:01 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{52DDB737-B2DC-4A01-92D1-6EE7A364C0EA}
[2012.06.21 09:12:38 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{FE2C5397-1161-4F54-B3E0-EFC9DA46800D}
[2012.06.20 20:31:02 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{CC00B3BA-C57C-4042-AAA7-A002CB000CC2}
[2012.06.20 20:30:40 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{86EFDA6C-9B26-4044-A042-34292CCEA07A}
[2012.06.20 08:18:28 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{48C8C10E-035E-498E-91E8-2B5F63B49C5F}
[2012.06.20 08:18:06 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{6F3A8E0C-1CAA-4819-B10C-D6EC1E8C81A2}
[2012.06.19 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Roaming\Ohcoza
[2012.06.19 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Roaming\Ofytu
[2012.06.19 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Roaming\Dizeu
[2012.06.19 20:14:42 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{4C376FA7-61A9-4C0B-A0FD-375E60581A17}
[2012.06.19 20:14:05 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{0341221F-E41F-4B54-A621-321A1FEC18CC}
[2012.06.19 08:12:59 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{266912C0-8930-4372-B7F5-3910A329670F}
[2012.06.19 08:12:09 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{C169D9CB-C3AC-4854-9288-C3E412DF2E7A}
[2012.06.19 08:11:13 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{3033A4DE-C486-4B7D-A89A-9E17A704FE00}
[2012.06.18 20:03:01 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{BCA844D3-FE38-4EBD-AB52-656ADE585658}
[2012.06.18 10:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.18 10:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2012.06.17 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Leoni\AppData\Local\{89F99544-AA45-4E15-B54E-9AB908C87F53}
[2012.06.16 00:16:35 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.16 00:15:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.06.16 00:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.06.12 13:22:27 | 000,000,000 | ---D | C] -- C:\Windows\massfilter
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.03 21:57:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.03 21:40:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Leoni\Desktop\OTL.exe
[2012.07.03 21:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1739324076-2065413398-3539169838-1000UA.job
[2012.07.03 21:11:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 18:13:37 | 000,797,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 18:13:37 | 000,669,192 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 18:13:37 | 000,134,976 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 18:13:37 | 000,004,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 18:13:37 | 000,004,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.03 14:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1739324076-2065413398-3539169838-1000Core.job
[2012.07.03 08:57:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.02 08:46:25 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 08:46:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 08:36:45 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 07:50:42 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.28 09:57:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_0_00_re.pad
[2012.06.27 22:58:44 | 000,002,033 | ---- | M] () -- C:\Users\Leoni\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.06.27 22:58:44 | 000,001,962 | ---- | M] () -- C:\Users\Leoni\Desktop\Avira DE-Cleaner.lnk
[2012.06.27 16:15:11 | 000,003,488 | ---- | M] () -- C:\bootsqm.dat
[2012.06.27 14:48:04 | 000,001,894 | ---- | M] () -- C:\Users\Leoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.23 10:32:22 | 000,000,580 | ---- | M] () -- C:\Users\Leoni\AppData\Local\cookies.ini
[2012.06.23 10:14:15 | 000,001,176 | ---- | M] () -- C:\Users\Leoni\Desktop\VTech Download Manager.lnk
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.06.19 08:07:38 | 000,386,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.15 15:51:53 | 000,018,413 | ---- | M] () -- C:\Users\Leoni\Documents\Tabelle%20Juni%20Beiträge%20E-Zigarette%202012.ods_0.ods
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.29 07:49:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.06.29 07:49:15 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.06.27 22:58:44 | 000,002,033 | ---- | C] () -- C:\Users\Leoni\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.06.27 22:58:44 | 000,001,962 | ---- | C] () -- C:\Users\Leoni\Desktop\Avira DE-Cleaner.lnk
[2012.06.27 16:15:11 | 000,003,488 | ---- | C] () -- C:\bootsqm.dat
[2012.06.27 14:48:04 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad
[2012.06.27 14:48:04 | 000,001,894 | ---- | C] () -- C:\Users\Leoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.23 10:14:47 | 000,000,580 | ---- | C] () -- C:\Users\Leoni\AppData\Local\cookies.ini
[2012.06.23 10:14:15 | 000,001,176 | ---- | C] () -- C:\Users\Leoni\Desktop\VTech Download Manager.lnk
[2012.06.16 00:14:47 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.06.16 00:13:56 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.06.16 00:12:56 | 000,001,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.06.16 00:11:51 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.06.15 23:57:37 | 000,018,413 | ---- | C] () -- C:\Users\Leoni\Documents\Tabelle%20Juni%20Beiträge%20E-Zigarette%202012.ods_0.ods
[2012.05.06 12:28:02 | 000,182,264 | ---- | C] () -- C:\Windows\SysWow64\BpShellEx.dll
[2012.01.20 12:34:28 | 000,003,584 | ---- | C] () -- C:\Users\Leoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.08 11:55:41 | 025,312,176 | ---- | C] () -- C:\Users\Leoni\sam2f.exe
[2011.07.08 11:55:41 | 009,984,927 | ---- | C] () -- C:\Users\Leoni\sambc-retail.exe
[2011.07.08 11:55:41 | 000,004,905 | ---- | C] () -- C:\Users\Leoni\Mic Headset01.agc
[2011.07.08 11:55:41 | 000,004,820 | ---- | C] () -- C:\Users\Leoni\HansyDJ2.agc
[2011.07.08 11:55:41 | 000,000,698 | ---- | C] () -- C:\Users\Leoni\AutoOnAir.pal
[2011.04.27 18:48:23 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.04.12 11:11:01 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\SX32W.DLL
[2011.03.16 16:14:54 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.09.09 23:58:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.09 23:37:42 | 000,000,000 | ---- | C] () -- C:\Users\Leoni\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2010.12.12 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\AnvSoft
[2012.05.15 14:50:18 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\BabylonToolbar
[2012.05.06 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Buhl Data Service
[2012.05.08 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Buhl Data Service GmbH
[2012.07.02 08:56:12 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Dizeu
[2012.07.03 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\DVDVideoSoft
[2012.07.03 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.09 11:38:59 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\elsterformular
[2011.11.11 14:26:50 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Epson
[2011.12.13 16:11:25 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\GetRightToGo
[2011.03.16 16:19:20 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\MAGIX
[2012.05.15 15:12:26 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Media Finder
[2012.06.19 21:15:58 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Ofytu
[2012.06.29 19:23:43 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Ohcoza
[2011.06.14 22:09:55 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\OpenCandy
[2010.09.09 23:05:20 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\OpenOffice.org
[2011.12.15 11:22:04 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Publish Providers
[2011.12.15 11:21:55 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Sony
[2012.04.04 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\TeamViewer
[2010.09.09 23:37:42 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Template
[2011.05.08 15:58:49 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Toshiba
[2012.05.11 13:05:40 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Windows Desktop Search
[2012.06.18 08:52:45 | 000,000,000 | ---D | M] -- C:\Users\Leoni\AppData\Roaming\Windows Live Writer
[2012.03.30 18:18:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.18 11:58:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.07.02 08:36:43 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.09 15:10:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.27 16:13:27 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.06.28 12:58:44 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2010.05.17 02:16:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.06.18 13:17:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.03 18:55:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.06.27 14:48:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.09.09 15:10:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.17 07:41:38 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2012.07.03 21:47:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.29 12:21:32 | 000,000,000 | ---D | M] -- C:\tmp
[2010.09.09 15:47:48 | 000,000,000 | ---D | M] -- C:\Toshiba
[2010.09.22 14:36:49 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.27 15:11:27 | 000,000,000 | ---D | M] -- C:\Windows
[2010.05.17 02:15:12 | 000,000,000 | ---D | M] -- C:\Works
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2010.12.21 07:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll
 
< %USERPROFILE%\*.* >
[2011.07.08 11:55:42 | 000,000,698 | ---- | M] () -- C:\Users\Leoni\AutoOnAir.pal
[2011.07.08 11:55:43 | 000,004,820 | ---- | M] () -- C:\Users\Leoni\HansyDJ2.agc
[2011.07.08 11:55:43 | 000,004,905 | ---- | M] () -- C:\Users\Leoni\Mic Headset01.agc
[2012.07.03 21:56:48 | 013,893,632 | -HS- | M] () -- C:\Users\Leoni\ntuser.dat
[2012.07.03 21:56:48 | 000,262,144 | -HS- | M] () -- C:\Users\Leoni\ntuser.dat.LOG1
[2010.09.09 15:10:52 | 000,000,000 | -HS- | M] () -- C:\Users\Leoni\ntuser.dat.LOG2
[2010.09.09 22:34:19 | 000,065,536 | -HS- | M] () -- C:\Users\Leoni\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.09.09 22:34:19 | 000,524,288 | -HS- | M] () -- C:\Users\Leoni\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.09.09 22:34:19 | 000,524,288 | -HS- | M] () -- C:\Users\Leoni\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.07.19 21:36:22 | 000,065,536 | -HS- | M] () -- C:\Users\Leoni\ntuser.dat{75b8de6c-b1df-11e0-85e4-00266c64acd3}.TM.blf
[2011.07.19 21:36:22 | 000,524,288 | -HS- | M] () -- C:\Users\Leoni\ntuser.dat{75b8de6c-b1df-11e0-85e4-00266c64acd3}.TMContainer00000000000000000001.regtrans-ms
[2011.07.19 21:36:22 | 000,524,288 | -HS- | M] () -- C:\Users\Leoni\ntuser.dat{75b8de6c-b1df-11e0-85e4-00266c64acd3}.TMContainer00000000000000000002.regtrans-ms
[2010.09.09 15:10:52 | 000,000,020 | -HS- | M] () -- C:\Users\Leoni\ntuser.ini
[2011.07.08 12:03:09 | 025,312,176 | ---- | M] () -- C:\Users\Leoni\sam2f.exe
[2011.07.08 11:59:46 | 009,984,927 | ---- | M] () -- C:\Users\Leoni\sambc-retail.exe
[2011.07.18 11:55:36 | 000,000,000 | ---- | M] () -- C:\Users\Leoni\Sti_Trace.log
[2012.04.26 13:37:04 | 000,085,504 | -HS- | M] () -- C:\Users\Leoni\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

War es das was ich posten sollte?

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.07.2012 21:42:00 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Leoni\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 41,52% Memory free
5,49 Gb Paging File | 2,28 Gb Available in Paging File | 41,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 83,20 Gb Free Space | 55,91% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 141,62 Gb Free Space | 95,12% Space Free | Partition Type: NTFS
 
Computer Name: LEONI-TOSH | User Name: Leoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0148F127-5277-47B0-AA12-6B00E0BC8794}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{106B0F02-D8A3-4158-8A60-31B64C5DE434}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13A982A3-35D8-4D05-B333-63DB40C56641}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2A83B69F-EDF9-43EA-98F3-3743387697DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34B6FCA3-82BD-4F75-A01E-9CC3A159877F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FB532E6-4CA8-46D2-9045-8CDF2B08AD2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4CF408A7-D1BA-4DE0-AFFB-ECAC382CEB51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E5C0EBE-1ACF-4EBA-9421-F71B9B6860C3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{514658F0-CFDC-42DA-8CB8-E0E08FDD6142}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79279DA8-9AD3-4695-A13A-84899EA1F4B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8B68868C-7804-4029-A6AA-B80B3EE64A62}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8DABBC9D-6661-456B-80A5-66FA71EA1E37}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8E5D83A7-F902-41CD-8AC6-D56BCBE2175C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8FC804C2-0114-4E56-BD89-D62DD1EAF4D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{96C1C2C8-BA8C-4114-ADF9-D1587BE22346}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE5D7CD8-4766-4737-95CA-274F5506994F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B0D1840E-C7F7-4F07-8602-3BAC8D066DCF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAC404A1-0722-4CD0-A0DA-8239EAE75C41}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C2901927-6D3F-4A26-8A09-B99364D677CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C8F56FFE-BC4D-437C-B217-064FB9BF03E0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D1F0B8F5-2E8A-465F-9EE3-14065BBE7218}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D353FCC4-3522-4C40-9E24-402EB772C98E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D652D862-76DD-42EC-BC4C-B2BE155B36C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D9544539-33D6-4FC9-91E8-CA298BDE8380}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E903202C-4F98-42EE-9C0A-F70A33DAA300}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F018FCB1-EF76-4EFE-A174-E8C558BDBE30}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port | 
"{F0983923-65BC-4C8F-9B16-F1A780945B01}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F9FC9CF8-081C-413B-A96A-494AF0510938}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00992168-97B7-4A44-B26C-6ED7F9E04201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{034EF31F-6BFB-4D12-BA17-1725BFFB144F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{03792E17-BFC6-43CE-BD9A-4E1309937C1F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{03D93219-21D8-4DE6-B9F1-D8D27C01EF50}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{09100B2F-F98B-405A-ABB3-FF6CE9AA8429}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1381A499-29A8-4BF4-9EA8-E40BA94C36B3}" = protocol=17 | dir=in | app=c:\users\leoni\appdata\local\microsoft\windows\temporary internet files\content.ie5\weqn9z12\videotomp3setup[1].exe | 
"{248BA12C-576B-4C2D-8BFF-142149F41629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2B4E3E1C-E0A1-424C-A7A9-572EC8C1B949}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3336183B-11AC-4176-8780-8A435C9A109E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A15682D-D273-48EE-983D-5480C2118B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\buhl\business\buero plus next\bpnext.exe | 
"{4B125573-254D-4961-8A4A-75E6752C7A86}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{505FB20E-B832-4041-BD98-DAD12FF94F0A}" = protocol=6 | dir=in | app=c:\users\leoni\appdata\local\microsoft\windows\temporary internet files\content.ie5\weqn9z12\videotomp3setup[1].exe | 
"{52D8FE0A-778B-439C-B05A-90E347838477}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{58A709D9-EE15-4DC1-BD82-E4CA2D742794}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5C194311-2C2B-45B9-94C8-844CE4EC22E5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F8F1F40-CD0B-427B-9CB0-2974DC68AC64}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{626F6C2A-3C67-4C97-AA70-1701194B40AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6A974C8A-1F51-4623-975A-BE8BBFADC85F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{72A1DBAB-5A2F-4AF9-9508-41F2E8E6DCAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C8CAC16-EFB1-417D-9C48-A04393FEE1C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{82ADF7B7-5334-4D4D-9148-C0C43CBC5AC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86B6F975-C811-4F4C-BD16-61048E310CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\buhl\business\buero plus next\bpnext.exe | 
"{88778872-3EF2-4B6C-94B1-22581DCDE5B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92B4DDAC-5116-4F55-864F-E92E5C820285}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{956DC662-9C99-4EE6-9F6A-54A6D7657CCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1DA0CD0-E732-4BD2-BDB9-44A22B9951AC}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{A65AD975-155F-46CA-9EFF-B00AD54CD8FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA978647-4B09-4BF4-B258-EEABE6A9C575}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2190E23-6080-46B7-9427-0A5374F49A08}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{B2A61660-D80F-4125-8CF9-0AA55928D484}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{BAFE7AF2-A17B-4BF8-B62F-88C579AAD69A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C347FE86-A102-416B-9B18-6AF72FE65F34}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{CD44EFE9-4567-4E90-963A-9BA7F1174EE2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D3DBECEC-994D-438F-9C55-DA6283303A1B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{D888921B-4A80-4B1E-9CF2-0B279C294161}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{E49F4717-02CF-4D22-BEB4-A71BC5AE306E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E5519AF9-78B4-43C2-9348-A10AF2FAF264}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{FE447D18-06F0-4A14-9947-8BBA0F4EAF0A}" = protocol=6 | dir=out | app=system | 
"{FEF07B46-2F26-4658-B75F-2AFD24C1A111}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"TCP Query User{35F40616-8773-4C85-B3C8-027086D350DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{719DA4DD-8F0F-4619-9B66-7526BC1B186C}C:\users\leoni\appdata\roaming\dizeu\uwnu.exe" = protocol=6 | dir=in | app=c:\users\leoni\appdata\roaming\dizeu\uwnu.exe | 
"TCP Query User{74D460C1-7901-438E-8256-4C32BF259A15}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{FC06E73F-11F2-45E5-A58A-CB81A85120CE}C:\users\leoni\appdata\roaming\dizeu\uwnu.exe" = protocol=6 | dir=in | app=c:\users\leoni\appdata\roaming\dizeu\uwnu.exe | 
"UDP Query User{11E6057D-F9E9-4FD4-82EC-2D1A3A969A62}C:\users\leoni\appdata\roaming\dizeu\uwnu.exe" = protocol=17 | dir=in | app=c:\users\leoni\appdata\roaming\dizeu\uwnu.exe | 
"UDP Query User{48E8D0BD-F409-49D5-A3E5-7F294CA3FC8C}C:\users\leoni\appdata\roaming\dizeu\uwnu.exe" = protocol=17 | dir=in | app=c:\users\leoni\appdata\roaming\dizeu\uwnu.exe | 
"UDP Query User{99A73F37-7B22-4C7D-8EFB-4B4B4D45B340}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{A170C56B-AFA1-45E9-905A-A3CF6FA22C8A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Buchhaltung 2012
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8760F096-FCC1-4435-980B-2143363E40C2}" = SDLX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{B9A3F37F-2B18-42FB-8A73-4552243B2323}" = ilivid Player
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{ca660d56-5092-4c28-9bba-a64709689b3d}" = Nero 9 Essentials
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AnalogX AutoTune" = AnalogX AutoTune
"Any Video Converter_is1" = Any Video Converter 3.1.5
"Audacity_is1" = Audacity 1.2.6
"Audio Recorder Pro_is1" = Audio Recorder Pro 3.80
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"Free YouTube Download_is1" = Free YouTube Download version 3.1.30.627
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"McAfee Security Scan" = McAfee Security Scan Plus
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VTechDownloadManager" = VTech Download Manager
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Music Converter" = FoxTab Music Converter
"FoxTab Video To MP3" = FoxTab Video To MP3
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.12.2011 12:02:38 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2011 12:03:26 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.12.2011 07:58:51 | Computer Name = Leoni-TOSH | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a78    Startzeit: 
01ccb51c623d8fc7    Endzeit: 20    Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
 3\program\soffice.bin    Berichts-ID: faa80f71-2193-11e1-be42-00266c64acd3  
 
Error - 15.12.2011 05:05:04 | Computer Name = Leoni-TOSH | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1a54    Startzeit: 01ccbb0882b094e2    Endzeit: 8    Anwendungspfad: 
C:\Program Files (x86)\Windows Media Player\wmplayer.exe    Berichts-ID: ddbc8946-26fb-11e1-8414-00266c64acd3

 
Error - 15.12.2011 05:06:16 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.12.2011 05:06:19 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.12.2011 05:06:19 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.12.2011 05:14:06 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Leoni\AppData\Local\Microsoft\Windows\Temporary
 Internet Files\Content.IE5\4Q9WTZH8\SoftonicDownloader_fuer_vegas-movie-studio[1].exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 15.12.2011 05:30:26 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.12.2011 05:30:28 | Computer Name = Leoni-TOSH | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ OSession Events ]
Error - 13.04.2012 05:11:07 | Computer Name = Leoni-TOSH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 76
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.07.2012 09:27:59 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 10:01:09 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 12:13:22 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 12:46:25 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 13:19:28 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 13:34:29 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 13:49:31 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 15:13:38 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 15:40:41 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 03.07.2012 15:46:41 | Computer Name = Leoni-TOSH | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

und jetzt?


Alt 04.07.2012, 17:03   #6
markusg
/// Malware-holic
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



jepp hier ist malware drauf.
wir setzen den pc neu auf und sichern ihn vernünftig ab
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
--> Mein PC hat prefill Trojaner und ich kriegs nicht weg -

Alt 05.07.2012, 07:36   #7
Leoni123
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



Hi, danke für deine Antwort, aber woher weiss ich, dass die Daten nicht auch infiziert sind? Gibt es eine Möglichkeit das zu sehen? Ich schau, dass ich heute alles Wichtige runterziehe (ist nicht wenig, da mein Arbeitslaptop.) und folge dann den weiteren Anweisungen. Ich hab nur schiss, dass ich das nicht hinkriege...

Alt 05.07.2012, 14:43   #8
markusg
/// Malware-holic
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



bilder, dokumente, musik und vidios sind in ordnung, die kannst du sichern und wir können sie dann sicherheitshalber noch mal scannen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2012, 14:51   #9
Leoni123
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



okay danke, dann mach ich das jettz auf CD und mach den Rechner platt. Leider habe ich keine Windows Cd das heisst ich muss die kaufen.. Weisst du was sowas kosten wird?

Alt 06.07.2012, 21:50   #10
markusg
/// Malware-holic
 
Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Standard

Mein PC hat prefill Trojaner und ich kriegs nicht weg -



80 € in etwa
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Mein PC hat prefill Trojaner und ich kriegs nicht weg -
ahnung, angeblich, arbeit, bereits, ebanking, gesperrt, gleichzeitig, heiss, helft, keine ahnung, kleine, kleinen, kriegs, laptop, laptops, onlinebanking, pcs, programm, sache, sachen, troja, trojaner, verzweifel, virenprogramm




Ähnliche Themen: Mein PC hat prefill Trojaner und ich kriegs nicht weg -


  1. Telekom-Trojaner in gefälschter E-Mail->Link geöffnet. Nun weiß ich nicht, ob mein PC befallen ist. Avira und AVG Antivirus finden nichts
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (10)
  2. Auf einmal ging mein driver Genius nicht mehr und nach neuinstalation steht (Online Downloader funktioniert nicht mehr
    Alles rund um Windows - 13.05.2014 (2)
  3. Windows XP: Anmeldung im abgesicherten Modus funktioniert nicht, da mein Kennwort nicht akzeptiert wird.
    Log-Analyse und Auswertung - 31.12.2013 (10)
  4. qvo6 - Kriegs nicht weg
    Plagegeister aller Art und deren Bekämpfung - 19.10.2013 (13)
  5. Malwarebytes und hijackthis - mein System wird immer langsamer + mein ESET mag nicht mehr
    Log-Analyse und Auswertung - 07.06.2012 (8)
  6. Nach Trojaner Löschung bootet mein Betriebssystem nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (1)
  7. system tool... ich kriegs nicht los
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (15)
  8. durch trojaner kann ich mein rechner nicht richtig hoch fahren
    Diskussionsforum - 16.11.2010 (3)
  9. ein Virus oder Trojaner hat mein PC befallen (aber ich kenne mich nicht aus)
    Plagegeister aller Art und deren Bekämpfung - 16.03.2009 (1)
  10. Hilfe ! Mein Pc funktioniert nicht mehr - Wurm / Trojaner?
    Log-Analyse und Auswertung - 16.01.2009 (4)
  11. Trojaner TR/Crypt.XPACK.Gen und mein PC funz definitiv nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 02.01.2009 (6)
  12. Mein Computer arbeitet im Hintergrund mein internet ist auch nicht gerade schnell
    Log-Analyse und Auswertung - 21.03.2008 (0)
  13. hab trojaner und geht mein explorer nicht mehr nur noch der hintergrund
    Log-Analyse und Auswertung - 09.12.2006 (1)
  14. MediaTicketsInstaller[2].cab - und ich kriegs nicht weg...
    Log-Analyse und Auswertung - 07.11.2005 (4)
  15. Hilfe - Mist Hotofferskram - kriegs nicht raus!!!
    Log-Analyse und Auswertung - 04.04.2005 (5)
  16. 3 Trojaner: Agent NBU / Agent.BI und WinShow.NAL - kriegs nicht gelöscht :(
    Log-Analyse und Auswertung - 20.03.2005 (1)
  17. ich kriegs trotz deaktivierung
    Plagegeister aller Art und deren Bekämpfung - 04.05.2003 (12)

Zum Thema Mein PC hat prefill Trojaner und ich kriegs nicht weg - - Hallo, ich bin am Verzweifeln. Jetz sind bereits meine Loginsachen fürs Onlinebanking gesperrt, weil mein PC angeblich einen Trojaner haben soll der prefill heisst. Kennt sich damit jemand aus? Wie - Mein PC hat prefill Trojaner und ich kriegs nicht weg -...
Archiv
Du betrachtest: Mein PC hat prefill Trojaner und ich kriegs nicht weg - auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.