Trojaner-Board - Polizei-Trojaner hat mich erwischt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Polizei-Trojaner hat mich erwischt (https://www.trojaner-board.de/122231-polizei-trojaner-hat-mich-erwischt.html)

Polizei-Trojaner hat mich erwischt

Hallo Liebes Trojaner-Team

Heute habe ich mir beim Surfen einen dieser miesen Polizei-Trojaner eingefangen bei dem durch diese Meldung alles blockiert ist.

Ich habe den Laptop dann im abgesicherten Modus mit Netzwerktreiber gestartet. Danach bin ich dann über google auf euer Forum gestossen und hab mir Malwarebytes und OTL runtergeladen und ausgeführt.

Malwarebytes Log

PHP-Code:

   Malwarebytes Anti-Malware (Test) 1.62.0.1300

www.malwarebytes.org

 
Datenbank Version: v2012.08.15.09

 
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Kevin :: KEVIN-TOSH [Administrator]

 
Schutz: Deaktiviert

 
16.08.2012 02:58:08

mbam-log-2012-08-16 (02-58-08).txt

 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 491864

Laufzeit: 1 Stunde(n), 11 Minute(n), 1 Sekunde(n)

 
Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uxywstnixjmsula (Trojan.Ransom) -> Daten: C:\ProgramData\uxywstni.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

 
Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

 
Infizierte Dateien: 4

C:\ProgramData\uxywstni.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kevin\0.7570417923624622.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kevin\Desktop\SEGA\Neuer Ordner (3)\SAVE EDITOR Collection v 1.0\SAVE EDITOR Collection v 1.0\Borderlands Willow Tree  Editor\WillowTree.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Kevin\Desktop\SEGA\Neuer Ordner (3)\SAVE EDITOR Collection v 1.0\SAVE EDITOR Collection v 1.0\Shadow Complex (XBL Arcade)\Shadow Complex Editor.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

 
(Ende)

OTL.txt

PHP-Code:

   OTL logfile created on: 8/16/2012 5:30:15 AM - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Kevin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

7.91 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.82% Memory free

15.82 Gb Paging File | 13.10 Gb Available in Paging File | 82.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.20 Gb Total Space | 35.13 Gb Free Space | 5.15% Space Free | Partition Type: NTFS

 

Computer Name: KEVIN-TOSH | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Users\Kevin\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe (Totem Entertainment)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)

PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()

 

 

[color=#E56717]========== Modules (No Company Name) ==========[/color]

 

MOD - C:\Users\Kevin\AppData\Local\vghd\bin\QtGui4.dll ()

MOD - C:\Users\Kevin\AppData\Local\vghd\bin\QtNetwork4.dll ()

MOD - C:\Users\Kevin\AppData\Local\vghd\bin\QtXml4.dll ()

MOD - C:\Users\Kevin\AppData\Local\vghd\bin\QtCore4.dll ()

 

 

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

 

SRV:[b]64bit:[/b] - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)

SRV:[b]64bit:[/b] - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)

SRV:[b]64bit:[/b] - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV:[b]64bit:[/b] - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)

SRV:[b]64bit:[/b] - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:[b]64bit:[/b] - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (SearchAnonymizer) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()

 

 

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

 

DRV:[b]64bit:[/b] - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:[b]64bit:[/b] - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:[b]64bit:[/b] - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:[b]64bit:[/b] - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SymEFA64.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SymDS64.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Ironx64.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccSetx64.sys (Symantec Corporation)

DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:[b]64bit:[/b] - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)

DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:[b]64bit:[/b] - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:[b]64bit:[/b] - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:[b]64bit:[/b] - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:[b]64bit:[/b] - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:[b]64bit:[/b] - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:[b]64bit:[/b] - (DVB7700ALL) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)

DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:[b]64bit:[/b] - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:[b]64bit:[/b] - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:[b]64bit:[/b] - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:[b]64bit:[/b] - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)

DRV:[b]64bit:[/b] - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV:[b]64bit:[/b] - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:[b]64bit:[/b] - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:[b]64bit:[/b] - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV:[b]64bit:[/b] - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:[b]64bit:[/b] - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:[b]64bit:[/b] - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)

DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:[b]64bit:[/b] - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)

DRV:[b]64bit:[/b] - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)

DRV:[b]64bit:[/b] - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120815.002\ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120815.002\eng64.sys (Symantec Corporation)

DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120402.001\BHDrvx64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120202.002\IDSviA64.sys (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

 

 

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== Internet Explorer ==========[/color]

 

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{7CF3FA9B-4D75-4A99-9D05-0092AFDC9FD2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comoestamos.com/search/

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{68A72E44-9F07-436B-ADC8-000512CCE1DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = hxxp://www.comoestamos.com/search/searchgoogle.asp?q={searchTerms}

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\UpdatusUser\Desktop

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kevin\Desktop

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT448

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

[color=#E56717]========== FireFox ==========[/color]

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..network.proxy.type: 0

 

 

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/22 00:55:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/08/16 04:43:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/08/16 04:43:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 19:57:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 02:25:29 | 000,000,000 | ---D | M]

 

[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions

[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com

[2012/08/16 02:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions

[2012/08/04 23:33:56 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com

[2012/04/20 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/04/25 19:57:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

[color=#E56717]========== Chrome  ==========[/color]

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: preisspion.de = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.0_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2011/09/10 05:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:[b]64bit:[/b] - HKLM..\Run: [Ocs_SM] C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:[b]64bit:[/b] - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:[b]64bit:[/b] - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: []  File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Kevin\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Mcx1-KEVIN-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8:[b]64bit:[/b] - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1EFD16-CBA1-4C51-9DE0-2DD4AFBFE634}: DhcpNameServer = 192.168.1.1

O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

 

[2012/08/16 04:42:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/16 04:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/08/16 04:41:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/08/16 04:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2012/08/16 04:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/08/16 03:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\ff11

[2012/08/16 03:47:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe

[2012/08/16 02:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2012/08/16 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/16 02:56:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/16 02:56:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/16 01:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\rsiogkxqxettjhl

[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Songbird2

[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Songbird2

[2012/08/14 12:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird

[2012/08/14 12:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird

[2012/08/08 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Skyrim

[2012/08/08 08:38:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll

[2012/08/08 08:38:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll

[2012/08/08 08:38:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll

[2012/08/08 08:38:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll

[2012/08/08 08:38:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll

[2012/08/08 08:38:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll

[2012/08/08 08:38:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll

[2012/08/08 08:38:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll

[2012/08/08 08:38:37 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll

[2012/08/08 08:38:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll

[2012/08/08 08:38:37 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll

[2012/08/08 08:38:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll

[2012/08/08 08:38:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll

[2012/08/08 08:38:36 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll

[2012/08/08 08:38:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll

[2012/08/08 08:38:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll

[2012/08/08 08:38:35 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll

[2012/08/08 08:38:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll

[2012/08/08 08:38:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll

[2012/08/08 08:38:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll

[2012/08/08 08:38:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll

[2012/08/08 08:38:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll

[2012/08/08 08:38:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll

[2012/08/08 08:38:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll

[2012/08/08 08:38:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll

[2012/08/08 08:38:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll

[2012/08/08 08:38:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll

[2012/08/08 08:38:30 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll

[2012/08/08 08:38:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll

[2012/08/08 08:38:30 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll

[2012/08/08 08:38:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll

[2012/08/08 08:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll

[2012/08/08 08:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll

[2012/08/08 08:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll

[2012/08/08 08:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll

[2012/08/08 08:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll

[2012/08/08 08:38:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll

[2012/08/08 08:38:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll

[2012/08/08 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Games

[2012/08/07 02:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[2012/08/06 05:54:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\XboxMB

[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\windows\XSxS

[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Xenocode

[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode

[2012/08/06 05:53:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Downloads

[2012/07/31 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player

[2012/07/30 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Any Video Converter

[2012/07/30 17:22:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\AnvSoft

[2012/07/30 17:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft

[2012/07/30 17:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft

[2012/07/23 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Coma

[2012/07/23 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Revolt

[2012/07/23 19:48:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\360Revolution

[2012/07/18 23:28:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Macromedia

[2012/07/18 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sogna

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

 

[2012/08/16 05:06:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/08/16 04:48:16 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/16 04:48:16 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/16 04:46:40 | 001,715,430 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1307010.005\Cat.DB

[2012/08/16 04:42:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/16 04:42:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/16 04:42:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/16 04:42:31 | 000,002,575 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/16 04:40:43 | 000,001,308 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton-Installationsdateien.lnk

[2012/08/16 04:37:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/08/16 04:37:12 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/16 04:35:25 | 001,506,754 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB

[2012/08/16 04:30:46 | 000,921,344 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe

[2012/08/16 04:17:09 | 000,002,046 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

[2012/08/16 03:47:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe

[2012/08/16 02:56:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/16 02:56:26 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/16 01:29:48 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038

[2012/08/16 01:25:07 | 000,000,051 | ---- | M] () -- C:\ProgramData\oewjvtfvpnesgyz

[2012/08/15 17:30:44 | 001,614,892 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/08/15 17:30:44 | 000,697,534 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/08/15 17:30:44 | 000,652,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/08/15 17:30:44 | 000,148,540 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/08/15 17:30:44 | 000,121,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/08/15 12:06:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/08/15 12:06:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/14 12:37:17 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk

[2012/08/08 14:02:08 | 016,314,368 | ---- | M] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs

[2012/08/08 09:00:08 | 000,000,221 | ---- | M] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url

[2012/07/31 23:45:25 | 000,000,111 | ---- | M] () -- C:\user.js

[2012/07/30 17:16:08 | 000,001,247 | ---- | M] () -- C:\Users\Kevin\Desktop\Any Video Converter.lnk

[2012/07/23 19:32:08 | 001,592,786 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

[color=#E56717]========== Files Created - No Company Name ==========[/color]

 

[2012/08/16 04:42:37 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/16 04:42:37 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/16 04:42:31 | 000,002,575 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/16 04:40:36 | 000,001,308 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton-Installationsdateien.lnk

[2012/08/16 04:30:17 | 000,921,344 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe

[2012/08/16 02:56:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/16 01:25:00 | 000,000,051 | ---- | C] () -- C:\ProgramData\oewjvtfvpnesgyz

[2012/08/14 12:37:17 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk

[2012/08/08 14:00:44 | 016,314,368 | ---- | C] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs

[2012/08/08 09:00:08 | 000,000,221 | ---- | C] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url

[2012/07/31 23:45:25 | 000,000,111 | ---- | C] () -- C:\user.js

[2012/07/30 17:16:08 | 000,001,247 | ---- | C] () -- C:\Users\Kevin\Desktop\Any Video Converter.lnk

[2012/06/17 23:22:41 | 000,000,300 | ---- | C] () -- C:\windows\ACTIVEJP.INI

[2012/01/24 04:49:22 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat

[2011/09/10 05:47:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2011/09/10 05:47:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2011/09/10 05:47:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2011/09/10 05:47:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2011/09/10 05:47:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2011/09/02 15:07:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/09/02 14:52:25 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\treeskp.sys

[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\sbacknt.bin

[2011/08/06 18:24:27 | 001,592,786 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/06 14:20:04 | 000,059,685 | ---- | C] () -- C:\windows\War3Unin.dat

[2011/06/17 06:12:01 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2011/04/05 05:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/05 05:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/04/05 05:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/02/04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2010/11/09 21:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

 

[color=#E56717]========== LOP Check ==========[/color]

 

[2012/03/24 13:36:03 | 000,000,000 | -HSD | M] -- C:\Users\Kevin\AppData\Roaming\.#

[2011/08/11 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\3DataManager

[2012/07/30 17:22:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AnvSoft

[2012/02/18 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Clickteam

[2011/08/13 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Datel

[2012/08/16 02:11:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft

[2011/08/30 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Swift Sound

[2011/08/29 23:09:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OCS

[2011/08/29 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Opera

[2011/08/11 16:27:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips

[2011/08/10 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips-Songbird

[2011/08/10 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Program Files (x86)

[2012/07/11 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SoftGrid Client

[2012/08/14 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2

[2011/08/07 01:39:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba

[2011/08/06 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TOSHIBA Online Product Information

[2011/08/06 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TP

[2011/08/06 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch

[2012/08/16 04:16:15 | 000,026,036 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 

[color=#E56717]========== Purity Check ==========[/color]

 

 

 

[color=#E56717]========== Files - Unicode (All) ==========[/color]

[2012/02/18 13:33:45 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説

[2012/02/18 13:20:16 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説

 
< End of report >

Extras.txt

PHP-Code:

   OTL Extras logfile created on: 8/16/2012 5:30:15 AM - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Kevin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

7.91 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.82% Memory free

15.82 Gb Paging File | 13.10 Gb Available in Paging File | 82.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.20 Gb Total Space | 35.13 Gb Free Space | 5.15% Space Free | Partition Type: NTFS

 

Computer Name: KEVIN-TOSH | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[color=#E56717]========== Security Center Settings ==========[/color]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

[color=#E56717]========== System Restore Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[color=#E56717]========== Firewall Settings ==========[/color]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[color=#E56717]========== Authorized Applications List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EC35AC6-92E2-41DD-8D75-2094CFEF5585}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{14B9A38B-A2C9-4286-82FB-ABAE34F86526}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{1A3A8A44-7294-4B49-92E0-7C888D38C697}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{1C7148E9-9DCB-4CB3-A43A-B8B3DF4C7345}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{23C19003-B0D4-4ED4-8078-CE2E228AC7C7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{249641A7-E607-4853-841A-124FFA6A8A7C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{290A7C08-56EE-450E-9AD6-A45025528ECD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{2D3C2657-9D5D-40F3-AEE2-2BD214123DC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{30D9FA76-E860-409C-91BE-D111608309D3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{3232E0A3-91F4-4436-84D6-FA4E0B13061D}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{324325D5-1997-42B4-B37B-725087B51CA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{33ED8279-D271-4180-A219-8783B17F2924}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3F8F63C6-0E2B-43BD-8919-972147AFEEA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{4543C654-306B-4C73-8523-9769D09E73FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{4C3B3B45-95EF-4DCD-9F3C-5C847AD5C093}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{4E1A41F9-E91D-41AB-A6CE-273294C5E54C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{598B7D8C-DBDA-49C3-A137-1C9BA44D0D3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{600EB824-0BAA-47B8-B743-D6E7ED0417CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{603C8703-E1CE-4D2F-B489-845853250A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6CF96340-F250-4404-8879-0CD25C742A0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{73974DF1-15D8-4AE5-A643-6B21377FA6A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{75B93040-6063-43B4-9BA0-5DEEE7BEE01B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{782C0D0E-DD07-4D1D-9BFB-CB16DC08467E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{7F2C0899-7A1E-4933-A9A6-BF228B085CFB}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{837E4B7B-8FE4-4A16-AFFE-17D49690B88F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{90F5F375-821A-422E-9BE9-61CD160236D9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{91F346C1-12C7-4471-B62B-2020BEA18806}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{A2A08795-F026-46E6-8D6A-6043E61C106E}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{B2CCE22A-1E22-45AB-AA58-13D779393783}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BA172DEE-6422-4375-9CA8-C4AC39A4275B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{BDB9123D-F4EB-4CB5-82B1-51C33B7C91BB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{C0F431A3-EFD6-48B6-BE4A-BE9DA0EB8EE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C49FAD3E-4ACE-4552-9667-9C5986EE7E17}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C9F24535-9DF3-46ED-9378-E10C56F58F40}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{CBF85601-E332-452A-9CBA-E05552249179}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CF5B0068-3A1A-4736-8D07-FA58B7C2D869}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D00865F4-8BD5-4BCA-93EA-E4B547090082}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{DD42B329-9C3C-4B02-9155-128C4818C06B}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port | 

"{DE49D80E-9A21-44DB-80E4-1FE8F8CDE5C5}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E3389F8C-788E-4BC4-A9EF-D5CCE2F339BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F07F820F-20FD-4FA8-8500-2A70A382A871}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{F5AFC0A5-C14C-4E0E-A37D-38D9299D9DC3}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{F8AA41DB-9481-4981-B4D3-DD9C1F4D46D2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{F8D21455-3F62-49DC-8617-F4F8BA2A60E6}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{FC661AFC-6D92-4B95-AE89-91B3AB16B91A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

 

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0094B4CD-3A6F-4A9D-B74A-70C974863A5D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{012C3E54-5253-4432-933F-8381D4CAEE51}" = protocol=17 | dir=in | app=c:\users\kevin\desktop\modio_3.0\modio\modio.exe | 

"{02C91A76-EBF7-4729-9F71-6EA76E32BCA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe | 

"{0386396B-63DF-466C-B3E6-2F8506304FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{05E4588E-0405-40CE-9B28-631F2CA6F517}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{0EC68DF1-2176-4B93-8EA1-EED868B4C861}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\temp\7zsb7aa.tmp\symnrt.exe | 

"{1041AF47-CC5E-429C-B4EE-70B5F35A20B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{11331A99-4881-4A2D-86DA-128C404DC677}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\vghd\bin\vghd.exe | 

"{1872FA29-E71E-4BA3-9F0E-AD20161B4D1C}" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\temp\7zsb7aa.tmp\symnrt.exe | 

"{2F2AF9E1-CE6F-46D4-8332-12352B3A0BDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{37D24F01-08CB-4704-A17E-BD44C8AFC87D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{3A91E56B-64CD-4531-BCA1-5B05C7D87936}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{3D6A86CD-7909-4BAE-8B70-246822ECE2C7}" = protocol=6 | dir=in | app=c:\users\kevin\desktop\modio_3.0\modio\modio.exe | 

"{44C25CD8-14A2-4B0F-8395-32AEF9858708}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3 - serious chaos trailer\smp.exe | 

"{48405E7D-577F-4043-894A-180FF1B161E6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{4A9B5760-D17B-49FA-9A88-1AEC85C47788}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe | 

"{4DADA237-4508-471D-9918-3A0DBC7E6215}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4F36E53D-957F-4D38-928C-11D479535B83}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{5580711C-3AEE-460A-8ED5-A55C93E4D64E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3 - serious chaos trailer\smp.exe | 

"{56B747B9-1017-465F-9745-C9A068DF876F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{5D8C0EF2-832B-4836-BA6E-0D7D9415DFE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe | 

"{63F14725-5622-4B5C-85C9-4025C294B8A1}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{69329827-9A3D-48CC-959B-A896E3A43C20}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{6E834BD3-422E-44D7-912D-B1A1615AC395}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{6F06C9BD-E5EA-48A1-AD3E-38718A210B62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{716DE0CA-97DF-466A-ACE7-B53D195A2E42}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{7A63823E-E2AB-46D5-BAA7-2D8A35D23FA8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{7E49D09A-5747-4C58-BAC7-0F64F6FEC734}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 

"{8EAC16DF-C938-41C3-8B84-43D9DB9243FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3 - serious chaos trailer\smp.exe | 

"{A29C8DDB-A9FE-41CB-9C21-DB0421F1BEFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{A6BB2E20-9C4D-461D-BFA5-8EE487F6FF35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{AF3AFFC5-40F9-4DB5-8902-8F05EB34CA25}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{B31E0004-AE30-447E-8549-65BE105D3D4F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{B3CF3D9E-14AA-4717-A3D8-58DCC9B94A3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe | 

"{B5331D9E-512A-4725-8690-43683822ACD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{B9E7E0B7-B248-415B-9BE1-6E20954426E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe | 

"{B9F44094-9B18-4D12-A98B-1241D8B281F0}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{C38FA7A0-7C73-4BB9-B2BA-C5336478D1FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe | 

"{CBB63187-159B-4A05-AFB0-E9E4E4111A9E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{CD28EEA6-CE7D-45D6-AD6B-A0D1219427B0}" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\vghd\bin\vghd.exe | 

"{CE7ECF1C-3F12-427E-81A2-9E974B7410D7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 

"{CEDA5F4F-E833-4DAD-9AF8-5C253DA194B5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{DBB82DA9-B4D4-4FCD-AAA8-20ACF2B93CF5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{DD9938D5-4A00-476D-989D-5427BDB5DB89}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E38210BE-CF98-4A35-8BA7-5DB77F3E148C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3 - serious chaos trailer\smp.exe | 

"{ECA43105-D28D-4FB2-A431-9A7F4939F5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{ECC4D6BA-29EA-494E-AA45-B47CC40E0BF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{F106935E-10A8-4B70-9545-EB2C0A8F772C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{FAE4A6E6-2DB6-4D62-B5D1-3EDC660B83DB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{FBE4F24D-2038-4C37-831E-2C7DD92813A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"TCP Query User{E953DE4E-EBC7-48E5-9715-D2D6D8CD309B}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe | 

"TCP Query User{FF755883-EC0A-4022-9DE5-63BE8FCC3D7C}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe | 

"UDP Query User{8E66494E-AB8F-47B8-96F4-BE06C8C1C352}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe | 

"UDP Query User{A23A2C21-49CD-4FD9-A508-82050B89D45D}C:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\vghd\bin\virtuagirl_downloader.exe | 

 

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.44

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.44

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 267.44

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SearchAnonymizer" = SearchAnonymizer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook

"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5169D2E2-0B94-3320-8C7A-718F92BE20CE}" = Microsoft Visual Basic PowerPacks 1.2

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost

"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER

"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch

"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CBB0ABFB-4668-4172-952D-2CEF5C14F4D2}" = Command & Conquer™ Die ersten 10 Jahre-Patch 1.02

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}" = TOSHIBA ConfigFree

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"3DataManager" = 3DataManager

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Any Video Converter_is1" = Any Video Converter 3.4.1

"conduitEngine" = Conduit Engine

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook

"Free Audio Converter_is1" = Free Audio Converter version 2.3.2.804

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NIS" = Norton Internet Security

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"RealPlayer 12.0" = RealPlayer

"Songbird-release-2311" = Songbird 2.0.0 (Build 2311)

"Steam App 39260" = FINAL FANTASY XI: Ultimate Collection - Abyssea Edition

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Warcraft III" = Warcraft III

"WavePad" = WavePad Audiobearbeitungs-Software

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-01bd991c-1470-4ef0-a174-0d71be58f927" = Chicken Invaders 3 - Revenge of the Yolk

"WTA-3920e22a-03da-4af8-9e26-dd4426eaf690" = Final Drive: Nitro

"WTA-6b7a5fcf-cdd8-40f7-a8d7-fb15160d1418" = Bejeweled 2 Deluxe

"WTA-6df6cb39-3dec-45d8-816b-4d494d7b9b44" = Zuma Deluxe

"WTA-88f2e720-8854-422c-9c11-12e1989ff105" = Penguins!

"WTA-8e37611f-0667-4c26-924b-a69124fda92f" = Chuzzle Deluxe

"WTA-9426cee1-1361-4793-996e-1e08f0b7e68b" = Slingo Deluxe

"WTA-bfa36b20-caac-423c-bbda-ad4a62404b67" = Insaniquarium Deluxe

"WTA-c65b7868-a924-43c0-8b02-d258b353107e" = Wedding Dash 2 - Rings Around the World

"WTA-c73e6abf-c860-42a2-8802-591a8658d489" = Bejeweled 3

"WTA-ced71cf4-13e2-4fad-839b-b5d553d65ccc" = Diner Dash 2 Restaurant Rescue

"WTA-e32aa95f-8328-47a5-abe6-debc4b8f4784" = FATE

"WTA-e47f0222-e398-420e-ba02-b7db351caa1a" = Polar Bowler

"WTA-eaa2ce22-f430-4ccd-8fcc-f180370f5f99" = Plants vs. Zombies - Game of the Year

 

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

 

[HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"VirtuaGirl_is1" = VirtuaGirl Version 1.1.0.12

"Warcraft III" = Warcraft III: All Products

 

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

 

[HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"VirtuaGirl_is1" = VirtuaGirl Version 1.1.0.12

"Warcraft III" = Warcraft III: All Products

 

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

 

[ Application Events ]

Error - 6/26/2012 2:07:17 PM | Computer Name = Kevin-TOSH | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: 

 

Error - 6/30/2012 9:27:26 AM | Computer Name = Kevin-TOSH | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: 

 

Error - 7/3/2012 4:16:14 AM | Computer Name = Kevin-TOSH | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: 

 

Error - 7/4/2012 7:17:58 PM | Computer Name = Kevin-TOSH | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: 

 

Error - 7/11/2012 12:56:09 PM | Computer Name = Kevin-TOSH | Source = WinMgmt | ID = 10

Description = 

 

Error - 7/11/2012 12:57:01 PM | Computer Name = Kevin-TOSH | Source = Application Hang | ID = 1002

Description = Programm mshta.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1118    Startzeit:

 01cd5f85f741c9de    Endzeit: 0    Anwendungspfad: C:\windows\SysWOW64\mshta.exe    Berichts-ID:

 479bd559-cb79-11e1-8b08-b870f4607654  

 

Error - 7/11/2012 12:58:35 PM | Computer Name = Kevin-TOSH | Source = TOSHIBA Service Station | ID = 0

Description = TSS Load: could not communicate with TMachInfo service

 

Error - 7/17/2012 12:29:50 PM | Computer Name = Kevin-TOSH | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: 

 

Error - 7/17/2012 3:30:27 PM | Computer Name = Kevin-TOSH | Source = WinMgmt | ID = 10

Description = 

 

Error - 7/23/2012 12:09:15 PM | Computer Name = Kevin-TOSH | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 12d8    Startzeit: 01cd68e82c74bd9f    Endzeit: 125    Anwendungspfad:

 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   

 

Error - 7/23/2012 1:36:33 PM | Computer Name = Kevin-TOSH | Source = WinMgmt | ID = 10

Description = 

 

[ Media Center Events ]

Error - 9/13/2011 5:15:03 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 23:15:03 - Fehler beim Herstellen der Internetverbindung.  23:15:03 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/13/2011 5:15:09 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 23:15:09 - Fehler beim Herstellen der Internetverbindung.  23:15:09 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 1:39:58 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 19:39:58 - Fehler beim Herstellen der Internetverbindung.  19:39:58 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 1:40:04 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 19:40:03 - Fehler beim Herstellen der Internetverbindung.  19:40:03 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 2:43:32 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 20:42:33 - Fehler beim Herstellen der Internetverbindung.  20:42:33 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 2:47:06 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 20:43:52 - Fehler beim Herstellen der Internetverbindung.  20:43:52 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 3:46:37 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 21:46:37 - Fehler beim Herstellen der Internetverbindung.  21:46:37 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 3:46:49 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 21:46:43 - Fehler beim Herstellen der Internetverbindung.  21:46:43 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 4:46:51 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 22:46:51 - Fehler beim Herstellen der Internetverbindung.  22:46:51 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 9/21/2011 4:46:57 PM | Computer Name = Kevin-TOSH | Source = MCUpdate | ID = 0

Description = 22:46:56 - Fehler beim Herstellen der Internetverbindung.  22:46:56 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 7/10/2012 3:03:28 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/10/2012 3:04:05 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/10/2012 3:04:05 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/10/2012 6:54:22 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/11/2012 12:31:42 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/11/2012 12:31:42 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/11/2012 12:55:07 PM | Computer Name = Kevin-TOSH | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 7/11/2012 12:57:04 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

Error - 7/11/2012 1:02:55 PM | Computer Name = Kevin-TOSH | Source = Service Control Manager | ID = 7022

Description = Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

 

Error - 7/11/2012 6:13:18 PM | Computer Name = Kevin-TOSH | Source = ipnathlp | ID = 31004

Description = 

 

 

< End of report >

Ich hoffe, dass ich alles richtig gepostet hab und danke euch schonmal im voraus für Eure Hilfe!!

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Okay hier ist das ESET-Log. Ist das das richtige?

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Der Scan dauerte über 6 Stunden und hat 2 Treffer gefunden mit ransom.b trojan
ich kenn mich da leider nicht aus und hoffe das hilft.

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Tut mir Leid konnte diese Woche wegen Arbeit nicht reinschauen. Ich mach den Scan nochmal und poste dann das Log.

Ok hier ist das neue ESET LOG:

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=844c7ee9b5ff884db6cbb3d4494af58f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-29 08:21:00

# local_time=2012-08-29 10:21:00 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3588 16777214 85 67 143035 14923089 0 0

# compatibility_mode=5893 16776574 100 94 33564534 97846023 0 0

# compatibility_mode=8192 67108863 100 0 837390 837390 0 0

# scanned=274055

# found=6

# cleaned=0

# scan_time=12288

C:\$RECYCLE.BIN\S-1-5-21-920081731-557011817-1691672322-1001\$RS2HNHI.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

C:\ProgramData\rsiogkxqxettjhl\main.html        HTML/Ransom.B trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\All Users\rsiogkxqxettjhl\main.html        HTML/Ransom.B trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQDIKE90\FreeYouTubetoMP3Converter.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Kevin\AppData\Local\Temp\jar_cache5749146725370766944.tmp        Java/Exploit.Agent.NDB trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Kevin\AppData\Local\Temp\is-BIAHE.tmp\OCSetupHlp.dll        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

Ich hoffe, dass es jetzt stimmt.
Sry für Doppelpost.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Ok hier ist das adw cleaner log:

Code:

# AdwCleaner v1.801 - Logfile created 08/31/2012 at 13:13:06

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Kevin - KEVIN-TOSH

# Boot Mode : Normal

# Running from : C:\Users\Kevin\Desktop\adwCleaner1801.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Kevin\AppData\Local\Conduit

Folder Found : C:\Users\Kevin\AppData\Local\vghd

Folder Found : C:\Users\Kevin\AppData\LocalLow\Conduit

Folder Found : C:\Users\Kevin\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB

Folder Found : C:\Users\Kevin\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Kevin\AppData\LocalLow\Softonic

Folder Found : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\ConduitEngine

Folder Found : C:\Program Files (x86)\DVDVideoSoftTB

File Found : C:\user.js
 

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\conduitEngine

Key Found : HKLM\SOFTWARE\conduitEngine

Key Found : HKLM\SOFTWARE\DVDVideoSoftTB

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit

[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong

[x64] Key Found : HKCU\Software\AppDataLow\Toolbar

[x64] Key Found : HKCU\Software\Conduit

[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

[x64] Key Found : HKLM\SOFTWARE\Software
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60757BDE-F16E-4D43-8A71-9FD72A0F2998}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562CEF75-F09F-40F0-8253-1DB0AB096E5A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97B075D1-25D7-40AF-8DD8-EF5C24EC86D5}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v12.0 (en-US)
 

Profile name : default 

File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\prefs.js
 

Found : user_pref("extensions.Softonic.admin", false);

Found : user_pref("extensions.Softonic.aflt", "SD");

Found : user_pref("extensions.Softonic.autoRvrt", "false");

Found : user_pref("extensions.Softonic.cntry", "AT");

Found : user_pref("extensions.Softonic.cv", "cv5");

Found : user_pref("extensions.Softonic.dfltLng", "de");

Found : user_pref("extensions.Softonic.envrmnt", "production");

Found : user_pref("extensions.Softonic.excTlbr", false);

Found : user_pref("extensions.Softonic.hdrMd5", "F8120948C47546B90C956EFD3A22D0C5");

Found : user_pref("extensions.Softonic.hmpg", false);

Found : user_pref("extensions.Softonic.id", "687e0c9d000000000000f2df9a395f3e");

Found : user_pref("extensions.Softonic.instlDay", "15552");

Found : user_pref("extensions.Softonic.instlRef", "MON1207T10");

Found : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.323:45:25");

Found : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

Found : user_pref("extensions.Softonic.newTab", false);

Found : user_pref("extensions.Softonic.prdct", "Softonic");

Found : user_pref("extensions.Softonic.prtnrId", "softonic");

Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]

Found : user_pref("extensions.Softonic.sg", "az");

Found : user_pref("extensions.Softonic.smplGrp", "none");

Found : user_pref("extensions.Softonic.tlbrId", "base");

Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1207T10/tb_v1?SearchSour[...]

Found : user_pref("extensions.Softonic.vrsn", "1.6.4.3");

Found : user_pref("extensions.Softonic.vrsnTs", "1.6.4.323:45:25");

Found : user_pref("extensions.Softonic.vrsni", "1.6.4.3");

Found : user_pref("extensions.Softonic_i.newTab", false);

Found : user_pref("extensions.Softonic_i.smplGrp", "none");

Found : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.323:45:25");

Found : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]
 

-\\ Google Chrome v [Unable to get version]
 

File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [8422 octets] - [31/08/2012 13:13:06]
 

########## EOF - C:\AdwCleaner[R1].txt - [8550 octets] ##########

Warum nimmst du eine alte Version? In der Anleitung steht doch extra du sollst den adwCleaner runterladen und extra verlinkt hab ich den auch noch :confused:

Tut mir Leid aber der Link hat bei mir mit IE nicht funktioniert. Ich hab ihn jetzt nochmal mit firefox geöffnet und adw von dort runtergeladen und ausgeführt.

Code:

# AdwCleaner v2.000 - Datei am 08/31/2012 um 21:20:07 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Kevin - KEVIN-TOSH

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9A7Q0JRY\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\user.js

Ordner Gefunden : C:\Program Files (x86)\Conduit

Ordner Gefunden : C:\Program Files (x86)\ConduitEngine

Ordner Gefunden : C:\Program Files (x86)\DVDVideoSoftTB

Ordner Gefunden : C:\Users\Kevin\AppData\Local\Conduit

Ordner Gefunden : C:\Users\Kevin\AppData\Local\vghd

Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\Conduit

Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\ConduitEngine

Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB

Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\PriceGong

Ordner Gefunden : C:\Users\Kevin\AppData\LocalLow\Softonic

Ordner Gefunden : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar

Schlüssel Gefunden : HKCU\Software\Conduit

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Schlüssel Gefunden : HKLM\Software\Conduit

Schlüssel Gefunden : HKLM\Software\conduitEngine

Schlüssel Gefunden : HKLM\Software\conduitEngine

Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562CEF75-F09F-40F0-8253-1DB0AB096E5A}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60757BDE-F16E-4D43-8A71-9FD72A0F2998}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97B075D1-25D7-40AF-8DD8-EF5C24EC86D5}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Software

Schlüssel Gefunden : HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v12.0 (en-US)
 

Profilname : default 

Datei : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\prefs.js
 

Gefunden : user_pref("extensions.Softonic.admin", false);

Gefunden : user_pref("extensions.Softonic.aflt", "SD");

Gefunden : user_pref("extensions.Softonic.autoRvrt", "false");

Gefunden : user_pref("extensions.Softonic.cntry", "AT");

Gefunden : user_pref("extensions.Softonic.cv", "cv5");

Gefunden : user_pref("extensions.Softonic.dfltLng", "de");

Gefunden : user_pref("extensions.Softonic.envrmnt", "production");

Gefunden : user_pref("extensions.Softonic.excTlbr", false);

Gefunden : user_pref("extensions.Softonic.hdrMd5", "F8120948C47546B90C956EFD3A22D0C5");

Gefunden : user_pref("extensions.Softonic.hmpg", false);

Gefunden : user_pref("extensions.Softonic.id", "687e0c9d000000000000f2df9a395f3e");

Gefunden : user_pref("extensions.Softonic.instlDay", "15552");

Gefunden : user_pref("extensions.Softonic.instlRef", "MON1207T10");

Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.323:45:25");

Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

Gefunden : user_pref("extensions.Softonic.newTab", false);

Gefunden : user_pref("extensions.Softonic.prdct", "Softonic");

Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");

Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]

Gefunden : user_pref("extensions.Softonic.sg", "az");

Gefunden : user_pref("extensions.Softonic.smplGrp", "none");

Gefunden : user_pref("extensions.Softonic.tlbrId", "base");

Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1207T10/tb_v1?SearchSour[...]

Gefunden : user_pref("extensions.Softonic.vrsn", "1.6.4.3");

Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.6.4.323:45:25");

Gefunden : user_pref("extensions.Softonic.vrsni", "1.6.4.3");

Gefunden : user_pref("extensions.Softonic_i.newTab", false);

Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");

Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.323:45:25");

Gefunden : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]
 

-\\ Google Chrome v [Version kann nicht ermittelt werden]
 

Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [8517 octets] - [31/08/2012 13:13:06]

AdwCleaner[R2].txt - [8577 octets] - [31/08/2012 21:15:20]

AdwCleaner[R3].txt - [9026 octets] - [31/08/2012 21:20:07]
 

########## EOF - C:\AdwCleaner[R3].txt - [9086 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Tut mir Leid weil ich auch am Wochenende arbeite hab ich nicht immer Zeit.

Hier ist das adw cleaner log

Code:

# AdwCleaner v2.000 - Datei am 09/02/2012 um 20:15:43 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Kevin - KEVIN-TOSH

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\Kevin\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\user.js

Ordner Gelöscht : C:\Users\Kevin\AppData\Local\vghd

Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\ConduitEngine

Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB

Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\Kevin\AppData\LocalLow\Softonic

Ordner Gelöscht : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\extensions\ffxtlbra@softonic.com
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\conduitEngine

Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43D650E1-16AF-4196-9AFB-4B0282C0C1D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562CEF75-F09F-40F0-8253-1DB0AB096E5A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60757BDE-F16E-4D43-8A71-9FD72A0F2998}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97B075D1-25D7-40AF-8DD8-EF5C24EC86D5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Software

Schlüssel Gelöscht : HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

-\\ Mozilla Firefox v12.0 (en-US)
 

Profilname : default 

Datei : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\prefs.js
 

C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lo7btcah.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("extensions.Softonic.admin", false);

Gelöscht : user_pref("extensions.Softonic.aflt", "SD");

Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");

Gelöscht : user_pref("extensions.Softonic.cntry", "AT");

Gelöscht : user_pref("extensions.Softonic.cv", "cv5");

Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");

Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");

Gelöscht : user_pref("extensions.Softonic.excTlbr", false);

Gelöscht : user_pref("extensions.Softonic.hdrMd5", "F8120948C47546B90C956EFD3A22D0C5");

Gelöscht : user_pref("extensions.Softonic.hmpg", false);

Gelöscht : user_pref("extensions.Softonic.id", "687e0c9d000000000000f2df9a395f3e");

Gelöscht : user_pref("extensions.Softonic.instlDay", "15552");

Gelöscht : user_pref("extensions.Softonic.instlRef", "MON1207T10");

Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.4.323:45:25");

Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

Gelöscht : user_pref("extensions.Softonic.newTab", false);

Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");

Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");

Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]

Gelöscht : user_pref("extensions.Softonic.sg", "az");

Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");

Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");

Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1207T10/tb_v1?SearchSour[...]

Gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.4.3");

Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.4.323:45:25");

Gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.4.3");

Gelöscht : user_pref("extensions.Softonic_i.newTab", false);

Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");

Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.4.323:45:25");

Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198c[...]
 

-\\ Google Chrome v [Version kann nicht ermittelt werden]
 

Datei : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [8517 octets] - [31/08/2012 13:13:06]

AdwCleaner[R2].txt - [8577 octets] - [31/08/2012 21:15:20]

AdwCleaner[R3].txt - [9151 octets] - [31/08/2012 21:20:07]

AdwCleaner[S1].txt - [376 octets] - [02/09/2012 20:09:01]

AdwCleaner[S2].txt - [376 octets] - [02/09/2012 20:10:36]

AdwCleaner[R4].txt - [9040 octets] - [02/09/2012 20:15:22]

AdwCleaner[S3].txt - [8873 octets] - [02/09/2012 20:15:43]
 

########## EOF - C:\AdwCleaner[S3].txt - [8933 octets] ##########

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bei mir geht alles wieder ganz normal seit ich Malwarebytes ausgeführt habe und bis jetzt ist mir noch nicht aufgefallen, dass etwas fehlt.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier ist das OTL Log:

Code:

OTL logfile created on: 9/4/2012 10:19:53 PM - Run 2

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Kevin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

7.91 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 68.69% Memory free

15.82 Gb Paging File | 13.00 Gb Available in Paging File | 82.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.20 Gb Total Space | 446.49 Gb Free Space | 65.45% Space Free | Partition Type: NTFS

 

Computer Name: KEVIN-TOSH | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (SearchAnonymizer) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys (Symantec Corporation)

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (DVB7700ALL) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)

DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)

DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)

DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)

DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)

DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120903.025\ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120903.025\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120831.001\IDSviA64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120823.007\BHDrvx64.sys (Symantec Corporation)

DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{7CF3FA9B-4D75-4A99-9D05-0092AFDC9FD2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comoestamos.com/search/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{68A72E44-9F07-436B-ADC8-000512CCE1DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = hxxp://www.comoestamos.com/search/searchgoogle.asp?q={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\UpdatusUser\Desktop

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kevin\Desktop

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT448

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/22 00:55:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/08/16 04:43:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/09/02 20:21:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 19:57:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/26 19:15:29 | 000,000,000 | ---D | M]

 

[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions

[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com

[2012/09/02 20:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions

[2012/08/20 21:18:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/04/20 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

File not found (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\EXTENSIONS\FFXTLBRA@SOFTONIC.COM

[2012/04/25 19:57:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: preisspion.de = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.0_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2011/09/10 05:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: []  File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk =  File not found

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Mcx1-KEVIN-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.28.128.34 195.96.0.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1EFD16-CBA1-4C51-9DE0-2DD4AFBFE634}: DhcpNameServer = 81.28.128.34 195.96.0.3

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: WudfRd - Driver

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WudfRd - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfRd - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfRd - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{193E3B0D-2BA7-44D7-BEF1-DC8545885B0F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/08/30 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\WillowTree#-2.2.1.102

[2012/08/26 19:13:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/20 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/08/20 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012/08/20 21:18:26 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/08/19 14:23:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Virenkiller logs

[2012/08/19 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/17 08:55:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/08/17 08:55:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/08/17 08:55:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/08/17 08:55:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/08/17 08:55:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/08/17 08:55:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/08/17 08:55:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/08/17 08:55:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/08/17 08:55:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/08/17 08:55:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/08/17 08:55:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/08/17 08:54:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/08/17 08:54:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/08/17 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2012/08/16 04:47:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll

[2012/08/16 04:47:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll

[2012/08/16 04:46:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2012/08/16 04:46:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2012/08/16 04:46:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe

[2012/08/16 04:46:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll

[2012/08/16 04:46:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll

[2012/08/16 04:46:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll

[2012/08/16 04:42:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/16 04:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/08/16 04:41:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/08/16 04:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2012/08/16 04:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/08/16 03:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\ff11

[2012/08/16 03:47:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe

[2012/08/16 02:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2012/08/16 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/16 02:56:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/16 02:56:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/16 01:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\rsiogkxqxettjhl

[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Songbird2

[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Songbird2

[2012/08/14 12:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird

[2012/08/14 12:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird

[2012/08/08 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Skyrim

[2012/08/08 08:38:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll

[2012/08/08 08:38:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll

[2012/08/08 08:38:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll

[2012/08/08 08:38:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll

[2012/08/08 08:38:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll

[2012/08/08 08:38:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll

[2012/08/08 08:38:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll

[2012/08/08 08:38:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll

[2012/08/08 08:38:37 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll

[2012/08/08 08:38:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll

[2012/08/08 08:38:37 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll

[2012/08/08 08:38:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll

[2012/08/08 08:38:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll

[2012/08/08 08:38:36 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll

[2012/08/08 08:38:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll

[2012/08/08 08:38:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll

[2012/08/08 08:38:35 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll

[2012/08/08 08:38:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll

[2012/08/08 08:38:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll

[2012/08/08 08:38:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll

[2012/08/08 08:38:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll

[2012/08/08 08:38:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll

[2012/08/08 08:38:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll

[2012/08/08 08:38:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll

[2012/08/08 08:38:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll

[2012/08/08 08:38:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll

[2012/08/08 08:38:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll

[2012/08/08 08:38:30 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll

[2012/08/08 08:38:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll

[2012/08/08 08:38:30 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll

[2012/08/08 08:38:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll

[2012/08/08 08:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll

[2012/08/08 08:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll

[2012/08/08 08:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll

[2012/08/08 08:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll

[2012/08/08 08:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll

[2012/08/08 08:38:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll

[2012/08/08 08:38:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll

[2012/08/08 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Games

[2012/08/07 02:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[2012/08/06 05:54:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\XboxMB

[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\windows\XSxS

[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Xenocode

[2012/08/06 05:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode

[2012/08/06 05:53:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Downloads

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/09/04 22:15:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/09/04 12:06:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/09/04 11:44:28 | 085,196,800 | ---- | M] () -- C:\Users\Kevin\Desktop\TN_00033_-_382Mb.mp4.9u13woz.partial

[2012/09/03 11:56:06 | 001,614,892 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/09/03 11:56:06 | 000,697,534 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/09/03 11:56:06 | 000,652,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/09/03 11:56:06 | 000,148,540 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/09/03 11:56:06 | 000,121,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/09/02 20:29:59 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/02 20:29:59 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/02 20:18:54 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/02 20:08:26 | 000,511,265 | ---- | M] () -- C:\Users\Kevin\Desktop\adwcleaner.exe

[2012/09/02 01:29:18 | 000,102,400 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0004.sav

[2012/09/02 01:20:53 | 000,106,496 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0004.sav.bak1

[2012/08/31 23:36:18 | 000,155,648 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0003.sav.bak1

[2012/08/30 09:03:38 | 000,000,211 | ---- | M] () -- C:\Users\Kevin\Desktop\Wicked MA.url

[2012/08/29 06:47:24 | 000,000,219 | ---- | M] () -- C:\Users\Kevin\Desktop\ESET Online Scanner.url

[2012/08/26 19:15:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/26 16:21:46 | 000,000,190 | ---- | M] () -- C:\Users\Kevin\Desktop\Anime Online Database - Anime Videos Reviews Pictures Forums And More.url

[2012/08/26 15:34:06 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/08/26 15:34:06 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/24 04:41:55 | 001,524,173 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB

[2012/08/19 21:10:58 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/08/17 09:15:01 | 000,002,512 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/17 09:14:28 | 000,276,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/08/16 04:42:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/16 04:42:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/16 04:42:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/16 04:30:46 | 000,921,344 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe

[2012/08/16 04:17:09 | 000,002,046 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

[2012/08/16 03:47:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe

[2012/08/16 02:56:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/16 02:56:26 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/16 01:29:48 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038

[2012/08/16 01:25:07 | 000,000,051 | ---- | M] () -- C:\ProgramData\oewjvtfvpnesgyz

[2012/08/14 12:37:17 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk

[2012/08/10 07:28:35 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini

[2012/08/08 14:02:08 | 016,314,368 | ---- | M] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs

[2012/08/08 09:00:08 | 000,000,221 | ---- | M] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/09/04 11:21:54 | 085,196,800 | ---- | C] () -- C:\Users\Kevin\Desktop\TN_00033_-_382Mb.mp4.9u13woz.partial

[2012/09/02 20:08:08 | 000,511,265 | ---- | C] () -- C:\Users\Kevin\Desktop\adwcleaner.exe

[2012/09/02 01:28:25 | 000,106,496 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0004.sav.bak1

[2012/09/02 01:20:53 | 000,102,400 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0004.sav

[2012/08/31 23:42:49 | 000,155,648 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0003.sav.bak1

[2012/08/30 09:03:38 | 000,000,211 | ---- | C] () -- C:\Users\Kevin\Desktop\Wicked MA.url

[2012/08/29 06:47:24 | 000,000,219 | ---- | C] () -- C:\Users\Kevin\Desktop\ESET Online Scanner.url

[2012/08/16 23:00:36 | 000,000,190 | ---- | C] () -- C:\Users\Kevin\Desktop\Anime Online Database - Anime Videos Reviews Pictures Forums And More.url

[2012/08/16 04:42:37 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/16 04:42:37 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/16 04:42:31 | 000,002,512 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/16 04:30:17 | 000,921,344 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe

[2012/08/16 02:56:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/16 01:25:00 | 000,000,051 | ---- | C] () -- C:\ProgramData\oewjvtfvpnesgyz

[2012/08/14 12:37:17 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk

[2012/08/08 14:00:44 | 016,314,368 | ---- | C] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs

[2012/08/08 09:00:08 | 000,000,221 | ---- | C] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url

[2012/06/17 23:22:41 | 000,000,300 | ---- | C] () -- C:\windows\ACTIVEJP.INI

[2012/01/24 04:49:22 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat

[2011/09/10 05:47:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2011/09/10 05:47:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2011/09/10 05:47:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2011/09/10 05:47:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2011/09/10 05:47:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2011/09/02 15:07:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/09/02 14:52:25 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\treeskp.sys

[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\sbacknt.bin

[2011/08/06 18:24:27 | 001,592,786 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/06 14:20:04 | 000,059,685 | ---- | C] () -- C:\windows\War3Unin.dat

[2011/06/17 06:12:01 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2011/04/05 05:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/05 05:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/04/05 05:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/02/04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2010/11/09 21:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012/03/24 13:36:03 | 000,000,000 | -HSD | M] -- C:\Users\Kevin\AppData\Roaming\.#

[2011/08/11 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\3DataManager

[2011/08/13 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe

[2012/07/30 17:22:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AnvSoft

[2012/02/18 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Clickteam

[2011/08/13 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Datel

[2012/06/19 02:25:14 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DivX

[2012/08/25 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft

[2012/08/20 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/08/06 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities

[2011/04/12 04:33:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia

[2012/08/16 02:57:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs

[2012/08/16 02:05:27 | 000,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft

[2012/04/20 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla

[2012/08/16 02:12:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Software

[2011/08/30 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Swift Sound

[2011/11/16 18:54:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Nero

[2011/08/29 23:09:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OCS

[2011/08/29 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Opera

[2011/08/11 16:27:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips

[2011/08/10 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips-Songbird

[2011/08/10 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Program Files (x86)

[2012/05/28 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Real

[2012/03/29 16:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype

[2012/07/11 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SoftGrid Client

[2012/08/14 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2

[2011/08/07 01:39:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba

[2011/08/06 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TOSHIBA Online Product Information

[2011/08/06 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TP

[2012/07/31 23:12:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\vlc

[2011/08/06 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch

 
 < %APPDATA%\*.exe /s >

[2010/09/20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kevin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2007/08/29 15:36:06 | 000,167,424 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe

[2008/02/13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe

[2011/04/20 11:16:26 | 000,985,088 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\ffmpeg11\x264stub.exe

[2011/09/05 14:22:58 | 001,270,801 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\x264enc2\x264enc2.exe

[2011/08/29 23:09:00 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

[2011/08/29 23:09:00 | 000,040,960 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[2012/07/12 04:03:46 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe

[2012/06/28 07:50:02 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe

[2012/06/05 14:56:14 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys

[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <          Schliesse bitte nun alle Programme. (Wichtig)  >

 
 < Klicke nun bitte auf den Quick Scan Button >

 
 ========== Files - Unicode (All) ==========

[2012/02/18 13:33:45 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説

[2012/02/18 13:20:16 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説
 

< End of report >

Code:

Version 3.2.57.0

Die Anleitungen bitte sorgfältig lesen und richtig umsetzen!
Du solltest OTL vorher neu runterladen!

Ich hoffe das ist jetzt das richtige.

Code:

OTL logfile created on: 9/5/2012 10:13:00 PM - Run 3

OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\Kevin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

7.91 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 63.61% Memory free

15.82 Gb Paging File | 12.71 Gb Available in Paging File | 80.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.20 Gb Total Space | 445.99 Gb Free Space | 65.37% Space Free | Partition Type: NTFS

 

Computer Name: KEVIN-TOSH | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Kevin\Desktop\OTL (2).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (SearchAnonymizer) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys (Symantec Corporation)

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (DVB7700ALL) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)

DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)

DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)

DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)

DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)

DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120904.032\ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120904.032\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120901.001\IDSviA64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120823.007\BHDrvx64.sys (Symantec Corporation)

DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{7CF3FA9B-4D75-4A99-9D05-0092AFDC9FD2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.comoestamos.com/search/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{68A72E44-9F07-436B-ADC8-000512CCE1DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{76434FE2-B79A-4DFE-A374-D716B8B03CF7}: "URL" = hxxp://www.comoestamos.com/search/searchgoogle.asp?q={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\UpdatusUser\Desktop

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Kevin\Desktop

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes,DefaultScope = {9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT448

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9A30E5D9-3E33-4843-8EEE-8A9FF24AAE7E}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D5453484D44462670633D4D41544D267372633D49452D536561726368426F78&st={searchTerms}&clid=28394ff9-4ab2-4cd2-a86c-451c91f5a49e&pid=freewarede&k=0

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{9F93CD32-55F1-4FC2-A524-533632037C8B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\SearchScopes\{A123577E-908F-4CDB-972F-5B11A46D54FD}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

IE - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/22 00:55:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/08/16 04:43:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/09/02 20:21:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 19:57:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/26 19:15:29 | 000,000,000 | ---D | M]

 

[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions

[2011/08/10 17:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com

[2012/09/02 20:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions

[2012/08/20 21:18:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\lo7btcah.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/04/20 23:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

File not found (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\EXTENSIONS\FFXTLBRA@SOFTONIC.COM

[2012/04/25 19:57:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: preisspion.de = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.0_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: No name found = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2011/09/10 05:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: []  File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk =  File not found

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Mcx1-KEVIN-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.28.128.34 195.96.0.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E1EFD16-CBA1-4C51-9DE0-2DD4AFBFE634}: DhcpNameServer = 81.28.128.34 195.96.0.3

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: WudfRd - Driver

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WudfRd - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfRd - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfRd - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{193E3B0D-2BA7-44D7-BEF1-DC8545885B0F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/09/05 22:15:06 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe

[2012/09/05 22:11:33 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL (2).exe

[2012/08/30 15:46:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\WillowTree#-2.2.1.102

[2012/08/26 19:13:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/20 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/08/20 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012/08/20 21:18:26 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/08/19 14:23:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Virenkiller logs

[2012/08/19 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/17 08:55:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/08/17 08:55:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/08/17 08:55:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/08/17 08:55:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/08/17 08:55:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/08/17 08:55:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/08/17 08:55:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/08/17 08:55:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/08/17 08:55:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/08/17 08:55:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/08/17 08:55:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/08/17 08:54:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/08/17 08:54:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/08/17 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2012/08/16 04:47:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll

[2012/08/16 04:47:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll

[2012/08/16 04:46:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2012/08/16 04:46:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2012/08/16 04:46:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe

[2012/08/16 04:46:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll

[2012/08/16 04:46:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll

[2012/08/16 04:46:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll

[2012/08/16 04:42:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/16 04:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/08/16 04:41:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/08/16 04:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2012/08/16 04:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/08/16 03:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\ff11

[2012/08/16 02:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2012/08/16 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/16 02:56:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/16 02:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/16 02:56:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/16 01:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\rsiogkxqxettjhl

[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Songbird2

[2012/08/14 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Songbird2

[2012/08/14 12:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird

[2012/08/14 12:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird

[2012/08/08 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Skyrim

[2012/08/08 08:38:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll

[2012/08/08 08:38:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll

[2012/08/08 08:38:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll

[2012/08/08 08:38:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll

[2012/08/08 08:38:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll

[2012/08/08 08:38:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll

[2012/08/08 08:38:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll

[2012/08/08 08:38:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll

[2012/08/08 08:38:37 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll

[2012/08/08 08:38:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll

[2012/08/08 08:38:37 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll

[2012/08/08 08:38:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll

[2012/08/08 08:38:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll

[2012/08/08 08:38:36 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll

[2012/08/08 08:38:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll

[2012/08/08 08:38:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll

[2012/08/08 08:38:35 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll

[2012/08/08 08:38:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll

[2012/08/08 08:38:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll

[2012/08/08 08:38:32 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll

[2012/08/08 08:38:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll

[2012/08/08 08:38:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll

[2012/08/08 08:38:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll

[2012/08/08 08:38:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll

[2012/08/08 08:38:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll

[2012/08/08 08:38:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll

[2012/08/08 08:38:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll

[2012/08/08 08:38:30 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll

[2012/08/08 08:38:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll

[2012/08/08 08:38:30 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll

[2012/08/08 08:38:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll

[2012/08/08 08:38:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll

[2012/08/08 08:38:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll

[2012/08/08 08:38:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll

[2012/08/08 08:38:26 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll

[2012/08/08 08:38:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll

[2012/08/08 08:38:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll

[2012/08/08 08:38:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll

[2012/08/08 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Games

[2012/08/07 02:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/09/05 22:15:12 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe

[2012/09/05 22:12:00 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL (2).exe

[2012/09/05 22:09:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/09/05 11:06:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/09/03 11:56:06 | 001,614,892 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/09/03 11:56:06 | 000,697,534 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/09/03 11:56:06 | 000,652,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/09/03 11:56:06 | 000,148,540 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/09/03 11:56:06 | 000,121,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/09/02 20:29:59 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/02 20:29:59 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/02 20:18:54 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/02 20:08:26 | 000,511,265 | ---- | M] () -- C:\Users\Kevin\Desktop\adwcleaner.exe

[2012/09/02 01:29:18 | 000,102,400 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0004.sav

[2012/09/02 01:20:53 | 000,106,496 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0004.sav.bak1

[2012/08/31 23:36:18 | 000,155,648 | ---- | M] () -- C:\Users\Kevin\Desktop\Save0003.sav.bak1

[2012/08/30 09:03:38 | 000,000,211 | ---- | M] () -- C:\Users\Kevin\Desktop\Wicked MA.url

[2012/08/29 06:47:24 | 000,000,219 | ---- | M] () -- C:\Users\Kevin\Desktop\ESET Online Scanner.url

[2012/08/26 19:15:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/26 16:21:46 | 000,000,190 | ---- | M] () -- C:\Users\Kevin\Desktop\Anime Online Database - Anime Videos Reviews Pictures Forums And More.url

[2012/08/26 15:34:06 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/08/26 15:34:06 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/24 04:41:55 | 001,524,173 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB

[2012/08/19 21:10:58 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/08/17 09:15:01 | 000,002,512 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/17 09:14:28 | 000,276,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/08/16 04:42:37 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/08/16 04:42:37 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/16 04:42:37 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/16 04:30:46 | 000,921,344 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe

[2012/08/16 04:17:09 | 000,002,046 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

[2012/08/16 02:56:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/16 02:56:26 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kevin\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/16 01:29:48 | 000,008,942 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038

[2012/08/16 01:25:07 | 000,000,051 | ---- | M] () -- C:\ProgramData\oewjvtfvpnesgyz

[2012/08/14 12:37:17 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk

[2012/08/10 07:28:35 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini

[2012/08/08 14:02:08 | 016,314,368 | ---- | M] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs

[2012/08/08 09:00:08 | 000,000,221 | ---- | M] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/09/02 20:08:08 | 000,511,265 | ---- | C] () -- C:\Users\Kevin\Desktop\adwcleaner.exe

[2012/09/02 01:28:25 | 000,106,496 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0004.sav.bak1

[2012/09/02 01:20:53 | 000,102,400 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0004.sav

[2012/08/31 23:42:49 | 000,155,648 | ---- | C] () -- C:\Users\Kevin\Desktop\Save0003.sav.bak1

[2012/08/30 09:03:38 | 000,000,211 | ---- | C] () -- C:\Users\Kevin\Desktop\Wicked MA.url

[2012/08/29 06:47:24 | 000,000,219 | ---- | C] () -- C:\Users\Kevin\Desktop\ESET Online Scanner.url

[2012/08/16 23:00:36 | 000,000,190 | ---- | C] () -- C:\Users\Kevin\Desktop\Anime Online Database - Anime Videos Reviews Pictures Forums And More.url

[2012/08/16 04:42:37 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/08/16 04:42:37 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/08/16 04:42:31 | 000,002,512 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/16 04:30:17 | 000,921,344 | ---- | C] () -- C:\Users\Kevin\Desktop\Norton_Removal_Tool.exe

[2012/08/16 02:56:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/16 01:25:00 | 000,000,051 | ---- | C] () -- C:\ProgramData\oewjvtfvpnesgyz

[2012/08/14 12:37:17 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk

[2012/08/08 14:00:44 | 016,314,368 | ---- | C] () -- C:\Users\Kevin\Documents\Speichern 4 - Kevin  Himmelsrand  185.exs

[2012/08/08 09:00:08 | 000,000,221 | ---- | C] () -- C:\Users\Kevin\Desktop\The Elder Scrolls V Skyrim.url

[2012/06/17 23:22:41 | 000,000,300 | ---- | C] () -- C:\windows\ACTIVEJP.INI

[2012/01/24 04:49:22 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat

[2011/09/10 05:47:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2011/09/10 05:47:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2011/09/10 05:47:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2011/09/10 05:47:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2011/09/10 05:47:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2011/09/02 15:07:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/09/02 14:52:25 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\treeskp.sys

[2011/08/24 02:20:14 | 000,000,003 | ---- | C] () -- C:\windows\sbacknt.bin

[2011/08/06 18:24:27 | 001,592,786 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/06 14:20:04 | 000,059,685 | ---- | C] () -- C:\windows\War3Unin.dat

[2011/06/17 06:12:01 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2011/04/05 05:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/04/05 05:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2011/04/05 05:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2011/02/04 04:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2010/11/09 21:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012/03/24 13:36:03 | 000,000,000 | -HSD | M] -- C:\Users\Kevin\AppData\Roaming\.#

[2011/08/11 06:19:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\3DataManager

[2011/08/13 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe

[2012/07/30 17:22:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AnvSoft

[2012/02/18 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Clickteam

[2011/08/13 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Datel

[2012/06/19 02:25:14 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DivX

[2012/08/25 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoft

[2012/08/20 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/08/06 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities

[2011/04/12 04:33:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia

[2012/08/16 02:57:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs

[2012/08/16 02:05:27 | 000,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft

[2012/04/20 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla

[2012/08/16 02:12:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Software

[2011/08/30 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NCH Swift Sound

[2011/11/16 18:54:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Nero

[2011/08/29 23:09:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OCS

[2011/08/29 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Opera

[2011/08/11 16:27:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips

[2011/08/10 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Philips-Songbird

[2011/08/10 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Program Files (x86)

[2012/05/28 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Real

[2012/03/29 16:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype

[2012/07/11 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SoftGrid Client

[2012/08/14 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2

[2011/08/07 01:39:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba

[2011/08/06 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TOSHIBA Online Product Information

[2011/08/06 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TP

[2012/07/31 23:12:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\vlc

[2011/08/06 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch

 
 < %APPDATA%\*.exe /s >

[2010/09/20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kevin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2007/08/29 15:36:06 | 000,167,424 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe

[2008/02/13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe

[2011/04/20 11:16:26 | 000,985,088 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\ffmpeg11\x264stub.exe

[2011/09/05 14:22:58 | 001,270,801 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\NCH Software\Components\x264enc2\x264enc2.exe

[2011/08/29 23:09:00 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

[2011/08/29 23:09:00 | 000,040,960 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[2012/07/12 04:03:46 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe

[2012/06/28 07:50:02 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe

[2012/06/05 14:56:14 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys

[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Files - Unicode (All) ==========

[2012/02/18 13:33:45 | 000,000,000 | ---D | M](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説

[2012/02/18 13:20:16 | 000,000,000 | ---D | C](C:\Users\Kevin\Documents\?????) -- C:\Users\Kevin\Documents\小影の伝説
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - user.js - File not found

O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKU\S-1-5-21-920081731-557011817-1691672322-1000..\Run: []  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files

C:\ProgramData\rsiogkxqxettjhl

C:\Users\Kevin\AppData\Roaming\.#

C:\$RECYCLE.BIN\S-1-5-21-920081731-557011817-1691672322-1001

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ok ich hab den fix gemacht brauchst du von dem auch das log?

ja sicher brauch das log!

Hier ist das OTL fix log

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.

Registry value HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-21-920081731-557011817-1691672322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== FILES ==========

C:\ProgramData\rsiogkxqxettjhl folder moved successfully.

C:\Users\Kevin\AppData\Roaming\.# folder moved successfully.

C:\$RECYCLE.BIN\S-1-5-21-920081731-557011817-1691672322-1001\$REVJ6T9 folder moved successfully.

C:\$RECYCLE.BIN\S-1-5-21-920081731-557011817-1691672322-1001 folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Kevin\Desktop\cmd.bat deleted successfully.

C:\Users\Kevin\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kevin

->Temp folder emptied: 388573066 bytes

->Temporary Internet Files folder emptied: 1772095425 bytes

->Java cache emptied: 75110 bytes

->FireFox cache emptied: 179069329 bytes

->Google Chrome cache emptied: 7720705 bytes

->Flash cache emptied: 294182 bytes

 

User: Mcx1-KEVIN-TOSH

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 268854075 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36069747 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 2,530.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Kevin

->Flash cache emptied: 0 bytes

 

User: Mcx1-KEVIN-TOSH

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.61.0 log created on 09072012_001618
 

Files\Folders moved on Reboot...

C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

hab TDSSL-Killer ausgeführt und hatte 2 Treffer

Hier das Log:

Code:

20:07:44.0169 6788  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

20:07:45.0355 6788  ============================================================

20:07:45.0355 6788  Current date / time: 2012/09/13 20:07:45.0355

20:07:45.0355 6788  SystemInfo:

20:07:45.0355 6788  

20:07:45.0355 6788  OS Version: 6.1.7601 ServicePack: 1.0

20:07:45.0355 6788  Product type: Workstation

20:07:45.0355 6788  ComputerName: KEVIN-TOSH

20:07:45.0355 6788  UserName: Kevin

20:07:45.0355 6788  Windows directory: C:\windows

20:07:45.0355 6788  System windows directory: C:\windows

20:07:45.0355 6788  Running under WOW64

20:07:45.0355 6788  Processor architecture: Intel x64

20:07:45.0355 6788  Number of processors: 8

20:07:45.0355 6788  Page size: 0x1000

20:07:45.0355 6788  Boot type: Normal boot

20:07:45.0355 6788  ============================================================

20:07:46.0182 6788  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:07:46.0197 6788  ============================================================

20:07:46.0197 6788  \Device\Harddisk0\DR0:

20:07:46.0197 6788  MBR partitions:

20:07:46.0197 6788  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x55468000

20:07:46.0197 6788  ============================================================

20:07:46.0229 6788  C: <-> \Device\Harddisk0\DR0\Partition1

20:07:46.0229 6788  ============================================================

20:07:46.0229 6788  Initialize success

20:07:46.0229 6788  ============================================================

20:07:51.0002 4340  ============================================================

20:07:51.0002 4340  Scan started

20:07:51.0002 4340  Mode: Manual; SigCheck; TDLFS; 

20:07:51.0002 4340  ============================================================

20:07:51.0439 4340  ================ Scan system memory ========================

20:07:51.0439 4340  System memory - ok

20:07:51.0439 4340  ================ Scan services =============================

20:07:51.0782 4340  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys

20:07:51.0923 4340  1394ohci - ok

20:07:51.0954 4340  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys

20:07:51.0985 4340  ACPI - ok

20:07:52.0032 4340  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys

20:07:52.0079 4340  AcpiPmi - ok

20:07:52.0203 4340  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:07:52.0235 4340  AdobeARMservice - ok

20:07:52.0500 4340  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:07:52.0531 4340  AdobeFlashPlayerUpdateSvc - ok

20:07:52.0578 4340  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys

20:07:52.0640 4340  adp94xx - ok

20:07:52.0687 4340  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys

20:07:52.0734 4340  adpahci - ok

20:07:52.0749 4340  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys

20:07:52.0781 4340  adpu320 - ok

20:07:52.0812 4340  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll

20:07:52.0921 4340  AeLookupSvc - ok

20:07:52.0999 4340  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys

20:07:53.0046 4340  AFD - ok

20:07:53.0077 4340  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys

20:07:53.0108 4340  agp440 - ok

20:07:53.0155 4340  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe

20:07:53.0186 4340  ALG - ok

20:07:53.0202 4340  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys

20:07:53.0233 4340  aliide - ok

20:07:53.0233 4340  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys

20:07:53.0264 4340  amdide - ok

20:07:53.0295 4340  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys

20:07:53.0342 4340  AmdK8 - ok

20:07:53.0358 4340  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys

20:07:53.0389 4340  AmdPPM - ok

20:07:53.0436 4340  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys

20:07:53.0483 4340  amdsata - ok

20:07:53.0498 4340  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys

20:07:53.0545 4340  amdsbs - ok

20:07:53.0561 4340  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys

20:07:53.0576 4340  amdxata - ok

20:07:53.0623 4340  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys

20:07:53.0717 4340  AppID - ok

20:07:53.0748 4340  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll

20:07:53.0841 4340  AppIDSvc - ok

20:07:53.0857 4340  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll

20:07:53.0935 4340  Appinfo - ok

20:07:53.0997 4340  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys

20:07:54.0029 4340  arc - ok

20:07:54.0044 4340  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys

20:07:54.0075 4340  arcsas - ok

20:07:54.0153 4340  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:07:54.0185 4340  aspnet_state - ok

20:07:54.0216 4340  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys

20:07:54.0309 4340  AsyncMac - ok

20:07:54.0356 4340  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys

20:07:54.0387 4340  atapi - ok

20:07:54.0497 4340  [ B2931C83CFB12A3223A47B180473AE1A ] athr            C:\windows\system32\DRIVERS\athrx.sys

20:07:54.0621 4340  athr - ok

20:07:54.0668 4340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

20:07:54.0777 4340  AudioEndpointBuilder - ok

20:07:54.0793 4340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll

20:07:54.0902 4340  AudioSrv - ok

20:07:54.0933 4340  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll

20:07:54.0980 4340  AxInstSV - ok

20:07:55.0043 4340  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys

20:07:55.0074 4340  b06bdrv - ok

20:07:55.0121 4340  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys

20:07:55.0167 4340  b57nd60a - ok

20:07:55.0214 4340  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll

20:07:55.0245 4340  BDESVC - ok

20:07:55.0261 4340  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys

20:07:55.0355 4340  Beep - ok

20:07:55.0401 4340  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll

20:07:55.0511 4340  BFE - ok

20:07:55.0713 4340  [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120905.001\BHDrvx64.sys

20:07:55.0807 4340  BHDrvx64 - ok

20:07:55.0854 4340  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll

20:07:55.0979 4340  BITS - ok

20:07:56.0025 4340  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys

20:07:56.0057 4340  blbdrive - ok

20:07:56.0088 4340  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys

20:07:56.0119 4340  bowser - ok

20:07:56.0150 4340  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys

20:07:56.0181 4340  BrFiltLo - ok

20:07:56.0197 4340  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys

20:07:56.0244 4340  BrFiltUp - ok

20:07:56.0291 4340  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll

20:07:56.0337 4340  Browser - ok

20:07:56.0369 4340  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys

20:07:56.0400 4340  Brserid - ok

20:07:56.0415 4340  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys

20:07:56.0462 4340  BrSerWdm - ok

20:07:56.0462 4340  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys

20:07:56.0493 4340  BrUsbMdm - ok

20:07:56.0509 4340  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys

20:07:56.0540 4340  BrUsbSer - ok

20:07:56.0587 4340  [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys

20:07:56.0618 4340  BtFilter - ok

20:07:56.0649 4340  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys

20:07:56.0696 4340  BTHMODEM - ok

20:07:56.0743 4340  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll

20:07:56.0837 4340  bthserv - ok

20:07:56.0899 4340  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\windows\system32\drivers\BVRPMPR5a64.SYS

20:07:56.0915 4340  BVRPMPR5a64 - ok

20:07:56.0946 4340  catchme - ok

20:07:57.0024 4340  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys

20:07:57.0055 4340  ccSet_NIS - ok

20:07:57.0086 4340  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys

20:07:57.0180 4340  cdfs - ok

20:07:57.0227 4340  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys

20:07:57.0258 4340  cdrom - ok

20:07:57.0320 4340  [ A965B206921C55F2D1481789D609B711 ] CeKbFilter      C:\windows\system32\DRIVERS\CeKbFilter.sys

20:07:57.0336 4340  CeKbFilter - ok

20:07:57.0383 4340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll

20:07:57.0476 4340  CertPropSvc - ok

20:07:57.0554 4340  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

20:07:57.0585 4340  cfWiMAXService - ok

20:07:57.0617 4340  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys

20:07:57.0663 4340  circlass - ok

20:07:57.0710 4340  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys

20:07:57.0741 4340  CLFS - ok

20:07:57.0804 4340  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:07:57.0835 4340  clr_optimization_v2.0.50727_32 - ok

20:07:57.0866 4340  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:07:57.0897 4340  clr_optimization_v2.0.50727_64 - ok

20:07:58.0007 4340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:07:58.0038 4340  clr_optimization_v4.0.30319_32 - ok

20:07:58.0053 4340  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:07:58.0085 4340  clr_optimization_v4.0.30319_64 - ok

20:07:58.0116 4340  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\drivers\CmBatt.sys

20:07:58.0147 4340  CmBatt - ok

20:07:58.0163 4340  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys

20:07:58.0194 4340  cmdide - ok

20:07:58.0272 4340  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys

20:07:58.0334 4340  CNG - ok

20:07:58.0365 4340  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys

20:07:58.0397 4340  Compbatt - ok

20:07:58.0428 4340  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys

20:07:58.0475 4340  CompositeBus - ok

20:07:58.0490 4340  COMSysApp - ok

20:07:58.0521 4340  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

20:07:58.0537 4340  ConfigFree Service - ok

20:07:58.0568 4340  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys

20:07:58.0584 4340  crcdisk - ok

20:07:58.0662 4340  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\windows\system32\cryptsvc.dll

20:07:58.0693 4340  CryptSvc - ok

20:07:58.0833 4340  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

20:07:58.0896 4340  cvhsvc - ok

20:07:58.0958 4340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll

20:07:59.0052 4340  DcomLaunch - ok

20:07:59.0099 4340  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll

20:07:59.0192 4340  defragsvc - ok

20:07:59.0223 4340  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys

20:07:59.0317 4340  DfsC - ok

20:07:59.0379 4340  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys

20:07:59.0411 4340  dg_ssudbus - ok

20:07:59.0457 4340  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll

20:07:59.0551 4340  Dhcp - ok

20:07:59.0582 4340  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys

20:07:59.0676 4340  discache - ok

20:07:59.0707 4340  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys

20:07:59.0738 4340  Disk - ok

20:07:59.0785 4340  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll

20:07:59.0816 4340  Dnscache - ok

20:07:59.0847 4340  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll

20:07:59.0941 4340  dot3svc - ok

20:07:59.0957 4340  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll

20:08:00.0050 4340  DPS - ok

20:08:00.0097 4340  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys

20:08:00.0144 4340  drmkaud - ok

20:08:00.0206 4340  [ 04930F585EFBAEDDF79773ADD1A5EF4E ] DVB7700ALL      C:\windows\system32\Drivers\dvb7700all.sys

20:08:00.0253 4340  DVB7700ALL - ok

20:08:00.0300 4340  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys

20:08:00.0362 4340  DXGKrnl - ok

20:08:00.0393 4340  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll

20:08:00.0487 4340  EapHost - ok

20:08:00.0596 4340  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys

20:08:00.0721 4340  ebdrv - ok

20:08:00.0799 4340  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

20:08:00.0846 4340  eeCtrl - ok

20:08:00.0908 4340  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe

20:08:00.0939 4340  EFS - ok

20:08:01.0002 4340  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe

20:08:01.0049 4340  ehRecvr - ok

20:08:01.0080 4340  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe

20:08:01.0111 4340  ehSched - ok

20:08:01.0158 4340  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys

20:08:01.0205 4340  elxstor - ok

20:08:01.0236 4340  [ 524C79054636D2E5751169005006460B ] enecir          C:\windows\system32\DRIVERS\enecir.sys

20:08:01.0267 4340  enecir - ok

20:08:01.0283 4340  [ E17EB95358F396E27D573A1B20F891F8 ] enecirhid       C:\windows\system32\DRIVERS\enecirhid.sys

20:08:01.0298 4340  enecirhid - ok

20:08:01.0314 4340  [ 8492D808C79BD6FE439F77BE84956CDF ] enecirhidma     C:\windows\system32\DRIVERS\enecirhidma.sys

20:08:01.0345 4340  enecirhidma - ok

20:08:01.0407 4340  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:08:01.0439 4340  EraserUtilRebootDrv - ok

20:08:01.0454 4340  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys

20:08:01.0485 4340  ErrDev - ok

20:08:01.0532 4340  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll

20:08:01.0641 4340  EventSystem - ok

20:08:01.0673 4340  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys

20:08:01.0766 4340  exfat - ok

20:08:01.0782 4340  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys

20:08:01.0891 4340  fastfat - ok

20:08:01.0953 4340  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe

20:08:02.0000 4340  Fax - ok

20:08:02.0031 4340  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys

20:08:02.0063 4340  fdc - ok

20:08:02.0109 4340  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll

20:08:02.0203 4340  fdPHost - ok

20:08:02.0219 4340  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll

20:08:02.0312 4340  FDResPub - ok

20:08:02.0343 4340  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys

20:08:02.0375 4340  FileInfo - ok

20:08:02.0390 4340  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys

20:08:02.0484 4340  Filetrace - ok

20:08:02.0531 4340  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys

20:08:02.0562 4340  flpydisk - ok

20:08:02.0577 4340  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys

20:08:02.0624 4340  FltMgr - ok

20:08:02.0671 4340  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll

20:08:02.0733 4340  FontCache - ok

20:08:02.0780 4340  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:08:02.0811 4340  FontCache3.0.0.0 - ok

20:08:02.0827 4340  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys

20:08:02.0858 4340  FsDepends - ok

20:08:02.0921 4340  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys

20:08:02.0952 4340  Fs_Rec - ok

20:08:02.0983 4340  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys

20:08:03.0030 4340  fvevol - ok

20:08:03.0061 4340  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys

20:08:03.0092 4340  gagp30kx - ok

20:08:03.0139 4340  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

20:08:03.0170 4340  GamesAppService - ok

20:08:03.0201 4340  GEARAspiWDM - ok

20:08:03.0248 4340  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll

20:08:03.0357 4340  gpsvc - ok

20:08:03.0404 4340  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys

20:08:03.0435 4340  hcw85cir - ok

20:08:03.0482 4340  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

20:08:03.0529 4340  HdAudAddService - ok

20:08:03.0560 4340  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys

20:08:03.0607 4340  HDAudBus - ok

20:08:03.0623 4340  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys

20:08:03.0654 4340  HidBatt - ok

20:08:03.0685 4340  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys

20:08:03.0716 4340  HidBth - ok

20:08:03.0763 4340  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys

20:08:03.0794 4340  HidIr - ok

20:08:03.0825 4340  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll

20:08:03.0919 4340  hidserv - ok

20:08:03.0966 4340  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys

20:08:03.0997 4340  HidUsb - ok

20:08:04.0028 4340  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll

20:08:04.0122 4340  hkmsvc - ok

20:08:04.0169 4340  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

20:08:04.0200 4340  HomeGroupListener - ok

20:08:04.0231 4340  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

20:08:04.0278 4340  HomeGroupProvider - ok

20:08:04.0325 4340  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys

20:08:04.0356 4340  HpSAMD - ok

20:08:04.0403 4340  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys

20:08:04.0512 4340  HTTP - ok

20:08:04.0559 4340  [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys

20:08:04.0590 4340  hwdatacard - ok

20:08:04.0605 4340  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys

20:08:04.0637 4340  hwpolicy - ok

20:08:04.0668 4340  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys

20:08:04.0715 4340  i8042prt - ok

20:08:04.0746 4340  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys

20:08:04.0793 4340  iaStor - ok

20:08:04.0839 4340  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys

20:08:04.0886 4340  iaStorV - ok

20:08:04.0949 4340  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:08:04.0995 4340  idsvc - ok

20:08:05.0120 4340  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120912.001\IDSvia64.sys

20:08:05.0151 4340  IDSVia64 - ok

20:08:05.0604 4340  [ 370C2A8629B30F910F740387795DDC6F ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys

20:08:05.0963 4340  igfx - ok

20:08:06.0041 4340  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys

20:08:06.0072 4340  iirsp - ok

20:08:06.0119 4340  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll

20:08:06.0212 4340  IKEEXT - ok

20:08:06.0321 4340  [ AC9AAFD18E4D52084C4AA8A38795B7E4 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

20:08:06.0446 4340  IntcAzAudAddService - ok

20:08:06.0509 4340  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys

20:08:06.0540 4340  IntcDAud - ok

20:08:06.0571 4340  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys

20:08:06.0602 4340  intelide - ok

20:08:06.0633 4340  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys

20:08:06.0680 4340  intelppm - ok

20:08:06.0711 4340  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll

20:08:06.0805 4340  IPBusEnum - ok

20:08:06.0836 4340  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys

20:08:06.0930 4340  IpFilterDriver - ok

20:08:06.0961 4340  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll

20:08:07.0070 4340  iphlpsvc - ok

20:08:07.0101 4340  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys

20:08:07.0133 4340  IPMIDRV - ok

20:08:07.0148 4340  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys

20:08:07.0242 4340  IPNAT - ok

20:08:07.0273 4340  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys

20:08:07.0320 4340  IRENUM - ok

20:08:07.0335 4340  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys

20:08:07.0367 4340  isapnp - ok

20:08:07.0398 4340  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys

20:08:07.0429 4340  iScsiPrt - ok

20:08:07.0476 4340  [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

20:08:07.0491 4340  IviRegMgr - ok

20:08:07.0554 4340  [ 0B44199365A69696109AB9A5855E0841 ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys

20:08:07.0585 4340  JMCR - ok

20:08:07.0616 4340  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys

20:08:07.0647 4340  kbdclass - ok

20:08:07.0679 4340  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys

20:08:07.0710 4340  kbdhid - ok

20:08:07.0741 4340  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe

20:08:07.0772 4340  KeyIso - ok

20:08:07.0819 4340  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys

20:08:07.0850 4340  KSecDD - ok

20:08:07.0866 4340  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys

20:08:07.0897 4340  KSecPkg - ok

20:08:07.0913 4340  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys

20:08:08.0006 4340  ksthunk - ok

20:08:08.0053 4340  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll

20:08:08.0147 4340  KtmRm - ok

20:08:08.0193 4340  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll

20:08:08.0287 4340  LanmanServer - ok

20:08:08.0318 4340  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

20:08:08.0412 4340  LanmanWorkstation - ok

20:08:08.0459 4340  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys

20:08:08.0552 4340  lltdio - ok

20:08:08.0583 4340  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll

20:08:08.0677 4340  lltdsvc - ok

20:08:08.0708 4340  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll

20:08:08.0802 4340  lmhosts - ok

20:08:08.0864 4340  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

20:08:08.0895 4340  LMS - ok

20:08:08.0942 4340  [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys

20:08:08.0973 4340  LPCFilter - ok

20:08:09.0020 4340  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys

20:08:09.0051 4340  LSI_FC - ok

20:08:09.0067 4340  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys

20:08:09.0098 4340  LSI_SAS - ok

20:08:09.0114 4340  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys

20:08:09.0145 4340  LSI_SAS2 - ok

20:08:09.0176 4340  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys

20:08:09.0207 4340  LSI_SCSI - ok

20:08:09.0223 4340  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys

20:08:09.0317 4340  luafv - ok

20:08:09.0379 4340  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys

20:08:09.0410 4340  MBAMProtector - ok

20:08:09.0457 4340  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:08:09.0504 4340  MBAMService - ok

20:08:09.0535 4340  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll

20:08:09.0566 4340  Mcx2Svc - ok

20:08:09.0582 4340  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys

20:08:09.0613 4340  megasas - ok

20:08:09.0660 4340  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys

20:08:09.0691 4340  MegaSR - ok

20:08:09.0738 4340  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys

20:08:09.0769 4340  MEIx64 - ok

20:08:09.0785 4340  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll

20:08:09.0894 4340  MMCSS - ok

20:08:09.0909 4340  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys

20:08:10.0003 4340  Modem - ok

20:08:10.0034 4340  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys

20:08:10.0065 4340  monitor - ok

20:08:10.0097 4340  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys

20:08:10.0128 4340  mouclass - ok

20:08:10.0143 4340  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys

20:08:10.0175 4340  mouhid - ok

20:08:10.0206 4340  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys

20:08:10.0237 4340  mountmgr - ok

20:08:10.0284 4340  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:08:10.0315 4340  MozillaMaintenance - ok

20:08:10.0346 4340  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys

20:08:10.0377 4340  mpio - ok

20:08:10.0409 4340  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys

20:08:10.0502 4340  mpsdrv - ok

20:08:10.0549 4340  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll

20:08:10.0658 4340  MpsSvc - ok

20:08:10.0689 4340  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys

20:08:10.0736 4340  MRxDAV - ok

20:08:10.0783 4340  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys

20:08:10.0814 4340  mrxsmb - ok

20:08:10.0830 4340  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys

20:08:10.0877 4340  mrxsmb10 - ok

20:08:10.0892 4340  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys

20:08:10.0923 4340  mrxsmb20 - ok

20:08:10.0955 4340  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys

20:08:10.0970 4340  msahci - ok

20:08:11.0001 4340  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys

20:08:11.0033 4340  msdsm - ok

20:08:11.0048 4340  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe

20:08:11.0095 4340  MSDTC - ok

20:08:11.0111 4340  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys

20:08:11.0204 4340  Msfs - ok

20:08:11.0251 4340  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys

20:08:11.0345 4340  mshidkmdf - ok

20:08:11.0360 4340  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys

20:08:11.0391 4340  msisadrv - ok

20:08:11.0407 4340  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll

20:08:11.0501 4340  MSiSCSI - ok

20:08:11.0516 4340  msiserver - ok

20:08:11.0547 4340  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys

20:08:11.0625 4340  MSKSSRV - ok

20:08:11.0657 4340  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys

20:08:11.0735 4340  MSPCLOCK - ok

20:08:11.0766 4340  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys

20:08:11.0844 4340  MSPQM - ok

20:08:11.0875 4340  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys

20:08:11.0922 4340  MsRPC - ok

20:08:11.0953 4340  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys

20:08:11.0969 4340  mssmbios - ok

20:08:12.0000 4340  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys

20:08:12.0093 4340  MSTEE - ok

20:08:12.0109 4340  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys

20:08:12.0140 4340  MTConfig - ok

20:08:12.0156 4340  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys

20:08:12.0187 4340  Mup - ok

20:08:12.0234 4340  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll

20:08:12.0343 4340  napagent - ok

20:08:12.0390 4340  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys

20:08:12.0437 4340  NativeWifiP - ok

20:08:12.0515 4340  [ 2989174DF02E0AEF54BAE90674FB445F ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe

20:08:12.0561 4340  NAUpdate - ok

20:08:12.0639 4340  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120912.036\ENG64.SYS

20:08:12.0671 4340  NAVENG - ok

20:08:12.0733 4340  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120912.036\EX64.SYS

20:08:12.0842 4340  NAVEX15 - ok

20:08:12.0905 4340  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys

20:08:12.0967 4340  NDIS - ok

20:08:12.0983 4340  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys

20:08:13.0076 4340  NdisCap - ok

20:08:13.0123 4340  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys

20:08:13.0201 4340  NdisTapi - ok

20:08:13.0232 4340  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys

20:08:13.0326 4340  Ndisuio - ok

20:08:13.0341 4340  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys

20:08:13.0435 4340  NdisWan - ok

20:08:13.0466 4340  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys

20:08:13.0560 4340  NDProxy - ok

20:08:13.0591 4340  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys

20:08:13.0685 4340  NetBIOS - ok

20:08:13.0700 4340  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys

20:08:13.0794 4340  NetBT - ok

20:08:13.0809 4340  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe

20:08:13.0841 4340  Netlogon - ok

20:08:13.0903 4340  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll

20:08:13.0997 4340  Netman - ok

20:08:14.0059 4340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:14.0090 4340  NetMsmqActivator - ok

20:08:14.0090 4340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:14.0121 4340  NetPipeActivator - ok

20:08:14.0168 4340  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll

20:08:14.0262 4340  netprofm - ok

20:08:14.0277 4340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:14.0309 4340  NetTcpActivator - ok

20:08:14.0309 4340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:14.0340 4340  NetTcpPortSharing - ok

20:08:14.0371 4340  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys

20:08:14.0402 4340  nfrd960 - ok

20:08:14.0636 4340  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

20:08:14.0667 4340  NIS - ok

20:08:14.0714 4340  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll

20:08:14.0808 4340  NlaSvc - ok

20:08:14.0839 4340  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys

20:08:14.0933 4340  Npfs - ok

20:08:14.0964 4340  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll

20:08:15.0042 4340  nsi - ok

20:08:15.0057 4340  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys

20:08:15.0151 4340  nsiproxy - ok

20:08:15.0213 4340  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys

20:08:15.0307 4340  Ntfs - ok

20:08:15.0338 4340  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys

20:08:15.0416 4340  Null - ok

20:08:15.0463 4340  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys

20:08:15.0494 4340  nusb3hub - ok

20:08:15.0510 4340  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys

20:08:15.0541 4340  nusb3xhc - ok

20:08:15.0931 4340  [ EC30892650DABC8142A09A5FEAAD0154 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys

20:08:16.0430 4340  nvlddmkm - ok

20:08:16.0524 4340  [ 1A3AAB915ABE1BD2FE374243F83A2ADC ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys

20:08:16.0539 4340  nvpciflt - ok

20:08:16.0571 4340  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys

20:08:16.0602 4340  nvraid - ok

20:08:16.0633 4340  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys

20:08:16.0664 4340  nvstor - ok

20:08:16.0727 4340  [ 2F5A6F3CFDBF40EBBD83E0AC03F6186D ] NVSvc           C:\windows\system32\nvvsvc.exe

20:08:16.0789 4340  NVSvc - ok

20:08:16.0914 4340  [ BB0018ED47AB08D20A2EFB72444F91FE ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

20:08:17.0007 4340  nvUpdatusService - ok

20:08:17.0039 4340  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys

20:08:17.0070 4340  nv_agp - ok

20:08:17.0085 4340  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys

20:08:17.0132 4340  ohci1394 - ok

20:08:17.0195 4340  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:08:17.0210 4340  ose - ok

20:08:17.0413 4340  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:08:17.0631 4340  osppsvc - ok

20:08:17.0694 4340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll

20:08:17.0725 4340  p2pimsvc - ok

20:08:17.0756 4340  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll

20:08:17.0803 4340  p2psvc - ok

20:08:17.0819 4340  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys

20:08:17.0850 4340  Parport - ok

20:08:17.0912 4340  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys

20:08:17.0943 4340  partmgr - ok

20:08:17.0975 4340  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll

20:08:18.0037 4340  PcaSvc - ok

20:08:18.0053 4340  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys

20:08:18.0084 4340  pci - ok

20:08:18.0115 4340  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys

20:08:18.0146 4340  pciide - ok

20:08:18.0177 4340  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys

20:08:18.0209 4340  pcmcia - ok

20:08:18.0224 4340  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys

20:08:18.0255 4340  pcw - ok

20:08:18.0287 4340  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys

20:08:18.0396 4340  PEAUTH - ok

20:08:18.0521 4340  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe

20:08:18.0552 4340  PerfHost - ok

20:08:18.0599 4340  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys

20:08:18.0630 4340  PGEffect - ok

20:08:18.0677 4340  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll

20:08:18.0801 4340  pla - ok

20:08:18.0864 4340  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll

20:08:18.0911 4340  PlugPlay - ok

20:08:18.0926 4340  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll

20:08:18.0957 4340  PNRPAutoReg - ok

20:08:18.0973 4340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll

20:08:19.0020 4340  PNRPsvc - ok

20:08:19.0051 4340  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll

20:08:19.0160 4340  PolicyAgent - ok

20:08:19.0207 4340  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll

20:08:19.0301 4340  Power - ok

20:08:19.0347 4340  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys

20:08:19.0441 4340  PptpMiniport - ok

20:08:19.0457 4340  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys

20:08:19.0488 4340  Processor - ok

20:08:19.0550 4340  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll

20:08:19.0581 4340  ProfSvc - ok

20:08:19.0597 4340  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

20:08:19.0644 4340  ProtectedStorage - ok

20:08:19.0675 4340  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys

20:08:19.0753 4340  Psched - ok

20:08:19.0784 4340  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

20:08:19.0815 4340  PSI_SVC_2 - ok

20:08:19.0878 4340  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys

20:08:19.0971 4340  ql2300 - ok

20:08:19.0987 4340  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys

20:08:20.0018 4340  ql40xx - ok

20:08:20.0065 4340  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll

20:08:20.0112 4340  QWAVE - ok

20:08:20.0127 4340  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys

20:08:20.0174 4340  QWAVEdrv - ok

20:08:20.0205 4340  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys

20:08:20.0283 4340  RasAcd - ok

20:08:20.0315 4340  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys

20:08:20.0408 4340  RasAgileVpn - ok

20:08:20.0439 4340  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll

20:08:20.0533 4340  RasAuto - ok

20:08:20.0549 4340  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys

20:08:20.0642 4340  Rasl2tp - ok

20:08:20.0689 4340  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll

20:08:20.0783 4340  RasMan - ok

20:08:20.0798 4340  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys

20:08:20.0892 4340  RasPppoe - ok

20:08:20.0907 4340  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys

20:08:21.0001 4340  RasSstp - ok

20:08:21.0048 4340  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys

20:08:21.0141 4340  rdbss - ok

20:08:21.0157 4340  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys

20:08:21.0204 4340  rdpbus - ok

20:08:21.0235 4340  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys

20:08:21.0313 4340  RDPCDD - ok

20:08:21.0344 4340  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys

20:08:21.0422 4340  RDPENCDD - ok

20:08:21.0453 4340  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys

20:08:21.0531 4340  RDPREFMP - ok

20:08:21.0594 4340  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys

20:08:21.0625 4340  RDPWD - ok

20:08:21.0656 4340  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys

20:08:21.0687 4340  rdyboost - ok

20:08:21.0719 4340  [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi            C:\windows\system32\drivers\regi.sys

20:08:21.0734 4340  regi - ok

20:08:21.0765 4340  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll

20:08:21.0859 4340  RemoteAccess - ok

20:08:21.0890 4340  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll

20:08:21.0984 4340  RemoteRegistry - ok

20:08:21.0999 4340  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll

20:08:22.0093 4340  RpcEptMapper - ok

20:08:22.0124 4340  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe

20:08:22.0155 4340  RpcLocator - ok

20:08:22.0187 4340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll

20:08:22.0296 4340  RpcSs - ok

20:08:22.0343 4340  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys

20:08:22.0436 4340  rspndr - ok

20:08:22.0483 4340  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys

20:08:22.0514 4340  RTL8167 - ok

20:08:22.0545 4340  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe

20:08:22.0577 4340  SamSs - ok

20:08:22.0592 4340  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys

20:08:22.0623 4340  sbp2port - ok

20:08:22.0655 4340  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll

20:08:22.0748 4340  SCardSvr - ok

20:08:22.0779 4340  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys

20:08:22.0857 4340  scfilter - ok

20:08:22.0904 4340  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll

20:08:23.0029 4340  Schedule - ok

20:08:23.0060 4340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll

20:08:23.0154 4340  SCPolicySvc - ok

20:08:23.0169 4340  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys

20:08:23.0216 4340  sdbus - ok

20:08:23.0247 4340  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll

20:08:23.0294 4340  SDRSVC - ok

20:08:23.0388 4340  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

20:08:23.0403 4340  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning

20:08:23.0403 4340  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)

20:08:23.0419 4340  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys

20:08:23.0513 4340  secdrv - ok

20:08:23.0544 4340  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll

20:08:23.0622 4340  seclogon - ok

20:08:23.0669 4340  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll

20:08:23.0762 4340  SENS - ok

20:08:23.0778 4340  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll

20:08:23.0809 4340  SensrSvc - ok

20:08:23.0856 4340  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys

20:08:23.0887 4340  Serenum - ok

20:08:23.0903 4340  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys

20:08:23.0949 4340  Serial - ok

20:08:23.0965 4340  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys

20:08:24.0012 4340  sermouse - ok

20:08:24.0059 4340  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll

20:08:24.0152 4340  SessionEnv - ok

20:08:24.0168 4340  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys

20:08:24.0215 4340  sffdisk - ok

20:08:24.0230 4340  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys

20:08:24.0277 4340  sffp_mmc - ok

20:08:24.0293 4340  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys

20:08:24.0324 4340  sffp_sd - ok

20:08:24.0355 4340  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys

20:08:24.0386 4340  sfloppy - ok

20:08:24.0449 4340  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys

20:08:24.0511 4340  Sftfs - ok

20:08:24.0589 4340  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

20:08:24.0636 4340  sftlist - ok

20:08:24.0651 4340  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys

20:08:24.0683 4340  Sftplay - ok

20:08:24.0698 4340  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys

20:08:24.0729 4340  Sftredir - ok

20:08:24.0745 4340  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys

20:08:24.0776 4340  Sftvol - ok

20:08:24.0807 4340  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

20:08:24.0823 4340  sftvsa - ok

20:08:24.0870 4340  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll

20:08:24.0963 4340  SharedAccess - ok

20:08:25.0010 4340  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

20:08:25.0104 4340  ShellHWDetection - ok

20:08:25.0135 4340  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys

20:08:25.0166 4340  SiSRaid2 - ok

20:08:25.0182 4340  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys

20:08:25.0213 4340  SiSRaid4 - ok

20:08:25.0275 4340  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys

20:08:25.0369 4340  Smb - ok

20:08:25.0416 4340  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe

20:08:25.0447 4340  SNMPTRAP - ok

20:08:25.0463 4340  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys

20:08:25.0494 4340  spldr - ok

20:08:25.0541 4340  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe

20:08:25.0587 4340  Spooler - ok

20:08:25.0712 4340  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe

20:08:25.0899 4340  sppsvc - ok

20:08:25.0915 4340  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll

20:08:26.0024 4340  sppuinotify - ok

20:08:26.0133 4340  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS

20:08:26.0180 4340  SRTSP - ok

20:08:26.0227 4340  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS

20:08:26.0258 4340  SRTSPX - ok

20:08:26.0305 4340  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys

20:08:26.0352 4340  srv - ok

20:08:26.0367 4340  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys

20:08:26.0414 4340  srv2 - ok

20:08:26.0430 4340  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys

20:08:26.0461 4340  srvnet - ok

20:08:26.0508 4340  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll

20:08:26.0601 4340  SSDPSRV - ok

20:08:26.0617 4340  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll

20:08:26.0726 4340  SstpSvc - ok

20:08:26.0789 4340  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys

20:08:26.0820 4340  ssudmdm - ok

20:08:26.0867 4340  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\windows\system32\DRIVERS\ss_bbus.sys

20:08:26.0882 4340  ss_bbus - ok

20:08:26.0898 4340  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\windows\system32\DRIVERS\ss_bmdfl.sys

20:08:26.0929 4340  ss_bmdfl - ok

20:08:26.0945 4340  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\windows\system32\DRIVERS\ss_bmdm.sys

20:08:26.0976 4340  ss_bmdm - ok

20:08:27.0023 4340  Steam Client Service - ok

20:08:27.0070 4340  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys

20:08:27.0101 4340  stexstor - ok

20:08:27.0148 4340  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll

20:08:27.0210 4340  stisvc - ok

20:08:27.0226 4340  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys

20:08:27.0257 4340  swenum - ok

20:08:27.0288 4340  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll

20:08:27.0397 4340  swprv - ok

20:08:27.0460 4340  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS

20:08:27.0506 4340  SymDS - ok

20:08:27.0553 4340  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS

20:08:27.0631 4340  SymEFA - ok

20:08:27.0678 4340  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS

20:08:27.0709 4340  SymEvent - ok

20:08:27.0772 4340  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS

20:08:27.0803 4340  SymIRON - ok

20:08:27.0834 4340  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS

20:08:27.0881 4340  SymNetS - ok

20:08:27.0943 4340  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys

20:08:28.0021 4340  SynTP - ok

20:08:28.0052 4340  SysInfo - ok

20:08:28.0130 4340  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll

20:08:28.0224 4340  SysMain - ok

20:08:28.0240 4340  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

20:08:28.0286 4340  TabletInputService - ok

20:08:28.0318 4340  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll

20:08:28.0411 4340  TapiSrv - ok

20:08:28.0442 4340  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll

20:08:28.0552 4340  TBS - ok

20:08:28.0645 4340  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\windows\system32\drivers\tcpip.sys

20:08:28.0739 4340  Tcpip - ok

20:08:28.0801 4340  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys

20:08:28.0910 4340  TCPIP6 - ok

20:08:28.0942 4340  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys

20:08:29.0035 4340  tcpipreg - ok

20:08:29.0066 4340  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys

20:08:29.0098 4340  tdcmdpst - ok

20:08:29.0113 4340  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys

20:08:29.0144 4340  TDPIPE - ok

20:08:29.0191 4340  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys

20:08:29.0222 4340  TDTCP - ok

20:08:29.0254 4340  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys

20:08:29.0347 4340  tdx - ok

20:08:29.0394 4340  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

20:08:29.0425 4340  TemproMonitoringService - ok

20:08:29.0441 4340  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys

20:08:29.0472 4340  TermDD - ok

20:08:29.0519 4340  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll

20:08:29.0628 4340  TermService - ok

20:08:29.0659 4340  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll

20:08:29.0706 4340  Themes - ok

20:08:29.0753 4340  [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys

20:08:29.0768 4340  Thpdrv - ok

20:08:29.0784 4340  [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS

20:08:29.0815 4340  Thpevm - ok

20:08:29.0831 4340  [ 9B032A63A0553A2D872815C64A0288BE ] Thpsrv          C:\windows\system32\ThpSrv.exe

20:08:29.0862 4340  Thpsrv ( UnsignedFile.Multi.Generic ) - warning

20:08:29.0862 4340  Thpsrv - detected UnsignedFile.Multi.Generic (1)

20:08:29.0893 4340  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll

20:08:29.0987 4340  THREADORDER - ok

20:08:30.0049 4340  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

20:08:30.0065 4340  TMachInfo - ok

20:08:30.0096 4340  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe

20:08:30.0127 4340  TODDSrv - ok

20:08:30.0205 4340  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

20:08:30.0236 4340  TosCoSrv - ok

20:08:30.0283 4340  [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

20:08:30.0314 4340  TOSHIBA Bluetooth Service - ok

20:08:30.0377 4340  [ D33D5588576B04FC489DCCC66E98F546 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe

20:08:30.0408 4340  TOSHIBA eco Utility Service - ok

20:08:30.0470 4340  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

20:08:30.0486 4340  TOSHIBA HDD SSD Alert Service - ok

20:08:30.0533 4340  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\windows\system32\DRIVERS\tosporte.sys

20:08:30.0548 4340  tosporte - ok

20:08:30.0580 4340  [ 09CF82C0068C7CFF7E2B3797BE7F5CC2 ] tosrfbd         C:\windows\system32\DRIVERS\tosrfbd.sys

20:08:30.0611 4340  tosrfbd - ok

20:08:30.0642 4340  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp        C:\windows\system32\Drivers\tosrfbnp.sys

20:08:30.0673 4340  tosrfbnp - ok

20:08:30.0689 4340  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\windows\system32\Drivers\tosrfcom.sys

20:08:30.0720 4340  Tosrfcom - ok

20:08:30.0736 4340  [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys

20:08:30.0767 4340  tosrfec - ok

20:08:30.0798 4340  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\windows\system32\DRIVERS\Tosrfhid.sys

20:08:30.0829 4340  Tosrfhid - ok

20:08:30.0860 4340  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\windows\system32\DRIVERS\tosrfnds.sys

20:08:30.0892 4340  tosrfnds - ok

20:08:30.0923 4340  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\windows\system32\drivers\tosrfsnd.sys

20:08:30.0954 4340  TosRfSnd - ok

20:08:30.0985 4340  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\windows\system32\DRIVERS\tosrfusb.sys

20:08:31.0016 4340  Tosrfusb - ok

20:08:31.0063 4340  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys

20:08:31.0110 4340  tos_sps64 - ok

20:08:31.0157 4340  [ D65C6B0C070534336B72005391B6168A ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

20:08:31.0219 4340  TPCHSrv - ok

20:08:31.0250 4340  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll

20:08:31.0344 4340  TrkWks - ok

20:08:31.0391 4340  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

20:08:31.0484 4340  TrustedInstaller - ok

20:08:31.0516 4340  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys

20:08:31.0609 4340  tssecsrv - ok

20:08:31.0656 4340  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys

20:08:31.0687 4340  TsUsbFlt - ok

20:08:31.0703 4340  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys

20:08:31.0734 4340  TsUsbGD - ok

20:08:31.0781 4340  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys

20:08:31.0874 4340  tunnel - ok

20:08:31.0906 4340  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS

20:08:31.0937 4340  TVALZ - ok

20:08:31.0952 4340  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys

20:08:31.0984 4340  TVALZFL - ok

20:08:31.0999 4340  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys

20:08:32.0030 4340  uagp35 - ok

20:08:32.0062 4340  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys

20:08:32.0155 4340  udfs - ok

20:08:32.0202 4340  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe

20:08:32.0249 4340  UI0Detect - ok

20:08:32.0264 4340  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys

20:08:32.0296 4340  uliagpkx - ok

20:08:32.0358 4340  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys

20:08:32.0389 4340  umbus - ok

20:08:32.0420 4340  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys

20:08:32.0452 4340  UmPass - ok

20:08:32.0576 4340  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

20:08:32.0701 4340  UNS - ok

20:08:32.0748 4340  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll

20:08:32.0842 4340  upnphost - ok

20:08:32.0873 4340  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys

20:08:32.0904 4340  usbccgp - ok

20:08:32.0951 4340  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys

20:08:32.0998 4340  usbcir - ok

20:08:33.0013 4340  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys

20:08:33.0044 4340  usbehci - ok

20:08:33.0076 4340  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys

20:08:33.0122 4340  usbhub - ok

20:08:33.0154 4340  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys

20:08:33.0185 4340  usbohci - ok

20:08:33.0216 4340  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys

20:08:33.0247 4340  usbprint - ok

20:08:33.0278 4340  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS

20:08:33.0310 4340  USBSTOR - ok

20:08:33.0341 4340  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys

20:08:33.0372 4340  usbuhci - ok

20:08:33.0403 4340  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys

20:08:33.0434 4340  usbvideo - ok

20:08:33.0466 4340  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll

20:08:33.0559 4340  UxSms - ok

20:08:33.0590 4340  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe

20:08:33.0622 4340  VaultSvc - ok

20:08:33.0653 4340  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys

20:08:33.0684 4340  vdrvroot - ok

20:08:33.0715 4340  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe

20:08:33.0824 4340  vds - ok

20:08:33.0840 4340  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys

20:08:33.0887 4340  vga - ok

20:08:33.0902 4340  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys

20:08:33.0996 4340  VgaSave - ok

20:08:34.0027 4340  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys

20:08:34.0058 4340  vhdmp - ok

20:08:34.0090 4340  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys

20:08:34.0121 4340  viaide - ok

20:08:34.0168 4340  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys

20:08:34.0199 4340  volmgr - ok

20:08:34.0214 4340  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys

20:08:34.0261 4340  volmgrx - ok

20:08:34.0277 4340  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys

20:08:34.0324 4340  volsnap - ok

20:08:34.0355 4340  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys

20:08:34.0386 4340  vsmraid - ok

20:08:34.0448 4340  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe

20:08:34.0589 4340  VSS - ok

20:08:34.0604 4340  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys

20:08:34.0636 4340  vwifibus - ok

20:08:34.0667 4340  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys

20:08:34.0714 4340  vwififlt - ok

20:08:34.0745 4340  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys

20:08:34.0792 4340  vwifimp - ok

20:08:34.0838 4340  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll

20:08:34.0932 4340  W32Time - ok

20:08:34.0963 4340  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys

20:08:34.0994 4340  WacomPen - ok

20:08:35.0041 4340  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys

20:08:35.0135 4340  WANARP - ok

20:08:35.0135 4340  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys

20:08:35.0228 4340  Wanarpv6 - ok

20:08:35.0306 4340  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe

20:08:35.0384 4340  WatAdminSvc - ok

20:08:35.0447 4340  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe

20:08:35.0525 4340  wbengine - ok

20:08:35.0540 4340  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll

20:08:35.0603 4340  WbioSrvc - ok

20:08:35.0618 4340  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll

20:08:35.0681 4340  wcncsvc - ok

20:08:35.0712 4340  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

20:08:35.0759 4340  WcsPlugInService - ok

20:08:35.0774 4340  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys

20:08:35.0806 4340  Wd - ok

20:08:35.0852 4340  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys

20:08:35.0899 4340  Wdf01000 - ok

20:08:35.0930 4340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll

20:08:35.0977 4340  WdiServiceHost - ok

20:08:35.0977 4340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll

20:08:36.0024 4340  WdiSystemHost - ok

20:08:36.0071 4340  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll

20:08:36.0118 4340  WebClient - ok

20:08:36.0133 4340  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll

20:08:36.0242 4340  Wecsvc - ok

20:08:36.0258 4340  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll

20:08:36.0352 4340  wercplsupport - ok

20:08:36.0383 4340  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll

20:08:36.0476 4340  WerSvc - ok

20:08:36.0508 4340  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys

20:08:36.0586 4340  WfpLwf - ok

20:08:36.0617 4340  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys

20:08:36.0632 4340  WIMMount - ok

20:08:36.0664 4340  WinDefend - ok

20:08:36.0679 4340  WinHttpAutoProxySvc - ok

20:08:36.0742 4340  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll

20:08:36.0835 4340  Winmgmt - ok

20:08:36.0913 4340  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll

20:08:37.0054 4340  WinRM - ok

20:08:37.0100 4340  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys

20:08:37.0147 4340  WinUsb - ok

20:08:37.0194 4340  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll

20:08:37.0272 4340  Wlansvc - ok

20:08:37.0319 4340  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:08:37.0350 4340  wlcrasvc - ok

20:08:37.0475 4340  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:08:37.0584 4340  wlidsvc - ok

20:08:37.0615 4340  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys

20:08:37.0646 4340  WmiAcpi - ok

20:08:37.0693 4340  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe

20:08:37.0724 4340  wmiApSrv - ok

20:08:37.0771 4340  WMPNetworkSvc - ok

20:08:37.0802 4340  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll

20:08:37.0849 4340  WPCSvc - ok

20:08:37.0865 4340  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll

20:08:37.0896 4340  WPDBusEnum - ok

20:08:37.0927 4340  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys

20:08:38.0021 4340  ws2ifsl - ok

20:08:38.0052 4340  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll

20:08:38.0099 4340  wscsvc - ok

20:08:38.0099 4340  WSearch - ok

20:08:38.0177 4340  [ 27F229F3A4FA57E3EB7AE705EDA8232B ] WTGService      C:\Program Files (x86)\3DataManager\WTGService.exe

20:08:38.0208 4340  WTGService - ok

20:08:38.0317 4340  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll

20:08:38.0442 4340  wuauserv - ok

20:08:38.0458 4340  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys

20:08:38.0551 4340  WudfPf - ok

20:08:38.0598 4340  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys

20:08:38.0692 4340  WUDFRd - ok

20:08:38.0723 4340  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll

20:08:38.0816 4340  wudfsvc - ok

20:08:38.0863 4340  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll

20:08:38.0926 4340  WwanSvc - ok

20:08:38.0988 4340  ================ Scan global ===============================

20:08:39.0019 4340  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

20:08:39.0050 4340  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

20:08:39.0066 4340  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

20:08:39.0097 4340  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

20:08:39.0144 4340  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

20:08:39.0144 4340  [Global] - ok

20:08:39.0144 4340  ================ Scan MBR ==================================

20:08:39.0175 4340  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

20:08:40.0376 4340  \Device\Harddisk0\DR0 - ok

20:08:40.0376 4340  ================ Scan VBR ==================================

20:08:40.0392 4340  [ CEEFCC80154BFA446907ECBC03440A36 ] \Device\Harddisk0\DR0\Partition1

20:08:40.0408 4340  \Device\Harddisk0\DR0\Partition1 - ok

20:08:40.0408 4340  ============================================================

20:08:40.0408 4340  Scan finished

20:08:40.0408 4340  ============================================================

20:08:40.0423 2076  Detected object count: 2

20:08:40.0423 2076  Actual detected object count: 2

20:08:43.0886 2076  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user

20:08:43.0886 2076  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:08:43.0886 2076  Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user

20:08:43.0886 2076  Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:08:45.0446 5504  Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hab Combofix ausgeführt musste aber das log mit 7zip kompremieren da es zu gross war.

Wollte dir auch noch dafür danken, dass du dir immer Zeit nimmst um mir mit meinem Problem zu helfen. Ich kann leider wegen meinem Job nicht so oft online kommen und deshalb dauert es immer ein bisschen bis ich antworten kann. :dankeschoen:

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gmer hat nichts gefunden.
Hier sind die Osam und aswmbr logs:

aswMBR hat das erste mal nicht mehr funktioniert also hab ich beim zweiten mal AV-Scan None ausgewählt.

Warum im Anhang? Du solltest eigentlich grundsätzlich alle Logs direkt posten, in CODE-Tags umschlossen

Osam File:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 11:30:49 on 16.09.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights 10" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"BHDrvx64" (BHDrvx64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120905.001\BHDrvx64.sys

"BVRPMPR5a64 NDIS Protocol Driver" (BVRPMPR5a64) - "Avanquest Software" - C:\windows\system32\drivers\BVRPMPR5a64.SYS

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

"GEAR ASPI Filter Driver" (GEARAspiWDM) - ? - C:\windows\System32\Drivers\GEARAspiWDM.sys  (File not found)

"IDSVia64" (IDSVia64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120914.001\IDSvia64.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys

"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120914.024\ENG64.SYS

"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120914.024\EX64.SYS

"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys

"regi" (regi) - "InterVideo" - C:\windows\system32\drivers\regi.sys

"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys

"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys

"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys

"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys

"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS

"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS

"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS

"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS

"Symantec Real Time Storage Protection (PEL) x64" (SRTSPX) - "Symantec Corporation" - C:\windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS

"Symantec Real Time Storage Protection x64" (SRTSP) - "Symantec Corporation" - C:\windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS

"SymEvent" (SymEvent) - "Symantec Corporation" - C:\windows\system32\Drivers\SYMEVENT64x86.SYS

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll

{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files (x86)\Real\RealPlayer\rpshell.dll

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\windows\SysWow64\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "{67DABFBF-D0AB-41FA-9C46-CC0F21721616}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.divx.com/player/DivXBrowserPlugin.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

{5D29E593-73A5-400A-B3BD-6B7A1AF05A31} "@C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229" - "TODO: <会社名>" - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{F3C88694-EFFA-4d78-B409-54B7B2535B14} "TOSHIBA Media Controller Plug-in" - "<TOSHIBA>" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"TRDCReminder.lnk" - "TOSHIBA Europe" - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Toshiba Places Icon Utility.lnk" - "Toshiba" - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\steam.exe" -silent

"TOPI.EXE" - "TOSHIBA" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"HWSetup" - "TOSHIBA Electronics, Inc." - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

"ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

"KeNotify" - "TOSHIBA CORPORATION" - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NBAgent" - "Nero AG" - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

"SVPWUTIL" - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

"ToshibaServiceStation" - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

"TRCMan" - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\windows\system32\tbtmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

"ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

"GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

"Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Kevin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

"TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

"TOSHIBA eco Utility Service" (TOSHIBA eco Utility Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TECO\TecoService.exe

"TOSHIBA HDD Protection" (Thpsrv) - "TOSHIBA Corporation" - C:\windows\system32\ThpSrv.exe

"TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\windows\system32\TODDSrv.exe

"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

"TPCH Service" (TPCHSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

"WTGService" (WTGService) - ? - C:\Program Files (x86)\3DataManager\WTGService.exe  (File found, but it contains no detailed information)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-

solutions.ru

Hier das aswmbr file:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-16 11:52:14

-----------------------------

11:52:14.592    OS Version: Windows x64 6.1.7601 Service Pack 1

11:52:14.592    Number of processors: 8 586 0x2A07

11:52:14.592    ComputerName: KEVIN-TOSH  UserName: Kevin

11:52:17.932    Initialize success

11:53:49.938    AVAST engine defs: 12091400

11:54:32.642    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:54:32.647    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3

11:54:32.807    Disk 0 MBR read successfully

11:54:32.815    Disk 0 MBR scan

11:54:32.826    Disk 0 Windows VISTA default MBR code

11:54:32.871    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048

11:54:32.913    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       698576 MB offset 3074048

11:54:32.972    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        15327 MB offset 1433757696

11:54:33.102    Disk 0 scanning C:\windows\system32\drivers

11:55:19.157    Service scanning

11:56:08.189    Modules scanning

11:56:08.189    Disk 0 trace - called modules:

11:56:08.219    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll 

11:56:08.229    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800948a790]

11:56:08.229    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8009484710]

11:56:08.229    5 thpdrv.sys[fffff880019adcc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076f9050]

11:56:08.239    Scan finished successfully

12:37:11.601    Disk 0 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"

12:37:11.617    The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hier sind die Logs:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 09/21/2012 at 10:00 AM
 

Application Version : 5.5.1016
 

Core Rules Database Version : 9265

Trace Rules Database Version: 7077
 

Scan type       : Complete Scan

Total Scan Time : 02:50:23
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 833

Memory threats detected   : 0

Registry items scanned    : 70554

Registry threats detected : 0

File items scanned        : 196269

File threats detected     : 597
 

Adware.Tracking Cookie

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\B4KBZWPO.txt [ /media6degrees.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\4PMWJOTA.txt [ /tracking.quisma.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\47H4N2CQ.txt [ /www.my-adserver.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\NTH0LRSI.txt [ /www.deutschporno.eu ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\YEXWNTWQ.txt [ /deutschporno.eu ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\YVPV8KCX.txt [ /eas.apm.emediate.eu ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\GPLDYUCE.txt [ /thefind.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\JTSD1VD5.txt [ /animetoplist.org ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Y0XQL1NG.txt [ /ads.glispa.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\VCQI9X5T.txt [ /lucidmedia.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\8NSKCZ3J.txt [ /invitemedia.com ]

        C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\OGZUS62L.txt [ /www.adultmovies.com ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\WFGYFVPB.txt [ Cookie:kevin@clkads.com/adServe/banners ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\RWJGY3PX.txt [ Cookie:kevin@clkads.com/adServe ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LR2VKSE8.txt [ Cookie:kevin@interclick.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOEDXPQD.txt [ Cookie:kevin@signup.21sextury.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OXMHCDR9.txt [ Cookie:kevin@girlsteachsex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G8QROIQA.txt [ Cookie:kevin@adultxxxhentai.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0OW12QU0.txt [ Cookie:kevin@adserver.thema.cc/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUW39BVR.txt [ Cookie:kevin@tracking.quisma.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RN47H3B.txt [ Cookie:kevin@www.game-advertising-online.com/cobrand/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\545FTPQS.txt [ Cookie:kevin@filter.plusfind.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\373T8BXL.txt [ Cookie:kevin@atdmt.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OCOBILZ7.txt [ Cookie:kevin@gostats.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KNWUP9P3.txt [ Cookie:kevin@hentaicounter.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TWX5TFNW.txt [ Cookie:kevin@zanox.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FH5K7NE5.txt [ Cookie:kevin@mm.chitika.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WC49NOQD.txt [ Cookie:kevin@www.netdebit-counter.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MSJ5DVZ.txt [ Cookie:kevin@porntour.fr/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GFMV866.txt [ Cookie:kevin@viewablemedia.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G98SMM1E.txt [ Cookie:kevin@www.sexkiste.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FO9KQSC0.txt [ Cookie:kevin@megaporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1EVOC3GS.txt [ Cookie:kevin@ads2.zeusclicks.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWMIK058.txt [ Cookie:kevin@exoclick.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYSY67XY.txt [ Cookie:kevin@track.webtrekk.de/268040321250775/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8B9GM8R4.txt [ Cookie:kevin@adsrv1.admediate.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCXUXOC5.txt [ Cookie:kevin@unitymedia.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E9XS2KTI.txt [ Cookie:kevin@adultadworld.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5M2L1SEA.txt [ Cookie:kevin@accounts.google.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3XGU2F3A.txt [ Cookie:kevin@eas.apm.emediate.eu/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\85VVB8NR.txt [ Cookie:kevin@amazon-adsystem.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PD9I59K.txt [ Cookie:kevin@adform.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XA8NM4L0.txt [ Cookie:kevin@mediafire.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MTH2AR9E.txt [ Cookie:kevin@www.media-sat24.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RA0HS2J.txt [ Cookie:kevin@ero-advertising.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MRGP86XZ.txt [ Cookie:kevin@sexasia.filmerotic.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RBBREHA.txt [ Cookie:kevin@server.cpmstar.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IFTC4M81.txt [ Cookie:kevin@pornoeye.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PU88LMPG.txt [ Cookie:kevin@animetoplist.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S33Y0EJG.txt [ Cookie:kevin@imagevenue.advertserve.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9DU35WM.txt [ Cookie:kevin@playporn.to/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZ3YJU4D.txt [ Cookie:kevin@de.sitestat.com/idgcom-de/gamestar/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B641KF9C.txt [ Cookie:kevin@eas4.emediate.eu/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3RG71UKC.txt [ Cookie:kevin@tradedoubler.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TAEO0FGK.txt [ Cookie:kevin@userporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\82NQ9ZSH.txt [ Cookie:kevin@imrworldwide.com/cgi-bin ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PZFSS8NA.txt [ Cookie:kevin@counter2.sexmoney.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YI7SERWS.txt [ Cookie:kevin@www.zanox-affiliate.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DQEPEHJ.txt [ Cookie:kevin@zanox-affiliate.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GYBX233.txt [ Cookie:kevin@rotator.hadj7.adjuggler.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N5QOR4UB.txt [ Cookie:kevin@pornhub.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EX363GWX.txt [ Cookie:kevin@aim4media.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JA8IGOM1.txt [ Cookie:kevin@21sextury.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A90BH3AT.txt [ Cookie:kevin@invitemedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KKW7AV6K.txt [ Cookie:kevin@ads.247activemedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGOJ1MK7.txt [ Cookie:kevin@ads.ventivmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V7F9XOF8.txt [ Cookie:kevin@serving.xxxwebtraffic.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S6MC8YJZ.txt [ Cookie:kevin@media-sat24.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\USJHXGWF.txt [ Cookie:kevin@ad.adserver01.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P21HTIKM.txt [ Cookie:kevin@track.webtrekk.de/156330659902428/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VAN5LXN.txt [ Cookie:kevin@mediafiretrend.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJ8ZR2ZI.txt [ Cookie:kevin@www.elitepvpers.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ICJJ37Y3.txt [ Cookie:kevin@vod.adultemart.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYTEP5M2.txt [ Cookie:kevin@in.watchme.com/track/pjwRAGId,37/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKNP9CUV.txt [ Cookie:kevin@harrenmedianetwork.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VP2MS87.txt [ Cookie:kevin@ru4.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3D0UF5JR.txt [ Cookie:kevin@thesexycompany.at/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z92I9AQM.txt [ Cookie:kevin@www.gratissextv.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y60DFCR0.txt [ Cookie:kevin@mediaconverter.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V9VBG8L1.txt [ Cookie:kevin@episodic.com/track/qt5iawh5xsld/load/ew9cu5qft1pgi/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\STVB98L1.txt [ Cookie:kevin@butlers.traffective-tracking.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UK8ZQCQ0.txt [ Cookie:kevin@api.firestormmedia.tv/xmlrpc/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V8SY1OV0.txt [ Cookie:kevin@game-advertising-online.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HQ3TQPW9.txt [ Cookie:kevin@sexy-sport-clips.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VN2I4NJP.txt [ Cookie:kevin@adserver.ps3m.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HF1DXRXM.txt [ Cookie:kevin@adjuggler.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PY3LRPA.txt [ Cookie:kevin@hotsexmeet.ru/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T36ZBF0Y.txt [ Cookie:kevin@adulthentaimovies.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Z2MS8G9.txt [ Cookie:kevin@solvemedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NEEI3N22.txt [ Cookie:kevin@www.mediaconverter.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N7BG3V0Q.txt [ Cookie:kevin@xxxbunker.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E2S48VCV.txt [ Cookie:kevin@xxxfile.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QJJQN7R7.txt [ Cookie:kevin@indieclick.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSK7QAFZ.txt [ Cookie:kevin@countdown.free-and-online.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AXPX30GS.txt [ Cookie:kevin@clicksor.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B10P68WV.txt [ Cookie:kevin@a.revenuemax.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\14GKNFFO.txt [ Cookie:kevin@webpornsex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PY0YZQXW.txt [ Cookie:kevin@e-sexspiele.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XP2KQ7PF.txt [ Cookie:kevin@germansexvideo.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZH5GDCY6.txt [ Cookie:kevin@adult-sex-games.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G1KMO3O7.txt [ Cookie:kevin@partypoker.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BKL6UP8B.txt [ Cookie:kevin@legolas-media.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7H0NFDQI.txt [ Cookie:kevin@lucidmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XA1PTMCU.txt [ Cookie:kevin@track.effiliation.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\41JCO4O8.txt [ Cookie:kevin@www.usenext.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XN4YW5UT.txt [ Cookie:kevin@shinystat.com/cgi-bin/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJLPE6SZ.txt [ Cookie:kevin@traffic.acwebconnecting.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GX7XL2D2.txt [ Cookie:kevin@adserver.hardsextube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GH8Q1ZXP.txt [ Cookie:kevin@pussysexgames.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PXRD59Y.txt [ Cookie:kevin@mtrtracker.com/cp/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y142SVQJ.txt [ Cookie:kevin@www.sexysat-tv.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ONSGL0LH.txt [ Cookie:kevin@member.21sextury.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYVJZ87B.txt [ Cookie:kevin@teenx3x.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A05F75DQ.txt [ Cookie:kevin@collective-media.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4J15I9QR.txt [ Cookie:kevin@mysexgames.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D8J8A2Q1.txt [ Cookie:kevin@www.google.com/adsense/support/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KE7SKXH.txt [ Cookie:kevin@www.my-adserver.com/adserver/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLOCIZSR.txt [ Cookie:kevin@d.mediadakine.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\015COKVP.txt [ Cookie:kevin@im.banner.t-online.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0NNIDNG.txt [ Cookie:kevin@www.tvlizer.com/adult-18-tv-channels/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FJ59NX8T.txt [ Cookie:kevin@elitetvonline.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KWM1KAT.txt [ Cookie:kevin@gottracked.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M08X9UMW.txt [ Cookie:kevin@adultmovies.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YOX15M5.txt [ Cookie:kevin@de.sitestat.com/karstadt-de/karstadt/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IM9TGHD0.txt [ Cookie:kevin@tracktvlinks.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JDABGC86.txt [ Cookie:kevin@etargetnet.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWMGVHVJ.txt [ Cookie:kevin@in.mydirtyhobby.com/track/WdoTAGAU,38/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GPT5ABP3.txt [ Cookie:kevin@counter.sexsuche.tv/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LLVQT3YL.txt [ Cookie:kevin@tracking.oe24.at// ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IEVY5AH1.txt [ Cookie:kevin@mediaplex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3FB9997.txt [ Cookie:kevin@sexyspiele.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\960Y1RD4.txt [ Cookie:kevin@ads.pornerbros.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\148TRBSF.txt [ Cookie:kevin@mediafiresearch.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G755T5UA.txt [ Cookie:kevin@sexyhumorgames.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VS2IBEY6.txt [ Cookie:kevin@google.com/adsense/support/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J8SYLGCK.txt [ Cookie:kevin@xxx-4-free.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2SR0M8X7.txt [ Cookie:kevin@sexysat-tv.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TW1KCX0.txt [ Cookie:kevin@adverts.playboy.co.uk/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SDP1ABY2.txt [ Cookie:kevin@sexfortv.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BU3KADCE.txt [ Cookie:kevin@pornosphere.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW2346V1.txt [ Cookie:kevin@www.intporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJL635JU.txt [ Cookie:kevin@005.free-counters.co.uk/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FN5R9SNB.txt [ Cookie:kevin@c.gigcount.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUQ1NMTG.txt [ Cookie:kevin@api.firestormmedia.tv/iptv/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XF6WJZO6.txt [ Cookie:kevin@adsonar.com/adserving ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWK2KZTP.txt [ Cookie:kevin@xm.xtendmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IXF8X76Y.txt [ Cookie:kevin@de.sitestat.com/idgcom-de/gamepro/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IT3XJHBS.txt [ Cookie:kevin@quartermedia.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OQ7QJYF.txt [ Cookie:kevin@in.getclicky.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8NG0U17C.txt [ Cookie:kevin@ads.emeryporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJXVNW1F.txt [ Cookie:kevin@adsyst.biz/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TC818H6E.txt [ Cookie:kevin@lesbiansexdiaries.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JFIASY8T.txt [ Cookie:kevin@tracking1.aleadpay.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ESHE8EJZ.txt [ Cookie:kevin@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q31OUCH1.txt [ Cookie:kevin@stats.ilivid.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0592OXTJ.txt [ Cookie:kevin@pornosexday.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ORO50BB4.txt [ Cookie:kevin@mediaservices-d.openxenterprise.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q3EYAT9J.txt [ Cookie:kevin@go.evolutionmedia.bbelements.com/please/showit/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1YPAU5M.txt [ Cookie:kevin@tracking.gameforge.de/track/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H7Z0NEX0.txt [ Cookie:kevin@traffictrack.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FMNJVFMZ.txt [ Cookie:kevin@pornstreams.us/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5104VBG.txt [ Cookie:kevin@adultswim.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\317OB1O4.txt [ Cookie:kevin@www.sexyama.com/st/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSPGCF34.txt [ Cookie:kevin@secure.square-enix.com/account/app ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G6MQ16OQ.txt [ Cookie:kevin@intporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZHP7QE8.txt [ Cookie:kevin@www.freesexygirls.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NRKT1CPZ.txt [ Cookie:kevin@newads1.stickam.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7X5BESP.txt [ Cookie:kevin@adserve.city-ad.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBP5C65S.txt [ Cookie:kevin@mfmediaonline.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4FVUJTP.txt [ Cookie:kevin@e-2dj6wfkoundzscq.stats.esomniture.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8S35O4E7.txt [ Cookie:kevin@apmebf.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G5VLUF1.txt [ Cookie:kevin@stats.paypal.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LIFO26Q9.txt [ Cookie:kevin@digital-eliteboard.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7V7K13B1.txt [ Cookie:kevin@alphaporno.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNPKMV46.txt [ Cookie:kevin@www.tubehentaiporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSCSLC0O.txt [ Cookie:kevin@milfsexdates.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WBUPTOR.txt [ Cookie:kevin@lfstmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZIASPB81.txt [ Cookie:kevin@slapcountdown.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIL338WV.txt [ Cookie:kevin@freesexygirls.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LEPTR62Z.txt [ Cookie:kevin@ads.footballmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLT21SA7.txt [ Cookie:kevin@hornywife.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6006B64X.txt [ Cookie:kevin@porno-games.eu/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4OH9VXYA.txt [ Cookie:kevin@affiliates.thrixxx.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\91THJZE8.txt [ Cookie:kevin@adultpack.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\32NNHWNT.txt [ Cookie:kevin@indoormedia.co.uk/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1536W7K.txt [ Cookie:kevin@rmfmaxxx.pl/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3Q98JK4.txt [ Cookie:kevin@largeporntube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EJF0LO2.txt [ Cookie:kevin@sexpartnerclub.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVXUEU9G.txt [ Cookie:kevin@adtech.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8P4K24B.txt [ Cookie:kevin@macromedia-flash-player.softonic.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GFCXTIJH.txt [ Cookie:kevin@www.adultswim.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH2Y15WJ.txt [ Cookie:kevin@sexmovielab.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBMBC1K1.txt [ Cookie:kevin@lookforporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1FGIH46.txt [ Cookie:kevin@account.norton.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HA171D2N.txt [ Cookie:kevin@www.sunporno.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\THSHKAN6.txt [ Cookie:kevin@statcounter.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YXFURXCI.txt [ Cookie:kevin@www.wildhardsex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HD8VMRRJ.txt [ Cookie:kevin@dev.hardsextube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9S0NVVAU.txt [ Cookie:kevin@sexulus.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQOK0SIU.txt [ Cookie:kevin@www.snatchncrack.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V6G2X39N.txt [ Cookie:kevin@pornodvdtube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UA113X3U.txt [ Cookie:kevin@delivery.way2traffic.com/tracker=858/track ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T76LEOBC.txt [ Cookie:kevin@www.gumaxxx.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4K3N6K72.txt [ Cookie:kevin@thefind.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PU6P31B.txt [ Cookie:kevin@server.adform.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTF8V9FV.txt [ Cookie:kevin@www.freehotpornmovies.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPAUIL5L.txt [ Cookie:kevin@mmotraffic.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HV0I0AM5.txt [ Cookie:kevin@naked.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PI59XG30.txt [ Cookie:kevin@testtaketraffic.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0E6Q12GJ.txt [ Cookie:kevin@histats.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OTCNKFDV.txt [ Cookie:kevin@www.halotracker.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FYAPMQWT.txt [ Cookie:kevin@tubepornstars.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\95MRYZQ9.txt [ Cookie:kevin@ifuckgames.newgrounds.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YW0EOAQK.txt [ Cookie:kevin@halotracker.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DC7758U.txt [ Cookie:kevin@pornodirndl.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NA7A72WN.txt [ Cookie:kevin@parispornmovies.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6STX0OQ0.txt [ Cookie:kevin@wmedia.rotator.hadj7.adjuggler.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZDYWZJ5.txt [ Cookie:kevin@www.pornup.me/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ON53I27.txt [ Cookie:kevin@www.madsextube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V6RSWFQP.txt [ Cookie:kevin@ad.yieldmanager.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OO20VB8R.txt [ Cookie:kevin@www.adxpansion.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TW134F4P.txt [ Cookie:kevin@pornunder.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5XRC915.txt [ Cookie:kevin@sextasytube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0G183317.txt [ Cookie:kevin@7.rotator.wigetmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\37NW4E7Z.txt [ Cookie:kevin@uk.sitestat.com/future/edgeonline/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W3UB4VXT.txt [ Cookie:kevin@www.sexulus.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBNDT4CL.txt [ Cookie:kevin@adprudence.rotator.hadj7.adjuggler.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TL062057.txt [ Cookie:kevin@ads.gamesbannernet.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\80EDIWFM.txt [ Cookie:kevin@api.firestormmedia.tv/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YRMOZYXK.txt [ Cookie:kevin@static.freewebs.getclicky.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6NJ1ZXHS.txt [ Cookie:kevin@www.vintagefreeporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ACDXQ8O3.txt [ Cookie:kevin@openx.banners.ge/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\POGJBGJ2.txt [ Cookie:kevin@www.mktrack.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S23VS6KH.txt [ Cookie:kevin@delivery.way2traffic.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZVFNVKA8.txt [ Cookie:kevin@deutsch-porno.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ITJQIF19.txt [ Cookie:kevin@www.mofosex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVROTC4I.txt [ Cookie:kevin@www.deutschporno.eu/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GZ7MKR00.txt [ Cookie:kevin@adserver.zenoviaexchange.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PG191WH5.txt [ Cookie:kevin@deutschporno.eu/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U94KB3EF.txt [ Cookie:kevin@stats.swisslos.ch/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZU6HTLH.txt [ Cookie:kevin@bitchyporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YD55H3F3.txt [ Cookie:kevin@track.adjal.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0Z53U19M.txt [ Cookie:kevin@delivery.way2traffic.com/campaign=2068 ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C6I6QP0U.txt [ Cookie:kevin@hardsextube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\06NIFJEN.txt [ Cookie:kevin@gumaxxx.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\92SU83W0.txt [ Cookie:kevin@www.mediafire.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E7DXS3YF.txt [ Cookie:kevin@adultrental.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B3BT7SW.txt [ Cookie:kevin@pornretrotube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNIYTIDQ.txt [ Cookie:kevin@adserver.adtechus.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CEAGY13W.txt [ Cookie:kevin@www.wqadserver.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZIX2QVOD.txt [ Cookie:kevin@advertising.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NEKKLES2.txt [ Cookie:kevin@galleries.adult-empire.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UMWKPXL0.txt [ Cookie:kevin@track.popmog.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HABT18NB.txt [ Cookie:kevin@ads2.net2day.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OJQELKLV.txt [ Cookie:kevin@rts.pgmediaserve.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BHHHE4HQ.txt [ Cookie:kevin@www.porntube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F73H0HGI.txt [ Cookie:kevin@ads.proxy1.adservr.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LNE7KN1P.txt [ Cookie:kevin@viewad.exchangecash.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\705X2HSP.txt [ Cookie:kevin@www.myeasytv.com/adult/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VYI5ELTU.txt [ Cookie:kevin@sextubster.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BRSFQ85M.txt [ Cookie:kevin@www.trackingindahouse.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5M7L4N43.txt [ Cookie:kevin@pointroll.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOS848Y2.txt [ Cookie:kevin@www.hot-sex-tube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EX85FIFA.txt [ Cookie:kevin@unister-adservices.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NBC89YIJ.txt [ Cookie:kevin@www.livesex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBI0L2KS.txt [ Cookie:kevin@macromedia-flash-player.softonic.de/pocketpc/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIREE3NJ.txt [ Cookie:kevin@xiti.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OAXJ3PKL.txt [ Cookie:kevin@www.pornstarclub.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D0X853UL.txt [ Cookie:kevin@ifuckgames.newgrounds.com/games/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\14W9RYDV.txt [ Cookie:kevin@unister-adservices.com/campaign/conversion/22 ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S9P8JVGR.txt [ Cookie:kevin@www.retrofreeporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4B38WXA.txt [ Cookie:kevin@delivery.way2traffic.com/campaign=2068/view/14410 ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W3X83AQN.txt [ Cookie:kevin@delivery.trafficbroker.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8HZ1FS0.txt [ Cookie:kevin@www.largeporntube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JE619WH0.txt [ Cookie:kevin@moviepilot.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHM9WA7C.txt [ Cookie:kevin@track.adform.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9DBKWUUV.txt [ Cookie:kevin@www.bullporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9W31YJ0R.txt [ Cookie:kevin@www.porntube.com/videos/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5V8KJART.txt [ Cookie:kevin@www.porntube.com/beacon/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H3O4DY5W.txt [ Cookie:kevin@ads.gamersmedia.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FEDRE5XF.txt [ Cookie:kevin@serving-sys.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\67YNQD15.txt [ Cookie:kevin@www.xxxstream.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8UB1B4O.txt [ Cookie:kevin@longporntube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YW95CBV3.txt [ Cookie:kevin@adserver.sevenload.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIYC0CBZ.txt [ Cookie:kevin@www.foreboxxx.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R18WUEDK.txt [ Cookie:kevin@eas5.emediate.eu/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8UGRCMP3.txt [ Cookie:kevin@porn-traffic.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0FX6V4L.txt [ Cookie:kevin@beasex.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\46IA8JNZ.txt [ Cookie:kevin@hd-pornofilme.info/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGIOA511.txt [ Cookie:kevin@www.deutsch-porno.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CI7K48LC.txt [ Cookie:kevin@www.pornoking.at/pphlogger/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2DKJN7SS.txt [ Cookie:kevin@stats.swisslos.ch/dcs5jxkmr00000sx01tqemrjh_9n1r ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O2ZXL7FY.txt [ Cookie:kevin@uk.sitestat.com/future/oxm/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1HVGZXHG.txt [ Cookie:kevin@www.webcountdown.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\967IKL11.txt [ Cookie:kevin@www.sexyama.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RCRFVR6J.txt [ Cookie:kevin@myroitracking.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I7O3OQTD.txt [ Cookie:kevin@uk.sitestat.com/stv/live/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4PLLL30.txt [ Cookie:kevin@streampornvideo.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTAVZ3D0.txt [ Cookie:kevin@ad2.adxpansion.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PEZOP1X.txt [ Cookie:kevin@www.googleadservices.com/pagead/conversion/1053236048/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZOY14WA.txt [ Cookie:kevin@hotsexysolo.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VOQ8OURJ.txt [ Cookie:kevin@sexcamfrauen.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQA33FE2.txt [ Cookie:kevin@liveperson.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVS0K74I.txt [ Cookie:kevin@porn-movie-download.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7THFMFAR.txt [ Cookie:kevin@pornstarclub.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WAGL455D.txt [ Cookie:kevin@animalporn-tube.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5OS2A9R.txt [ Cookie:kevin@go.evolutionmedia.bbelements.com/please/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BMDPHO9.txt [ Cookie:kevin@pornkino.to/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X2YECOAC.txt [ Cookie:kevin@ox-d.secure-clicks.org/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7T4PH8EP.txt [ Cookie:kevin@www.googleadservices.com/pagead/conversion/1071522855/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XGZ8C2RK.txt [ Cookie:kevin@www.pornhub.com/cdn_files/flash/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TY6ERD1S.txt [ Cookie:kevin@pornwall.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AURW93TO.txt [ Cookie:kevin@gratissextv.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GTMY28PY.txt [ Cookie:kevin@bs.serving-sys.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QMRDAH7G.txt [ Cookie:kevin@www.vintagefreeporn.com/st/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\URV86ENL.txt [ Cookie:kevin@view.advert-layer.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TXMOIY70.txt [ Cookie:kevin@uk.sitestat.com/future/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBKM60HV.txt [ Cookie:kevin@adultdvdtalk.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSNGRJGN.txt [ Cookie:kevin@www.madsextube.com/tube2/gallery/97603c65/747447/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\42PY9ULM.txt [ Cookie:kevin@reviews.kellyfind.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GA806OLR.txt [ Cookie:kevin@www.pornwall.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5N1143EL.txt [ Cookie:kevin@www.moviepilot.de/movies/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLPP5YJL.txt [ Cookie:kevin@www.madsextube.com/tags/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2LOOMYRU.txt [ Cookie:kevin@tribalfusion.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QANVV8DG.txt [ Cookie:kevin@zedo.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CYN97XUW.txt [ Cookie:kevin@tpads.totalporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BIYFXK1G.txt [ Cookie:kevin@gratis-porno-videos.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\13BT5RT4.txt [ Cookie:kevin@porncontrol.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KZLKXFES.txt [ Cookie:kevin@specificclick.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X07OMH7P.txt [ Cookie:kevin@s15.shinystat.com/cgi-bin/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9683WGAN.txt [ Cookie:kevin@www.pornoxo.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\441I1BGO.txt [ Cookie:kevin@ox-d.adnetxchange.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJ1EO0HN.txt [ Cookie:kevin@doubleclick.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y4FKBIRR.txt [ Cookie:kevin@sexofporn.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCEGVGUP.txt [ Cookie:kevin@www.adultmovies.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DU539B7V.txt [ Cookie:kevin@ads.weownthetraffic.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P3DSG11B.txt [ Cookie:kevin@teufel-media.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XNK25WF9.txt [ Cookie:kevin@www.madsextube.com/tube/gallery/0abbb6fe/83970/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHZJAAPF.txt [ Cookie:kevin@sex-xxx.free-porn-video.ca/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUUXWFY0.txt [ Cookie:kevin@porn-traffic.net/category/Clips/Massage_stream_91844.html ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJK2LQBB.txt [ Cookie:kevin@ad.mlnadvertising.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D28M15OY.txt [ Cookie:kevin@count.video.de/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q9JWEFCN.txt [ Cookie:kevin@eaeacom.112.2o7.net/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q1BG0OTB.txt [ Cookie:kevin@www.pornerbros.com/ ]

        C:\USERS\KEVIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\187C1FS8.txt [ Cookie:kevin@sunporno.com/ ]

        C:\USERS\KEVIN\Cookies\4PMWJOTA.txt [ Cookie:kevin@tracking.quisma.com/ ]

        C:\USERS\KEVIN\Cookies\47H4N2CQ.txt [ Cookie:kevin@www.my-adserver.com/ ]

        C:\USERS\KEVIN\Cookies\NTH0LRSI.txt [ Cookie:kevin@www.deutschporno.eu/ ]

        C:\USERS\KEVIN\Cookies\YEXWNTWQ.txt [ Cookie:kevin@deutschporno.eu/ ]

        C:\USERS\KEVIN\Cookies\WFGYFVPB.txt [ Cookie:kevin@clkads.com/adServe/banners ]

        C:\USERS\KEVIN\Cookies\YVPV8KCX.txt [ Cookie:kevin@eas.apm.emediate.eu/ ]

        C:\USERS\KEVIN\Cookies\GPLDYUCE.txt [ Cookie:kevin@thefind.com/ ]

        C:\USERS\KEVIN\Cookies\JTSD1VD5.txt [ Cookie:kevin@animetoplist.org/ ]

        C:\USERS\KEVIN\Cookies\VCQI9X5T.txt [ Cookie:kevin@lucidmedia.com/ ]

        C:\USERS\KEVIN\Cookies\8NSKCZ3J.txt [ Cookie:kevin@invitemedia.com/ ]

        C:\USERS\KEVIN\Cookies\RWJGY3PX.txt [ Cookie:kevin@clkads.com/adServe ]

        C:\USERS\KEVIN\Cookies\OGZUS62L.txt [ Cookie:kevin@www.adultmovies.com/ ]

        .divx.112.2o7.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\USERS\KEVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        api.firestormmedia.tv [ C:\USERS\KEVIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PD7USU6D ]

        cdn-small.content.adultcentro.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PD7USU6D ]

        ia.media-imdb.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PD7USU6D ]

        media.scanscout.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PD7USU6D ]

        secure-us.imrworldwide.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PD7USU6D ]

        track.webgains.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PD7USU6D ]

        .hentaitoplist.org [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .userporn.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .game-advertising-online.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .solvemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .solvemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .a.revenuemax.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        server.adform.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .interclick.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .interclick.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .histats.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .histats.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .hentaicounter.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafire.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafiretrend.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafiretrend.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafiretrend.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .enoratraffic.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.trackingindahouse.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .alphaporno.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxpose.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .getclicky.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .static.getclicky.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .freaks-toplist.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        tracking.mlsat02.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        7.rotator.wigetmedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        7.rotator.wigetmedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adserver01.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        api.firestormmedia.tv [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        api.firestormmedia.tv [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        api.firestormmedia.tv [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.easymedia-gmbh.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking.mindshare.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        counter2.sexmoney.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .my-adserver.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.netxmedia.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        server.adform.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.statsq.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.trackunions.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        media.laredoute.fr [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .rotator.wigetmedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.sexkontakt.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.sexkontakt-at.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .sexkontakt-at.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .sexkontakt-at.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .sexkontakt-at.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.netxmedia.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .userporn.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .userporn.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .userporn.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        7.rotator.wigetmedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking-technology.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .livesexasian.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        tracking.hostgator.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        e2.emediate.se [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        e2.emediate.se [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adverticum.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.tldadserv.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.mediafire.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.game-advertising-online.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        stats.computecmedia.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        view.advert-layer.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        view.advert-layer.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        logging.ourstats.de [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.usenext.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        ads.ventivmedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .syndication.traffichaus.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .syndication.traffichaus.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .syndication.traffichaus.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .clicksor.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        vidasco.rotator.hadj7.adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adjuggler.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .lucidmedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafire.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafire.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mediafire.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .server.cpmstar.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adxpansion.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .mm.chitika.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api18.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api18.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api18.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api26.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api26.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api26.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api31.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api31.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api31.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .st.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .st.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .st.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api6.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api6.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .api6.thetrafficstat.net [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        www.pornhub.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LO7BTCAH.DEFAULT\COOKIES.SQLITE ]
 

Trojan.Agent/Gen-Krpytik

        C:\S\LAUNCH.EXE

        C:\S\SONICWIN.EXE

        C:\USERS\KEVIN\DESKTOP\SEGA\NEUER ORDNER (3)\NEUER ORDNER\METTRIX-SAGE09\E02WIN.EXE

        C:\USERS\KEVIN\DESKTOP\SEGA\NEUER ORDNER (3)\NEUER ORDNER\METTRIX-SAGE09\LAUNCH.EXE
 

Trojan.Agent/Gen-Keylogger

        C:\USERS\KEVIN\DESKTOP\SEGA\NEUER ORDNER (3)\SAVE EDITOR COLLECTION 1.1\SAVE EDITOR COLLECTION 1.1\FORZA 2 ADVANCED SAVE EDITOR\FORZA 2 SAVE EDITOR.EXE

        C:\USERS\KEVIN\DESKTOP\SEGA\NEUER ORDNER (3)\SAVE EDITOR COLLECTION 1.1\SAVE EDITOR COLLECTION 1.1\JUST CAUSE 2 MONEY EDITOR\JUST CAUSE 2 SAVE EDITOR.EXE

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.21.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kevin :: KEVIN-TOSH [Administrator]
 

21.09.2012 16:21:04

mbam-log-2012-09-21 (16-21-04).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 446827

Laufzeit: 1 Stunde(n), 18 Minute(n), 48 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Trojan.Agent/Gen-Krpytik

        C:\S\LAUNCH.EXE

        C:\S\SONICWIN.EXE

Ist dir das bekannt? Gehört das auch zum SEGA-Gedöns? :D

Wenn ja, sind das Fehlalarme.

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?