Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj]

bossanova666 · 28.08.2012, 14:00

hallo,

sobald ich in meinem Google Account auf "Kontoeinstellungen" klicke, meldet sich mein avast-programm und zeigt folgende meldung:

Infektionsdetails
URL: https://www.google.com/settings/_/ac-sta...
Prozess: C:\Program Files (x86)\Mozilla Firefox\f...
Infektion: JS:Blacole-AV [Trj]

anstatt zum Konto wird anscheinend versucht auf eine andere adresse umzuleiten....habe alles mögliche über den trojaner gefunden, aber wie krieg ich den aus meinem Google-Account raus ?

Das ganze passiert im Firefox - wenn ich mich mit Chrome anmelde passiert nichts ??? ... heisst das, dass mein Firefox infiziert ist ???

lg B.

Betriebssystem ist WIN 7 / 64bit

t'john · 28.08.2012, 15:19

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

bossanova666 · 28.08.2012, 18:34

hier die logfiles:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Media :: *** [Administrator]

28.08.2012 17:10:06
mbam-log-2012-08-28 (19-21-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 619570
Laufzeit: 1 Stunde(n), 58 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|MyWebFace_5abar Uninstall (PUP.MyWebSearch) -> Daten: rundll32 C:\PROGRA~2\5AUNIN~1.DLL,O -3 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Program Files (x86)\5aUninstall MyWebFace.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abar.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Users\Media\Desktop\eigene dateien\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Media\Desktop\eigene dateien\Downloads\SoftonicDownloader_fuer_icofx.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Media\Desktop\eigene dateien\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Media\Desktop\eigene dateien\Downloads\SoftonicDownloader_fuer_stream-catcher.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Media\Desktop\eigene dateien\web3\music website\music 2 - old PC\LANGEWEI.EXE (PUP.Joke.Buttons) -> Keine Aktion durchgeführt.

(Ende)

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.08.2012 18:59:15 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 29,17% Memory free
7,82 Gb Paging File | 4,70 Gb Available in Paging File | 60,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,90 Gb Total Space | 338,64 Gb Free Space | 75,44% Space Free | Partition Type: NTFS
 
Computer Name: MEDIA-TOSH | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Media\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Media\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Media\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA;
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA;
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deES476
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?hl=de&source=webhp"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Media\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Media\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Media\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Media\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Media\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.27 13:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 12:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 12:04:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.10 11:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions
[2012.08.28 15:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\su1fhnpa.default\extensions
[2012.07.03 20:23:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\su1fhnpa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.28 15:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\su1fhnpa.default\extensions\5affxtbr@MyWebFace_5a.com
[2012.08.19 09:04:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\su1fhnpa.default\extensions\foxmarks@kei.com
[2012.05.24 04:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.27 13:57:19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.04 18:35:45 | 000,003,170 | ---- | M] () (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SU1FHNPA.DEFAULT\EXTENSIONS\{4C2EC070-B8D6-11E1-AFA6-0800200C9A66}.XPI
[2012.08.04 18:34:24 | 000,019,486 | ---- | M] () (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SU1FHNPA.DEFAULT\EXTENSIONS\PINTEREST-ADDON@FELIXFUNG.CA.XPI
[2012.07.19 09:21:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 11:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 11:24:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 11:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 11:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.30 19:47:53 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.20 11:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 11:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: avast! WebRep = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001..\Run: [Spotify] C:\Users\Media\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001..\Run: [Spotify Web Helper] C:\Users\Media\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [MyWebFace_5abar Uninstall] rundll32 C:\PROGRA~2\5AUNIN~1.DLL,O -3 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0500864-5B5B-4C2A-B047-3799393AA530}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 17:01:33 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe
[2012.08.28 15:36:42 | 000,699,536 | ---- | C] (MindSpark) -- C:\Program Files (x86)\5aUninstall MyWebFace.dll
[2012.08.28 15:17:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.08.28 10:04:10 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{D0F2717A-F94B-489D-BA7F-3B18AE43DAAA}
[2012.08.28 09:47:37 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{2E02806C-FE0C-4B33-8303-6D663715DF59}
[2012.08.27 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{7E3095AE-BDDA-4F5D-8D25-082180536488}
[2012.08.27 05:58:15 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{2696E202-A04B-4C70-8EFD-370731664B95}
[2012.08.27 05:33:27 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{4A6FBF6B-0CDA-4318-B14E-749E85B5B7B8}
[2012.08.26 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{FDFD93E5-2DC7-4216-ADB2-940901B49AD2}
[2012.08.26 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{538F2312-340A-4D2A-8884-DCE453918176}
[2012.08.25 15:12:33 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ODOA
[2012.08.25 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\Apps
[2012.08.25 15:12:14 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\Deployment
[2012.08.25 08:43:52 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{50FE8325-1DA4-47EF-B832-54CF25F26884}
[2012.08.24 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{9523A685-0300-48F9-A38C-E6323E799F8B}
[2012.08.23 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\3d carousel
[2012.08.23 09:59:34 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{AD7D7062-EBCF-4C68-894E-F553BEBF413D}
[2012.08.22 12:25:54 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{B863AF11-51FD-45F4-94B6-3C77DC4773E7}
[2012.08.21 09:19:16 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{BA292526-B0D8-49E3-B6DB-DCB76F212415}
[2012.08.20 14:54:22 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{6DF7CFBE-F8DE-4924-BF68-DB23C4670CBD}
[2012.08.19 12:22:15 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{EB53452B-057F-46FE-AD74-17E26FFAA9D6}
[2012.08.18 12:19:25 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{7E21EF07-E129-46B5-8AB3-A3457B71A982}
[2012.08.18 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{84CE9846-3CB8-4FE5-A2DC-FCE61F980019}
[2012.08.18 00:07:25 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{473063EA-3BE8-4688-911F-A3A9A9030A61}
[2012.08.17 08:52:02 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{CB6FAD1C-F9AC-4696-8CEE-BE7AA8714322}
[2012.08.17 08:51:50 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{3DA4BD3E-7BD5-41A1-8E8B-C42702F0A66A}
[2012.08.17 08:39:23 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{9C78F089-AEB8-46F2-B41F-182AE360D701}
[2012.08.16 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{C8D1A471-C295-4A4E-8502-7FDABEEBD7D1}
[2012.08.16 20:21:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.08.16 20:21:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.08.16 20:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.08.16 20:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.08.16 20:21:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.08.16 20:21:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.08.16 20:21:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.08.16 20:21:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.08.16 20:21:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.08.16 20:21:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.08.16 20:21:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.08.16 20:21:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.08.16 20:21:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.08.16 07:33:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012.08.16 07:33:15 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012.08.16 07:33:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012.08.16 07:33:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012.08.16 07:33:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012.08.16 07:33:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012.08.16 07:33:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012.08.16 07:33:07 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012.08.16 07:30:32 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{4DA7A106-B6AB-4DFB-A642-9120E75BE9FA}
[2012.08.16 07:26:30 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{1790DE73-DE14-44E0-BCD8-E3130924F096}
[2012.08.15 12:06:00 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{EB3CEB2E-318E-47A3-B39A-40161D207197}
[2012.08.15 12:05:37 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{7C9ECE04-4DD6-4FD5-974A-972E5BCF1FFB}
[2012.08.14 23:49:31 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{E8BF3D43-957A-4628-B1ED-7D065F3DA3F3}
[2012.08.14 23:49:10 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{ECB80F13-3C86-4BA4-972F-23B29634711D}
[2012.08.14 08:00:48 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{23746717-EBCA-404A-8E7C-58A1B9732B05}
[2012.08.14 08:00:22 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{A6102CBF-4543-4227-8CD6-8F540A71924B}
[2012.08.13 09:52:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{9331F562-791A-479E-B764-F3AED7BC4FEE}
[2012.08.13 09:52:22 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{18BB1C3F-DE4A-42D7-A25C-2D301B16BBC5}
[2012.08.13 07:18:32 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{B673644B-24AB-45B1-862B-08F2C1D7E3E0}
[2012.08.12 18:55:57 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{90B64CED-BADB-4A36-B406-6D59F6BBE0BC}
[2012.08.12 18:55:35 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{613C24A7-38DF-4A67-A581-74CE8C5A5C0A}
[2012.08.12 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\DATA BECKER
[2012.08.12 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\Chromium
[2012.08.12 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\ProtectDisc
[2012.08.12 14:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2012.08.12 14:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER
[2012.08.12 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\A5 HTML5 Animator Projekte
[2012.08.12 13:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DATA BECKER
[2012.08.12 06:55:04 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{BF99ABFA-CA73-49AB-B9BC-6C778D80611F}
[2012.08.12 06:54:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{88FE8D8B-1A57-4E47-BCA7-C5DB13B3ABCD}
[2012.08.11 18:30:56 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{2D42A6D4-B44D-4F93-8C9F-A071ECD20E5D}
[2012.08.11 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{07399D7E-BB38-42AD-8676-E47D54279E81}
[2012.08.11 14:41:00 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{20085BB6-375C-4317-AD72-7FD48B78C0DC}
[2012.08.11 14:39:13 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{00C00D68-C0BF-47D6-A8B8-B5C75D0B9532}
[2012.08.11 07:56:13 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{8BEB1C27-A5A1-4D30-9316-FCAC2D2B4ABD}
[2012.08.11 07:56:00 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{0CF29948-4C82-49D9-9106-02FAC52E9DE7}
[2012.08.11 00:32:01 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{8C80ED65-0E7F-4382-B21B-84251F160C35}
[2012.08.11 00:28:40 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{EC0E0E12-9577-4FFC-BC9B-F187AF059864}
[2012.08.10 08:04:23 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{3A6FA17F-25E3-4C97-8CE8-D55D49DB79FB}
[2012.08.10 08:04:01 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{D6E559B0-9101-4B85-A747-D677D359861F}
[2012.08.09 18:48:08 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{85F76D90-22AA-4382-AB5E-752C43BAAD8F}
[2012.08.09 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{D4AC7DD2-BDD1-4D9B-81FD-6C7812F2FDB2}
[2012.08.09 04:14:13 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{C7F43A01-822E-4CC5-8402-267E2656F62B}
[2012.08.09 04:13:50 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{AB6C0BC5-B4BD-4E3F-AEEB-7C85B8074361}
[2012.08.08 12:23:54 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{CC514B33-05EF-4BC4-B4F7-935FA89A36D2}
[2012.08.08 12:23:41 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{4FAFF187-A6B5-47F2-BB7C-FE3BBECF8AEE}
[2012.08.08 09:13:48 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{C2F7BA83-4B73-4076-8554-1C71B52BB8D9}
[2012.08.08 09:13:25 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{B2499B9B-BDB3-425B-9840-688351797F6E}
[2012.08.07 15:59:35 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\TATTOO
[2012.08.07 13:12:16 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{2ECDADF4-9DB4-4EC3-AB9F-6B3A1FF66E51}
[2012.08.07 13:11:54 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{7818671E-CFB4-461C-9A60-B18DE8283C1E}
[2012.08.07 01:11:23 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{F9268E01-42B8-41BC-AC92-4BAD46B080E1}
[2012.08.07 01:11:00 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{353ACD9E-8F3B-47C3-8E5E-07549AD4E8BB}
[2012.08.06 08:47:50 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{FB98880F-95B4-4BC6-8948-7914FA92015A}
[2012.08.06 08:47:29 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{8F12E883-BE69-490A-ACBF-63333A16E253}
[2012.08.05 08:54:14 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{6504BD56-7088-455D-A731-54AA10E75C63}
[2012.08.05 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{3DB16941-6302-4BC3-A5F2-BD660192A6DF}
[2012.08.04 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\malle 2012
[2012.08.04 07:15:32 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{72DFD583-E354-4BBB-955B-C3368DF688A6}
[2012.08.04 07:15:11 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{419B006E-46A2-4ADA-8BA9-E0DCABD53209}
[2012.08.03 13:35:45 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{8022BDAE-3536-4474-AF1C-6C3DFEA8DFB5}
[2012.08.03 13:35:27 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{09413D96-BF16-47F0-9A6B-38B7ACCB147E}
[2012.08.02 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{CA0ED43E-9EF0-442C-92D0-B34246224600}
[2012.08.02 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{B1C5E23A-A747-455C-A6C8-4704D2624FDC}
[2012.08.02 08:15:14 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{07854736-0D22-4F61-ABAF-6DC001CA9A82}
[2012.08.02 08:14:52 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{F1F3701D-ECED-4F4D-ADCB-BC49920CBCC1}
[2012.08.01 13:55:03 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{52134123-AD75-4BC2-8122-EE7BFA4B89CE}
[2012.08.01 13:54:31 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{3F7EA60D-5F49-43EE-9C68-0AC9D7343244}
[2012.08.01 09:34:18 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{F93CCACD-2D8A-411B-BB5D-18AAC206C0C3}
[2012.08.01 09:33:54 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{D237A978-B36E-4CEA-ACF7-B2E968A6842F}
[2012.07.31 20:33:09 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{F633469D-4DE2-4035-BD08-6372E2986576}
[2012.07.31 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{2AEAF723-31A6-47F2-AFB2-3B41F1F296E2}
[2012.07.31 19:25:14 | 000,000,000 | ---D | C] -- C:\Users\Media\Desktop\BUDDHA
[2012.07.31 08:32:16 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{3D073291-4DD6-4FFF-9554-818FDFDF449F}
[2012.07.31 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{3E4050AD-E1AF-4195-ACA1-819F228534FC}
[2012.07.30 12:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.30 08:48:05 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{FF24A557-B3B3-4812-B247-3B549FDB486A}
[2012.07.30 08:47:48 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{1363F482-937E-43B6-89F7-EDBD8ACD75B8}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 18:59:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 18:32:04 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280897608-1129846420-1038330990-1001UA.job
[2012.08.28 18:27:32 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 17:32:23 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280897608-1129846420-1038330990-1001Core.job
[2012.08.28 17:02:16 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Desktop\OTL.exe
[2012.08.28 16:26:43 | 000,009,216 | ---- | M] () -- C:\Users\Media\Desktop\tumblr_m9fustvGyD1rezlvmo1_500.jpg
[2012.08.28 15:17:43 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.28 14:20:02 | 000,067,802 | ---- | M] () -- C:\Users\Media\Desktop\Virusmeldung Google.jpg
[2012.08.28 12:19:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.08.28 09:51:30 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 09:51:30 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 09:42:48 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 09:41:56 | 000,403,120 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.08.28 09:41:54 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 00:17:03 | 000,053,160 | ---- | M] () -- C:\Users\Media\Desktop\295927_511649352185138_2006038286_n.jpg
[2012.08.27 16:49:05 | 001,613,340 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.08.27 16:49:05 | 000,697,082 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.08.27 16:49:05 | 000,652,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.08.27 16:49:05 | 000,148,346 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.08.27 16:49:05 | 000,121,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.08.27 13:57:22 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012.08.26 15:14:55 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.08.26 15:14:55 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.25 15:12:33 | 000,000,372 | ---- | M] () -- C:\Users\Media\Desktop\Desktop QR Scanner.appref-ms
[2012.08.22 12:27:01 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012.08.17 15:55:39 | 000,004,608 | ---- | M] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.16 07:58:33 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.12 19:11:40 | 001,591,234 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.08.12 18:15:09 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00003409.LCS
[2012.08.12 14:00:08 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk
[2012.08.08 13:07:15 | 000,000,204 | ---- | M] () -- C:\windows\ulead32.ini
 
========== Files Created - No Company Name ==========
 
[2012.08.28 16:25:43 | 000,009,216 | ---- | C] () -- C:\Users\Media\Desktop\tumblr_m9fustvGyD1rezlvmo1_500.jpg
[2012.08.28 15:36:42 | 000,172,440 | ---- | C] () -- C:\Program Files (x86)\5ares.dll
[2012.08.28 15:17:43 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.28 14:17:32 | 000,067,802 | ---- | C] () -- C:\Users\Media\Desktop\Virusmeldung Google.jpg
[2012.08.28 00:17:00 | 000,053,160 | ---- | C] () -- C:\Users\Media\Desktop\295927_511649352185138_2006038286_n.jpg
[2012.08.25 15:12:33 | 000,000,372 | ---- | C] () -- C:\Users\Media\Desktop\Desktop QR Scanner.appref-ms
[2012.08.15 11:50:41 | 000,004,608 | ---- | C] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.12 14:03:25 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00003409.LCS
[2012.08.12 14:00:08 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk
[2012.08.12 13:56:27 | 001,591,234 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.08.08 17:27:14 | 000,001,120 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280897608-1129846420-1038330990-1001UA.job
[2012.08.08 17:27:13 | 000,001,068 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4280897608-1129846420-1038330990-1001Core.job
[2012.06.23 12:31:21 | 000,000,000 | ---- | C] () -- C:\windows\NSREX.INI
[2012.04.21 01:48:23 | 000,007,607 | ---- | C] () -- C:\Users\Media\AppData\Local\Resmon.ResmonCfg
[2012.04.20 19:12:45 | 000,000,618 | ---- | C] () -- C:\windows\WSSTYLES.INI
[2012.04.11 14:06:06 | 000,002,104 | ---- | C] () -- C:\Users\Media\AppData\Local\recently-used.xbel
[2012.03.28 15:04:34 | 000,000,204 | ---- | C] () -- C:\windows\ulead32.ini
[2012.03.27 17:54:22 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI
[2012.03.27 16:35:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\nnr.dll
[2012.01.07 02:56:55 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011.04.05 06:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.04.05 06:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.04.05 06:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.02.04 05:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010.11.09 22:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2012.04.17 11:51:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\7-PDFMaker
[2012.07.20 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Artisteer
[2012.08.21 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\CoreFTP
[2012.05.02 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoft
[2012.05.01 01:09:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.29 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\FileZilla
[2012.04.30 19:48:43 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\FreeFLVConverter
[2012.05.10 12:57:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GetRightToGo
[2012.08.12 18:15:07 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ProtectDisc
[2012.08.28 09:46:27 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Spotify
[2012.05.07 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\svBuilder
[2012.02.28 20:21:50 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Toshiba
[2012.03.24 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\TOSHIBA Online Product Information
[2012.02.24 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\WinBatch
[2012.03.28 04:36:27 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Windows Live Writer
[2012.05.07 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\XnView
[2009.07.14 07:08:49 | 000,031,592 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

--- --- ---

Extras:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.08.2012 18:59:15 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 29,17% Memory free
7,82 Gb Paging File | 4,70 Gb Available in Paging File | 60,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,90 Gb Total Space | 338,64 Gb Free Space | 75,44% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026E2CF7-52F6-46FA-92A8-B1C13111C831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{038EC91A-81EF-41F7-ADB2-A45E6485F072}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0A3555F5-D377-4B5C-8B23-EA7E8B84EBB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{12EC7C33-FDBF-4F99-93C1-0373E7258976}" = rport=139 | protocol=6 | dir=out | app=system | 
"{165AA447-7D70-49FD-BF02-8672E2613C06}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50149452-F2E0-47AE-9885-1771F33EC80D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{548E4622-4EFF-4E42-BC89-15996F6F034F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6D559BDE-CAA7-4C04-ADC0-4F72470D7644}" = rport=137 | protocol=17 | dir=out | app=system | 
"{70023757-0F1C-4A7F-AEC3-F1048945778D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{950C14BD-6FAD-4BE9-8B6D-F8473E78EDFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{962A0CD9-3B97-4691-B78F-B591DE5B4C82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AB62EAD8-673D-4A32-A040-848C29D417D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BE071381-7D94-4544-A83B-D4E2593B9549}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DA580EF6-9AA2-4833-9E99-A44D4D36A88A}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14193A8E-4996-4310-B035-8D1BD0A309EE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{1BCD95A5-E5B8-4699-8721-0F0FE4E44753}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{2D323441-F92D-43E5-9412-C240348D95E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{404EDB83-AB89-4B71-B9D1-DC5350521CBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{439B10D1-2E34-4DEC-A0AC-AF1C4B33E4CF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4DEFAD89-E76F-4B1D-8EAC-CEF325F4BD86}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5026D411-99D0-4A4D-BFB2-857DDAA56E3B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{58E710F3-DAB1-42A2-A677-D5E465DD8262}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{64648E7C-A4C2-4F55-B622-F9D9E6BAF64C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6E792302-E542-4840-AD50-4C90B99F9823}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7EE55CFC-251C-4687-B9B6-FD19F08332A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B2A67EBC-2EF9-47FD-B594-C6A8BB37D3FC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{BEA4B4AE-25A3-4332-9318-23C970A73C48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CCF92059-BF00-4902-86EF-792E34018D80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D738161B-1D90-4C40-BE62-40FB1CC27037}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E0006EA4-01DC-4462-B86D-58C7FF7F4C99}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F865CFA5-E063-4258-B6CA-BE26E7CB45B4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FCC5C296-ED82-4421-ADD6-C62F4939A8AD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"TCP Query User{5CB0AE47-3255-4FC0-9DE3-8152781BBCB6}C:\users\media\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\media\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{B8AE93AE-EA85-4C8D-BEB9-CDED090C065E}C:\users\media\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\media\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 268.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54795D-AD7A-4AD0-9D6F-700C66810C7E}" = NetObjects Templates Volume 1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A18F0A9D-D67B-35D8-C041-067E5F2DF2F9}" = svBuilder
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2A34DD-7446-462F-9467-9394CAD5635A}" = NetObjects Templates Volume 2
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9E6AC9C-4C9A-430C-8CF2-896A6755B6E6}" = SiteStyles Volume 2
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5B22400-DAB4-4121-941D-E2665E2F5F6A}" = In A Flash 3
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F3C7F6CA-8351-4172-B2A6-2A8A3A7A2FF6}" = NetObjects Fusion 11.0
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-PDF Maker_is1" = 7-PDF Maker Version 1.3.0 (Build 148)
"A5 HTML5 Animator_is1" = DATA BECKER A5 HTML5 Animator
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Artisteer 3" = Artisteer 3
"avast" = avast! Free Antivirus
"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0
"CoreFTP" = Core FTP LE
"CSS Tab Designer_is1" = CSS Tab Designer v2.0
"Flip PDF_is1" = Flip PDF
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free Studio_is1" = Free Studio version 5.4.9
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Security Task Manager" = Security Task Manager 1.8d
"svBuilder" = svBuilder
"VisualLightBox" = VisualLightBox
"VLC media player" = VLC media player 2.0.1
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Wondershare Flash Gallery Factory Deluxe_is1" = Wondershare Flash Gallery Factory Deluxe 5.2.0.9
"WTA-0d00f72d-886f-4094-a542-6fa31533b4b1" = Diner Dash 2 Restaurant Rescue
"WTA-1e3e143d-6d53-40b3-860c-361b9b1b136e" = Bejeweled 2 Deluxe
"WTA-41ea00f4-9290-419c-af13-ee8453539f55" = Chuzzle Deluxe
"WTA-4690ad67-25b7-44ad-9b09-edd51c3d45d0" = Zuma Deluxe
"WTA-5e3f7167-b86b-4582-89b5-dd25e07ac571" = Insaniquarium Deluxe
"WTA-61256105-e65f-47c7-8310-5561d1ff7b25" = FATE
"WTA-735228a7-78ef-47e5-a230-36c7dbd388ed" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-76b0ddf1-d5cf-4711-8866-b8b76ff3e42b" = Final Drive: Nitro
"WTA-87caa045-0ddf-44cd-a440-4903293984e2" = Bejeweled 3
"WTA-9985a6f5-cf6e-4bb5-a9c2-cb4b738e5270" = Penguins!
"WTA-becdbb96-e4ff-4660-9eb4-d8f62a866ed0" = Slingo Deluxe
"WTA-c1a03938-601e-41d8-af87-317987f38efc" = Wedding Dash 2 - Rings Around the World
"WTA-cd8bd1b8-5be9-4e34-a4ee-7b6cd9bc90ef" = Plants vs. Zombies - Game of the Year
"WTA-f05d6f46-3745-49ed-a22d-64930f53dbda" = Polar Bowler
"XnView_is1" = XnView 1.98.8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c31ebb7005be8b35" = Desktop QR Scanner
"FileZilla Client" = FileZilla Client 3.5.3
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2012 05:46:30 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error - 02.08.2012 05:46:31 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.08.2012 05:46:31 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
 
Error - 02.08.2012 05:46:31 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error - 02.08.2012 05:47:00 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.08.2012 05:47:00 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31575
 
Error - 02.08.2012 05:47:00 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31575
 
Error - 03.08.2012 08:00:49 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Iedit.exe, Version 11.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2bd8    Startzeit:
 01cd716f8fdbf6f4    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Ulead Systems\Ulead
 PhotoImpact 11\Iedit.exe    Berichts-ID: dac88abc-dd62-11e1-8343-dc0ea13c4373  
 
Error - 05.08.2012 06:41:11 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_268.exe,
 Version: 11.3.300.268, Zeitstempel: 0x500adb58  Name des fehlerhaften Moduls: NPSWF32_11_3_300_268.dll,
 Version: 11.3.300.268, Zeitstempel: 0x500addb8  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066ea8a  ID des fehlerhaften Prozesses: 0x4734  Startzeit der fehlerhaften Anwendung:
 0x01cd72e9fa83bd7d  Pfad der fehlerhaften Anwendung: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
Berichtskennung:
 11db5434-deea-11e1-8343-dc0ea13c4373
 
Error - 05.08.2012 13:48:53 | Computer Name = *** | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 30.07.2012 06:22:08 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 30.07.2012 06:22:08 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 30.07.2012 11:21:09 | Computer Name = *** | Source = BROWSER | ID = 8032
Description = 
 
Error - 08.08.2012 07:12:09 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 12.08.2012 10:22:34 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 12.08.2012 10:22:34 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 13.08.2012 01:17:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 13.08.2012 01:17:26 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 13.08.2012 04:47:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 13.08.2012 04:47:07 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
 
< End of report >

--- --- ---

t'john · 29.08.2012, 01:29

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_deES476 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4280897608-1129846420-1038330990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=de&source=webhp" 
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () 
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4:64bit: - HKLM..\Run: [] File not found 
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\Run: [] File not found 
O4 - HKLM..\RunOnce: [MyWebFace_5abar Uninstall] rundll32 C:\PROGRA~2\5AUNIN~1.DLL,O -3 File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-4280897608-1129846420-1038330990-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 
 

:Files

C:\Users\***\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

bossanova666 · 29.08.2012, 07:38

hi John,
vielen dank für die hilfe.
ich habe allerdings gestern abend nochmal avast scannen/laufen lassen und es wurden 2 trojaner gefunden - seitdem ist auch in meinem google-account wieder alles in ordnung

sollte ich den fix jetzt trotzdem noch machen ?

t'john · 29.08.2012, 20:18

Ist zu empfehlen, da sind einige verwaiste Eintraege und Toolbars.

bossanova666 · 29.08.2012, 23:47

ok, ich wollte es machen, doch dann wurde plötzlich der bildschirm blau mit irgendwelchen meldungen wie "es wird versucht ihr system zu ändern" oder so ähnlich und der PC startete neu ??? ... also ging nicht - habs auch nicht nochmal probiert

t'john · 29.08.2012, 23:54

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

bossanova666 · 30.08.2012, 17:46

# AdwCleaner v2.000 - Datei am 08/30/2012 um 18:45:25 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Media\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\su1fhnpa.default\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll C:\windows\SysWOW64\nvinit.dll
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\su1fhnpa.default\prefs.js

Gefunden : user_pref("extensions.toolbar.mindspark._5aMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3118 octets] - [30/08/2012 18:45:25]

########## EOF - C:\AdwCleaner[R1].txt - [3178 octets] ##########

t'john · 30.08.2012, 20:39

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

bossanova666 · 01.09.2012, 00:03

# AdwCleaner v2.000 - Datei am 09/01/2012 um 00:54:34 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\su1fhnpa.default\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll C:\windows\SysWOW64\nvinit.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-4280897608-1129846420-1038330990-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\su1fhnpa.default\prefs.js

Gelöscht : user_pref("extensions.toolbar.mindspark._5aMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3243 octets] - [30/08/2012 18:45:25]
AdwCleaner[R2].txt - [3301 octets] - [30/08/2012 18:48:37]
AdwCleaner[S1].txt - [3795 octets] - [01/09/2012 00:54:34]

########## EOF - C:\AdwCleaner[S1].txt - [3855 octets] ##########

t'john · 01.09.2012, 00:29

Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.

bossanova666 · 01.09.2012, 00:30

die kostenlose Emsisoft Anti-Malware kann ich nicht mehr ausführen, weil diese angeblich auf diesem PC schon benutzt wurde (?) ...

t'john · 01.09.2012, 00:40

Da gibts einen kostenlosen Scan (siehe Anleitung)

bossanova666 · 01.09.2012, 14:56

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 01.09.2012 13:56:26

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 01.09.2012 14:02:46

C:\Users\Media\NOF 11 deutsch\net\Keygen.exe gefunden: Trojan-Proxy.Win32.Agent!E2
C:\Users\Media\Downloads\cnet2_NOF-Essentials_exe.exe gefunden: Riskware.Win32.InstallCore.AMN!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\100_hotties.zip -> Wallpaper Hottie 062.jpg gefunden: Trojan.Win32.Jpgiframe!E2
C:\Users\Media\Desktop\eigene dateien\Downloads\Unlocker1.9.1.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\PhotoScapeSetup_V3.5.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\SoftonicDownloader_fuer_photoscape.exe gefunden: Riskware.Win32.SoftonicDownloader.AMN!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\PhotoGrabber-Win-r83\pg.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\Miro_Installer.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Farmerama\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Free Realms\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Crush the Castle 2\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe gefunden: Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\1&1\1&1 SmartFax\uninst.exe gefunden: Trojan-Clicker.Win32.NSIS!E1

Gescannt 893104
Gefunden 18

Scan Ende: 01.09.2012 15:39:10
Scan Zeit: 1:36:24

C:\Users\Media\Desktop\eigene dateien\Downloads\SoftonicDownloader_fuer_photoscape.exe Quarantäne Riskware.Win32.SoftonicDownloader.AMN!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\Unlocker1.9.1.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\PhotoScapeSetup_V3.5.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\PhotoGrabber-Win-r83\pg.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\Miro_Installer.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Farmerama\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Free Realms\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Web Link - Crush the Castle 2\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Program Files (x86)\1&1\1&1 SmartFax\uninst.exe Quarantäne Trojan-Clicker.Win32.NSIS!E1
C:\Users\Media\Desktop\eigene dateien\Downloads\100_hotties.zip -> Wallpaper Hottie 062.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
C:\Users\Media\Downloads\cnet2_NOF-Essentials_exe.exe Quarantäne Riskware.Win32.InstallCore.AMN!E1

Quarantäne 17

29.08.2012, 20:18	#6
t'john /// Helfer-Team	Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj] Ist zu empfehlen, da sind einige verwaiste Eintraege und Toolbars. __________________ --> Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj]

01.09.2012, 00:29	#12
t'john /// Helfer-Team	Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj] Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte. __________________ Mfg, t'john Das TB unterstützen

01.09.2012, 00:40	#14
t'john /// Helfer-Team	Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj] Da gibts einen kostenlosen Scan (siehe Anleitung) __________________ Mfg, t'john Das TB unterstützen

Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj]

Plagegeister aller Art und deren Bekämpfung: Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj]