Redirekt Virus Google und andere Bidvertiser ?!

iwoflo · 23.03.2012, 21:44

Hi Leute,

ich hoffe Ihr könnt mir helfen.

Ich habe seit einigen Tagen so ein Problem mit Suchseiten. Immer wenn ich etwas suche und den link anklicke werde ich umgeleitet auf ( oft) bidvertiser und dann irgendwie weiter.

Auch wenn ich bidvertiser bei z.b. google. eingebe kommt ein schwarzer browser.

Nach meinem Kasperskycheck habe was gefunden und löschen lassen.

Aber das Problem besteht noch immer.

Bei anderen Foren habe ich bisher nur gelesen, dass die Lösung nur Benutzerspezifisch ist.
Deswegen der neue Tread.

Auch ist es so, dass wenn irgendwie ein Link Bidvertiser drin hat, kommt auch eine schwarze Seite.

Please Help ^^.

Vielen Dank im voraus.

PS:
Windows Vist
Notebook

So jetzt habe ich mal ein paar scans gemacht.

1x Malawarebytes
1x OTL

Hier die Logs ( alle die ich habe). Hoffe die helfen weiter.

Grüsse Flo

[code] Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Aktiviert

23.03.2012 22:59:35
mbam-log-2012-03-23 (22-59-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373756
Laufzeit: 1 Stunde(n), 22 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\aquaplay (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende) [\code]

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Deaktiviert

24.03.2012 08:59:07
mbam-log-2012-03-24 (08-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372007
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

So und jetzt noch folgende protection logs ( benötigt ? keine Ahnung hoffentlich hilft es)

Code:

ATTFilter

2012/03/23 14:19:57 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/23 14:20:07 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/23 14:20:10 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/23 14:20:16 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/23 14:24:25 +0100	IWONA-PC	Iwona	MESSAGE	Starting database refresh
2012/03/23 14:24:25 +0100	IWONA-PC	Iwona	MESSAGE	Stopping IP protection
2012/03/23 14:24:27 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection stopped
2012/03/23 14:24:38 +0100	IWONA-PC	Iwona	MESSAGE	Database refreshed successfully
2012/03/23 14:24:38 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/23 14:30:10 +0100	IWONA-PC	Iwona	MESSAGE	Executing scheduled update:  Daily
2012/03/23 14:31:06 +0100	IWONA-PC	Iwona	ERROR	Scheduled update failed:  No address found failed with error code 11004
2012/03/23 19:01:52 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 53606, Process: avp.exe)
2012/03/23 19:01:52 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 53610, Process: avp.exe)
2012/03/23 20:30:27 +0100	IWONA-PC	Iwona	IP-BLOCK	78.46.103.44 (Type: outgoing, Port: 55079, Process: avp.exe)
2012/03/23 21:29:56 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/23 21:30:33 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/23 21:30:36 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/23 21:30:55 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/23 21:31:33 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49195, Process: avp.exe)
2012/03/23 22:01:46 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49499, Process: avp.exe)

jetzt noch mal der 2te scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Deaktiviert

24.03.2012 08:59:07
mbam-log-2012-03-24 (08-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372007
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und der protection log

Code:

ATTFilter

2012/03/24 00:30:27 +0100	IWONA-PC	Iwona	MESSAGE	Stopping IP protection
2012/03/24 00:30:29 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection stopped
2012/03/24 06:45:37 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 06:45:47 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 06:45:50 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 06:45:55 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/24 07:07:51 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 07:07:57 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 07:08:00 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 07:08:05 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/24 07:20:53 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 07:21:00 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 07:21:03 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 07:21:08 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/24 10:32:39 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 10:32:42 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 10:32:45 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 10:32:50 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully

Hier noch die OTL logs

Code:

ATTFilter

OTL logfile created on: 24.03.2012 10:20:34 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 75,32% Memory free
6,00 Gb Paging File | 5,52 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 30,77 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 7,46 Gb Total Space | 2,28 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.24 10:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.14 19:53:14 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.04 00:30:49 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.17 13:56:26 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.14 19:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.01.13 10:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.10.01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.02.01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.27 22:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.04.09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006.10.30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKLM\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 23:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 11:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.23 13:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.22 23:23:01 | 000,000,000 | ---D | M]
 
[2012.03.20 11:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions
[2010.09.05 18:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions
[2012.03.21 23:41:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.03.21 23:12:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.21 23:17:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.21 23:23:45 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\ext@sprng.me
[2012.03.21 23:12:26 | 000,002,112 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\searchplugins\wot-safe-search.xml
[2012.03.21 23:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 08:32:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.22 23:24:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.08.22 23:24:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\DENDZONES@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.30 12:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.12.03 01:00:29 | 000,438,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15094 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe ()
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7C41E0-BE10-4C6C-983C-A5A12539B3B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A99EA8-11FE-4AD3-AD01-86F632F9298B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 10:19:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2012.03.23 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.23 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.23 14:15:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.23 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 17:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.22 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Kraftgeräte Isotonik
[2012.03.21 23:34:48 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\PackageAware
[2012.03.21 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.16 20:39:37 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.16 20:39:36 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.16 20:38:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.16 20:38:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.16 20:38:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.16 20:38:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.16 20:38:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.15 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Bilder Privat
[2012.03.10 22:43:25 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\ministry
[2012.03.10 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\german
[2012.03.06 19:27:29 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\ISL
[2012.03.06 19:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.03.06 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\ISL
[2012.03.03 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\SCE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 10:19:49 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.24 10:19:49 | 000,600,080 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.24 10:19:49 | 000,130,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.24 10:19:49 | 000,107,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.24 10:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.24 08:45:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 07:18:36 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.24 07:18:26 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.24 07:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 07:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 14:15:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 16:07:52 | 002,629,120 | ---- | M] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 14:53:03 | 000,006,488 | ---- | M] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 12:34:52 | 000,050,692 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.21 23:05:31 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 17:38:57 | 000,036,214 | -H-- | M] () -- C:\Users\Iwona\Desktop\mxfilerelatedcache.mxc2
[2012.03.19 15:44:27 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 14:52:32 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 14:52:14 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\templ1.html
[2012.03.19 11:11:06 | 000,007,084 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.18 23:15:26 | 000,126,976 | RHS- | M] () -- C:\Windows\System32\stdole2A.dll
[2012.03.17 08:48:25 | 000,289,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.15 19:03:54 | 000,011,199 | ---- | M] () -- C:\Users\Iwona\Desktop\Inventarliste Geräte.ods
[2012.03.14 18:43:10 | 000,027,032 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 11:49:48 | 000,008,343 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 18:34:11 | 001,953,279 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 16:55:08 | 000,006,678 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 16:25:49 | 000,010,192 | ---- | M] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.12 04:03:04 | 000,000,963 | ---- | M] () -- C:\Users\Iwona\Desktop\config.dat
[2012.03.11 17:17:41 | 000,201,728 | ---- | M] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 17:03:42 | 000,124,416 | ---- | M] (www.sft-loader.de) -- C:\Users\Iwona\Desktop\dsconn.dll
[2012.03.06 19:29:38 | 012,735,995 | ---- | M] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 19:26:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.23 14:15:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 16:11:50 | 002,629,120 | ---- | C] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 14:52:58 | 000,006,488 | ---- | C] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 12:34:49 | 000,050,692 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.21 23:05:31 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.21 23:05:30 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 17:38:30 | 000,036,214 | -H-- | C] () -- C:\Users\Iwona\Desktop\mxfilerelatedcache.mxc2
[2012.03.19 15:44:27 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 14:52:32 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 13:13:04 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\templ1.html
[2012.03.18 23:15:26 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\stdole2A.dll
[2012.03.18 23:15:26 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.14 18:43:08 | 000,027,032 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 14:37:49 | 000,007,084 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.14 11:49:46 | 000,008,343 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 18:34:05 | 001,953,279 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 16:55:06 | 000,006,678 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 16:25:47 | 000,010,192 | ---- | C] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.06 19:29:35 | 012,735,995 | ---- | C] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 19:26:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.01.23 16:33:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.03 01:34:14 | 000,000,098 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.14 21:57:48 | 000,004,915 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.03.01 19:13:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.01 19:13:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.01 19:13:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.01 19:13:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.01 19:13:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.01 19:13:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.01 19:13:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.01 19:13:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.01 19:13:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.01 19:13:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.01 19:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.01 19:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.01 19:13:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.01 19:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.01 19:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.01 19:13:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.01 19:13:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.01 19:13:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.01 19:13:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.19 14:16:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.22 23:23:56 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.22 23:23:56 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.16 00:49:27 | 000,000,036 | ---- | C] () -- C:\Users\Iwona\AppData\Local\housecall.guid.cache
[2010.05.10 21:10:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

< End of report >

UND

Code:

ATTFilter

OTL Extras logfile created on: 24.03.2012 10:20:34 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 75,32% Memory free
6,00 Gb Paging File | 5,52 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 30,77 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 7,46 Gb Total Space | 2,28 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E1741-EDF1-4412-8C7C-B2209AE0C7BE}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{04006F6F-5E42-4B57-B49D-6BADCB61B5AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{06603ADA-EC2D-4701-8480-44D2DB684FC9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0BB19C23-F746-4A9D-A4A3-94054DB8811E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0FC70A64-EFC5-4BF9-A424-B863782FFC15}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{0FF08B6A-A1E0-4CF3-A52B-27A1AE30909C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{12C65E58-CF49-4749-8D5C-A599BE16DC40}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{13BD0673-B180-403E-8AF5-07D3CB0662E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{17555DE7-F56A-4AA8-AC05-DBDC02596764}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{2A8F8773-7E9D-45D2-8090-D208B96634D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{351A76FD-D34A-483B-9E80-E859F2DDF12D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{363CB5D1-69FC-4296-A19D-5CFC47ACE527}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{36BD9966-D043-4D6D-97DE-E6319C71E10D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{38A7BA71-6A9A-483A-B34C-F1D9A6D1FFA2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{45770112-5781-4063-BB51-62E6B4697852}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4C44897D-F96A-46FC-BD4E-0119C9EB1777}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{4C687C51-9106-4ABC-BD25-9D958BA62CF2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{56C9D4D2-CA15-4D2A-B74D-72646BCCBC08}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{570CD276-07ED-4968-A15D-8375360A1C45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5F934B1B-CAF6-469C-BA23-035AFF317443}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | 
"{6979AB44-F56B-4F01-97F8-891F421E0924}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C3E613F-B747-41F4-9612-3D880B25BF30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6C4B527E-44E1-427F-BB1B-9FA0AE4FD652}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7432D018-1AAF-4B6E-90ED-CC5043B06484}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{7A7162ED-97B3-4F24-9933-24D2F147AFD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B6B04AD-FECB-4F75-AA8B-E5C56595D145}" = lport=29137 | protocol=6 | dir=in | name=windows core service | 
"{7E77A793-3165-4894-BBBE-D59FB1FF75DB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{848CA032-0F99-4B7F-86E9-903BEF95AA7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{859D3BAD-FD1E-4C5A-B37B-E3B24ABA6ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{99DE5FB7-5A43-4030-B554-606C8FB61FF8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9CB02DA1-C1BA-4CD3-BBBD-79E390590F6C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A121367A-5B27-4D33-91C2-06CEDEE80323}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{A57F1A31-9A35-470B-A303-74DC15468B64}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A5F994B9-B030-4D8E-AB51-71392C6C148F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A88CED61-A0D5-4A2A-B862-E2404999EC5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8B41856-0201-4761-9A79-BAAC8C1FDD12}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AB5F8174-A8A6-4EF1-8C91-1E30E5A553BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B395CC63-A144-46F2-8965-7FC666AF76CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B3BD5126-6F3D-4E6B-BB32-7F98D1BEF89E}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | 
"{B94F755C-DA20-44F1-B298-251D1A5154F9}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{C1292AEE-C4DB-4A1C-A7C3-8DEEF499DBDC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C22C6B9D-B916-4C6B-9496-D9DB21A5AEBC}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{D142356C-CAAB-424F-8432-912BDBB4EFC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D79B984B-03BA-4B79-BCCE-68774C488797}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E65082B2-89B8-4DC1-B6B4-6BDE3A5DEF27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9AEBF31-729F-4604-B5E4-E915860966DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA2330ED-22BC-4593-9978-AA16E89D1397}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB47F7BA-C331-4DCC-B869-D89802E22A7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B0662-B026-4D43-8F2C-A4F8CDB02B8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A69EDE7-66A3-4453-8081-9EB5F5E4830B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{1055A628-764C-44C5-A82D-02181D813770}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{161F7AB2-676C-4C51-82CE-45E9B463A606}" = protocol=6 | dir=out | app=system | 
"{16DBBF04-6800-47F6-AB62-361B3478BF88}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{18FA9C7B-4513-4108-B30F-1BD704A8D18D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1A796952-901D-4525-878B-BBEBC5564A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F4D63FD-16A0-4F16-8193-4F88D7E6CE60}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{232FE57E-C882-4F86-A4E1-D9D7BC3CC6A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2ABE9053-16C1-4A88-8D1F-B91C60C090F0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{31D1B9D3-573E-4FF7-956B-1817D2099F69}" = protocol=6 | dir=in | app=c:\program files\buhl\business\buero plus next\bpnext.exe | 
"{3F921A19-4C85-4883-8AA2-9BCD891E47D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{41FBEF40-3AD5-4717-A72E-8D0957373E45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{451C356E-1BDC-4C8D-BD27-B0DA1BB3E02C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{4B365FCA-5023-4D2C-A950-00DF65409BD7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5724FB13-4437-49FD-AC94-6548F618160D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{583F09D2-F99D-4266-A6BC-FA2C616EACEA}" = protocol=17 | dir=in | app=c:\users\iwona\downloads\pdf_creator_setup.exe | 
"{6A0B0BA6-48BB-4604-B598-74E212BDA513}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{6F842B4D-B6AE-4ED0-877C-FE1DE4970F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8271CCDF-6575-46DA-81EC-805B38C8A396}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{85773256-B5DB-4899-9820-26153FF6F973}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{866110BA-8516-4F4A-8F87-10CF587C78AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{88018CF0-3A47-46CF-A040-0F7DC52EB918}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CE24D4D-101D-4E08-B910-1CBC28D64D8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9DB6780D-D823-444B-AF12-54FA73CD1F7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A03A97F6-33AE-4B25-A572-B0AEDEB0B543}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A17B1335-6DD7-482A-93DF-2B6138B286E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{A9DBEE33-B80F-4D9A-8061-937ACE7F501D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6A1A581-275B-46A0-BDF4-CFD977F1FF0A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B7756F95-91CD-4CD6-BD01-F9051B56C799}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C1F5D673-DAB4-443C-AF3F-2F99791162E3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{CC4EBA22-0622-49F9-BD0A-194EA571C859}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{D14D57D8-8C50-4410-A89F-121413AA517E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DAD100AE-8050-4E93-9119-8482F677E4F0}" = protocol=17 | dir=in | app=c:\program files\buhl\business\buero plus next\bpnext.exe | 
"{E0EC9C10-AA45-40F9-A7E9-072EF1FD7840}" = protocol=6 | dir=in | app=c:\users\iwona\downloads\pdf_creator_setup.exe | 
"TCP Query User{4082258C-731B-4555-92CE-2E35CB7B254D}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"TCP Query User{4F152418-D3BD-4A6B-824B-4841A4BB7CC6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{5D9F5AA9-9458-41CC-AFFA-2907E6218BE0}C:\users\iwona\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\iwona\desktop\leecher.exe | 
"TCP Query User{71855612-1E2F-41DB-92F5-4DC0D39B0861}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"TCP Query User{B96B2416-BE3E-4C3C-B207-978463F28C6B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{CB60BBE0-AA6F-4252-A764-B8EDAB9C9E33}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe | 
"TCP Query User{D10141D0-6F1C-49C4-A658-7157BC2438F7}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{05CE9062-0C39-44A5-9E5B-3FFB9A191D8A}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"UDP Query User{46822B7A-B21A-4204-AA62-E80007713B58}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"UDP Query User{6F41738E-71BE-4451-AEBB-DF06FCE92646}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{AAA52008-717D-4983-B57F-7EDD33DDB3E6}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe | 
"UDP Query User{AF6D8815-2D89-458D-A4EA-1D426FE6A9D1}C:\users\iwona\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\iwona\desktop\leecher.exe | 
"UDP Query User{B075C078-53DE-4B72-BC18-79C52318D96E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{B3D3D7D6-0676-4F86-8E39-1D42579B4FBC}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{02DD09E1-3365-75C2-BFD0-43412EEFB45E}" = CCC Help Finnish
"{033649DD-2651-D029-5663-29E61094E7E8}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A084990-69FE-6D33-4BD0-AD6FD8AE57E8}" = CCC Help Japanese
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11E2CEB4-09B4-1392-392D-4FAA23B88AF8}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1365D613-47EA-38F7-BD83-0F1A8E6AFAAE}" = CCC Help Polish
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2012
"{160D6F45-15AF-10A2-DC61-FB4FE5CBE9BA}" = Skins
"{18796D6B-60D7-2771-D145-90A366A9A78D}" = CCC Help German
"{1ABBBBA0-A790-3C9D-F806-A14140BCDFBF}" = ccc-utility
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F26C039-E655-91CB-E3AD-82A272BCD8B6}" = CCC Help English
"{2015087B-31D9-8661-5A9C-B1EA6D3C22C0}" = CCC Help Turkish
"{202B6750-A01B-A7BD-7D0B-ADE001239C04}" = CCC Help Hungarian
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2547290E-8DDF-7479-4E73-9CFE99989F08}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{28E9B542-E70C-8C81-D5A9-D4410FDDA1D8}" = Catalyst Control Center Localization Korean
"{2B95D414-26A8-8DD6-567E-E58B2C0CAF69}" = CCC Help Czech
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3347DE17-A1EE-16C6-A7B0-F474FB3B985A}" = Catalyst Control Center Localization Dutch
"{353A838E-85B5-F8E7-FABA-EA2055DD4418}" = ccc-core-static
"{35691D1C-EBA1-D1BF-53D0-00BD59713DF5}" = Catalyst Control Center Localization Finnish
"{36F7B270-B9EF-E9AB-87AE-67FE6EBD232B}" = CCC Help Danish
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38767763-328D-7529-7E25-909C15ED2A87}" = Catalyst Control Center Localization Russian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA3B438-18DB-97BE-FB52-AEF329CF85E5}" = Catalyst Control Center Localization Hungarian
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{46516ED6-47E6-31C1-F3A7-1D280FBA6438}" = Catalyst Control Center Localization Portuguese
"{46EB4EC8-F43A-D6D9-97EB-A23B625BD8C9}" = CCC Help Korean
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F3D958A-ADBF-98D0-5F7C-25B61B9FC941}" = Catalyst Control Center Graphics Previews Vista
"{60D1F96A-1858-6EFC-1303-425BA95DB80E}" = Catalyst Control Center Localization Japanese
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61CA53F0-C162-DD83-64CA-3746A5ECA94A}" = Catalyst Control Center Localization Danish
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6717AD52-855E-BA83-C733-151C5D9EAFF5}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7613C81D-378E-BECD-0FFC-8C4345FAD40C}" = ATI Catalyst Install Manager
"{76F0B78F-8E7F-1FD5-5A16-4D7DE94871B1}" = Catalyst Control Center Localization Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B5F16F1-6929-74B3-6265-62DBD5AC997F}" = Catalyst Control Center Localization Turkish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC30050-DAEC-8076-8DC9-30012A0B5EC9}" = CCC Help Greek
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE70EF8-F70C-E35C-CC76-AD0B85827C08}" = Catalyst Control Center Graphics Full Existing
"{8CF50625-4147-9026-6BF2-8AB7CE8ABE93}" = Catalyst Control Center Localization Polish
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{949D54CF-E476-30C5-42A8-69C75C51A875}" = CCC Help Swedish
"{97E9C12B-1319-B6AF-39E4-E8204C887564}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A58DF0E3-4A0C-2BCE-0761-A04A38302E61}" = CCC Help Thai
"{A8432E22-FDAD-02FE-6FD5-E1395C186FBB}" = Catalyst Control Center Localization Italian
"{A871F719-F328-8A59-951E-C57E165DA65A}" = Catalyst Control Center Localization French
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AD8178D1-B2E2-43E7-63E4-1320DD2E0F27}" = Catalyst Control Center Localization Chinese Standard
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B063AFC7-F4E1-8164-6FA9-DC72C7A5DC22}" = Catalyst Control Center Localization Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6A7D977-9617-6175-8B4C-F365B1C0E75E}" = Catalyst Control Center Graphics Full New
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}" = EASY Office
"{BDD9AC08-2895-DE6A-2539-F026FC3A7905}" = CCC Help Portuguese
"{C606A7D5-6F16-8D93-CB93-3CD545F0FD90}" = Catalyst Control Center Localization Spanish
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CBA24065-7561-3A01-B624-620C4B5532E7}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D79B4F31-E69A-04C3-C5C9-9CB8DD0F2331}" = CCC Help Russian
"{D819A5E4-30CB-0D5E-2034-B16A9342F0DB}" = Catalyst Control Center Localization Greek
"{D915CDB9-E57D-FF82-251B-83776E954615}" = Catalyst Control Center Localization Thai
"{D962B2EA-1848-3A51-CB4A-45C82D4FF543}" = Catalyst Control Center Localization German
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC91AE54-9AA2-2CB2-180A-36B16069FB47}" = Catalyst Control Center Localization Czech
"{DED6CDFB-5C63-DA19-8CD1-1EE016717139}" = CCC Help Chinese Traditional
"{E1266AC2-A3B5-1FBC-4776-16AF83C22E26}" = CCC Help Dutch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E56E2DFF-9B53-E03A-4913-57F35764C659}" = Catalyst Control Center Localization Norwegian
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E6B5F5E7-51B6-D334-D953-35B847A81AC7}" = CCC Help Spanish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Catan" = Catan - Die erste Insel
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LetsTrade" = LetsTrade Komponenten
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"myphotobook" = myphotobook 3.5
"Online Poststelle_is1" = Online Poststelle - Druckertreiber 2.1.102
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.2
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"xp-AntiSpy" = xp-AntiSpy 3.96-8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
"PokerOffice5" = PokerOffice (remove only)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Greetz Flo

cosinus · 25.03.2012, 16:13

Zitat:

Nach meinem Kasperskycheck habe was gefunden und löschen lassen.

Und was? Das Log bzw die Infos darüber musst du auch alle posten

iwoflo · 25.03.2012, 17:07

Hi Cosinus,

hier der Log vom Kaspersky.

Alles was ich da habe:

Code:

ATTFilter

Gelöscht (5)	
20.03.2012 14:25:21	Gelöscht	trojanisches Programm Exploit.JS.Pdfka.fps	C:\Documents and Settings\Iwona\AppData\Local\Temp\plugtmp\plugin-ap2.php	Hoch	
20.03.2012 23:28:34	Gelöscht	trojanisches Programm Trojan-PSW.Win32.Fareit.om	C:\Windows\Temp\6313a1.exe	Hoch	
20.03.2012 11:31:58	Gelöscht	trojanisches Programm Trojan.Win32.Inject.dhxb	c:\users\iwona\appdata\local\temp\mor.exe//PE_Patch.PECompact	Hoch	
20.03.2012 11:31:58	Gelöscht	trojanisches Programm Trojan.Win32.Inject.dhxb	c:\users\iwona\appdata\local\temp\mor.exe//PE_Patch.PECompact//PecBundle	Hoch	
20.03.2012 11:31:58	Gelöscht	trojanisches Programm Trojan.Win32.Inject.dhxb	c:\users\iwona\appdata\local\temp\mor.exe//PE_Patch.PECompact//PecBundle//PECompact	Hoch

Eben nochmals ESET laufen lassen als Admin:

7 Treads

Nur weiß ich bei dem Onlinescanner nicht, wie ich die Log bekomme.

Gruss

cosinus · 25.03.2012, 18:07

Zitat:

Nur weiß ich bei dem Onlinescanner nicht, wie ich die Log bekomme.

Dazu müsste man die Anleitung mal richtig lesen

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

iwoflo · 25.03.2012, 18:16

Ja jetzt kommt mir die Anleitung bekannt vor

Aber das alles ist neu für mich. Sorry. Ich tue mein bestes

Hier der Eset log

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=74ed6b4bbe75f743884d9b0743f7e7d9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 02:15:13
# local_time=2012-03-25 04:15:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 50160459 50160459 0 0
# compatibility_mode=5892 16776574 100 100 0 170208925 0 0
# compatibility_mode=8192 67108863 100 0 314560 314560 0 0
# scanned=226603
# found=7
# cleaned=7
# scan_time=8715
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\Launcher.exe	a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rbmonitor.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rbnotifier.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rb_move_serial.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rb_ubm.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\registrybooster.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Iwona\Desktop\test\registrybooster.exe	a variant of Win32/RegistryBooster application (deleted - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251

Greetz Flo

cosinus · 25.03.2012, 18:18

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

iwoflo · 25.03.2012, 18:52

Habe während des Suchlaufes den Wlan schalter aus gemacht.

Ich hoffe, dass dies i.O. ist oder muss ich das nochmal machen?

Hier der Log:

Code:

ATTFilter

OTL logfile created on: 25.03.2012 19:28:57 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 63,63% Memory free
5,96 Gb Paging File | 4,99 Gb Available in Paging File | 83,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 26,33 Gb Free Space | 22,40% Space Free | Partition Type: NTFS
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.24 11:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009.12.03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.22 14:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.02.12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007.12.14 21:28:38 | 004,726,784 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\BlackPng.dll
MOD - [2007.07.27 23:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\Toshiba\TBS\NotifyTBS.dll
MOD - [2006.10.10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.14 20:53:14 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.04 01:30:49 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.17 14:56:26 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.14 20:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.01.13 11:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.10.01 17:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.02.01 12:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.15 11:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.26 11:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.16 15:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 15:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKLM\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 00:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 12:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.23 14:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.23 00:23:01 | 000,000,000 | ---D | M]
 
[2012.03.20 12:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions
[2010.09.05 19:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.22 00:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions
[2012.03.22 00:41:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.03.22 00:12:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.22 00:17:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.22 00:23:45 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\ext@sprng.me
[2012.03.22 00:12:26 | 000,002,112 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\searchplugins\wot-safe-search.xml
[2012.03.22 00:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 09:32:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.23 00:24:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.08.23 00:24:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\DENDZONES@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.30 13:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.12.03 02:00:29 | 000,438,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15094 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe ()
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7C41E0-BE10-4C6C-983C-A5A12539B3B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A99EA8-11FE-4AD3-AD01-86F632F9298B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Foldery w sieci Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 11:19:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2012.03.23 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.23 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.23 15:15:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.23 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 18:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.22 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Kraftgeräte Isotonik
[2012.03.22 00:34:48 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\PackageAware
[2012.03.21 23:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.15 16:48:59 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Bilder Privat
[2012.03.10 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\german
[2012.03.06 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\ISL
[2012.03.06 20:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.03.06 20:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\ISL
[2012.03.03 17:22:30 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\SCE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 19:00:02 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.25 18:03:36 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.25 18:03:36 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.25 18:03:36 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.25 18:03:36 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.25 18:02:32 | 000,201,728 | ---- | M] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.25 17:49:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 17:49:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 17:48:59 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.25 17:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 17:48:49 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 11:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 15:15:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 17:07:52 | 002,629,120 | ---- | M] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 15:53:03 | 000,006,488 | ---- | M] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 13:34:52 | 000,050,692 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.22 00:05:31 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 16:44:27 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 15:52:32 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 12:11:06 | 000,007,084 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.19 00:15:26 | 000,126,976 | RHS- | M] () -- C:\Windows\System32\stdole2A.dll
[2012.03.17 09:48:25 | 000,289,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.15 20:03:54 | 000,011,199 | ---- | M] () -- C:\Users\Iwona\Desktop\Inventarliste Geräte.ods
[2012.03.14 19:43:10 | 000,027,032 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 12:49:48 | 000,008,343 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 19:34:11 | 001,953,279 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 17:55:08 | 000,006,678 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 17:25:49 | 000,010,192 | ---- | M] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.12 05:03:04 | 000,000,963 | ---- | M] () -- C:\Users\Iwona\Desktop\config.dat
[2012.03.11 18:03:42 | 000,124,416 | ---- | M] (www.sft-loader.de) -- C:\Users\Iwona\Desktop\dsconn.dll
[2012.03.06 20:29:38 | 012,735,995 | ---- | M] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 20:26:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 11:30:02 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.23 15:15:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 17:11:50 | 002,629,120 | ---- | C] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 15:52:58 | 000,006,488 | ---- | C] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 13:34:49 | 000,050,692 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.22 00:05:31 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.22 00:05:30 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 16:44:27 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 15:52:32 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 00:15:26 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\stdole2A.dll
[2012.03.19 00:15:26 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.14 19:43:08 | 000,027,032 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 15:37:49 | 000,007,084 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.14 12:49:46 | 000,008,343 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 19:34:05 | 001,953,279 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 17:55:06 | 000,006,678 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 17:25:47 | 000,010,192 | ---- | C] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.06 20:29:35 | 012,735,995 | ---- | C] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 20:26:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.01.23 17:33:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.03 02:34:14 | 000,000,098 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.14 22:57:48 | 000,004,915 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.03.01 20:13:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.01 20:13:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.01 20:13:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.01 20:13:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.01 20:13:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.01 20:13:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.01 20:13:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.01 20:13:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.01 20:13:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.01 20:13:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.01 20:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.01 20:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.01 20:13:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.01 20:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.01 20:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.01 20:13:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.01 20:13:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.01 20:13:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.01 20:13:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.19 15:16:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.23 00:23:56 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.23 00:23:56 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.16 01:49:27 | 000,000,036 | ---- | C] () -- C:\Users\Iwona\AppData\Local\housecall.guid.cache
[2010.05.10 22:10:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
 
========== LOP Check ==========
 
[2009.08.12 00:43:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service
[2010.01.27 00:46:30 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service GmbH
[2012.03.17 06:12:26 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ComCenter
[2011.07.23 12:56:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\EPSON
[2012.01.29 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\FileZilla
[2009.11.12 09:45:46 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\GHISLER
[2011.11.28 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\gtk-2.0
[2011.05.14 01:26:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\HEM Data
[2011.01.15 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\LolClient
[2011.11.27 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia
[2010.10.02 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia Ovi Suite
[2011.05.02 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nvu
[2008.10.13 22:43:33 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\OpenOffice.org
[2011.06.11 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\PC Suite
[2011.05.15 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\postgresql
[2009.12.26 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\QuickScan
[2011.08.19 02:10:13 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Research In Motion
[2010.09.05 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Thunderbird
[2008.09.18 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Toshiba
[2008.09.04 01:29:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\TuneUp Software
[2010.08.23 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\XnView
[2008.12.17 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2012.03.25 19:00:02 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.03.24 20:53:36 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.25 17:48:59 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\swxsiwun.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.14 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Adobe
[2011.04.24 02:22:36 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Apple Computer
[2008.09.01 17:55:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ATI
[2009.08.12 00:43:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service
[2010.01.27 00:46:30 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service GmbH
[2012.03.17 06:12:26 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ComCenter
[2008.10.02 00:01:16 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\DivX
[2011.07.23 12:56:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\EPSON
[2010.08.22 23:59:11 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\FastStone
[2012.01.29 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\FileZilla
[2009.11.12 09:45:46 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\GHISLER
[2008.11.20 22:36:56 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Google
[2011.11.28 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\gtk-2.0
[2011.05.14 01:26:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\HEM Data
[2008.09.01 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Identities
[2008.09.01 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\InstallShield
[2011.01.15 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\LolClient
[2008.09.02 01:55:17 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Macromedia
[2012.03.23 15:16:24 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Media Center Programs
[2010.09.02 17:56:21 | 000,000,000 | --SD | M] -- C:\Users\Iwona\AppData\Roaming\Microsoft
[2012.03.22 00:06:27 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Mozilla
[2010.10.12 00:08:10 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nero
[2011.11.27 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia
[2010.10.02 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia Ovi Suite
[2011.05.02 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nvu
[2008.10.13 22:43:33 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\OpenOffice.org
[2011.06.11 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\PC Suite
[2011.05.15 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\postgresql
[2009.12.26 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\QuickScan
[2011.08.19 02:10:13 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Research In Motion
[2012.03.15 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Skype
[2011.12.29 16:19:50 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\skypePM
[2010.09.05 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Thunderbird
[2008.09.18 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Toshiba
[2008.09.04 01:29:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\TuneUp Software
[2011.04.25 06:19:56 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\vlc
[2010.08.23 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\XnView
[2008.12.17 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
 
< %APPDATA%\*.exe /s >
[2008.12.17 01:42:42 | 000,038,200 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.19 02:09:42 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
[2010.09.02 17:56:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}\ARPPRODUCTICON.exe
[2010.09.02 17:56:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}\NewShortcut11_8B5959CC74474B2CBAA72EAA9FF0E4D7.exe
[2010.09.02 17:56:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}\NewShortcut1_8B5959CC74474B2CBAA72EAA9FF0E4D7.exe
[2012.03.22 00:32:27 | 000,158,000 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2010.09.14 20:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.07.01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[2012.03.19 00:15:26 | 000,126,976 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\stdole2A.dll

< End of report >

Gruss Flo

cosinus · 26.03.2012, 12:09

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Windows\Tasks\swxsiwun.job
C:\Users\Iwona\Desktop\test\registrybooster.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

iwoflo · 26.03.2012, 19:00

Hallo Arne,

danke für den Fix.

Der PC läuft irgendwie besser. Fährt schneller hoch.

Leider kann ich erst jetzt wieder antworten, da dies nur über einen 2t PC geht, da ich mit dem Infizierten nicht auf den Tread komme

Naja hab jetzt mal alles geschrieben, was mir einfällt. Hoffe es ist hilfreich.

Hier der LOG:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Windows\Tasks\swxsiwun.job moved successfully.
File\Folder C:\Users\Iwona\Desktop\test\registrybooster.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Iwona
->Temp folder emptied: 31798969 bytes
->Temporary Internet Files folder emptied: 568103101 bytes
->Java cache emptied: 11574702 bytes
->FireFox cache emptied: 46218224 bytes
->Google Chrome cache emptied: 26844440 bytes
->Flash cache emptied: 502735 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8447066 bytes
RecycleBin emptied: 100953423 bytes
 
Total Files Cleaned = 758,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03262012_132441

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Folgende Situationen bestehen noch:

1. Nachdem ich den Computer gestartet habe kommt folgendes:

DOS-MODUS:

Code:

ATTFilter

Phoenix TrustedCore(tm) NB 
Copyright 1985-2006 Phonix Technologies Ltd.
All Rights Reserved

ATI Herring (DDR2 + RS690M/T/SB600)
CPU = AMD Turion(tm) 64 X2 Mobile Technology TL-62
CPU Speed = 2100 Mhz

639 System Ram Passed
2942M Extended Ram Passed 
1024 KB L2 Cache 
System BIOS shadowed
Video BIOS shadowed
ATAPI CD-ROM: TSSTcorp CDDVDW TS-L632H
Fixed Disk 0: TOSHIBA MK2546GSK
Mouse initialized
ERROR
System Configuration Data Read Error 

Press <F1> to resume, <F2> to Setup

Hat das etwas mit dem Virus zu tuen? Habe ich bestimmt schon 1/2 Jahr.

2. Bei Browserbentutzung: (hier Firefox) und z.B. Klick des Themenlinks in eurem Forum ( um z.B. zu lesen)

Bei Nutzung und Eingabe von Bidvertiser bei Google kommt kommt ein Schwarzes ( gräuliches ) Bild
Oben im Reiter steht search ( GIF-Grafik,1x1 Pixel )

Adresszeile: www.google.de/search?hl=de&output=search/sclient=psy-ab&q=bidvertiser&oq...aaq0QWS4oi1Bg.1332784119924.3&emsg=NCSR&noj=1&ei=-KtwT_nhCaaq0QWS4oi1Bg

3. Googlesuche:
bei Suchergebnissen werde ich auf folgende Seite geleitet:
www.thealltimes.com
Während des Umleitens kommt im Browserfenster ein ca. 11 Zeiliger Code ( Html?)

4.Malawarebytes blockt immer noch eine Verbindung zu einer unsicheren Seite.

Vielen Dank so weit!

Flo

cosinus · 26.03.2012, 20:02

Zitat:

1. Nachdem ich den Computer gestartet habe kommt folgendes:

DOS-MODUS:

Das ist kein DOS, das sind POST-Meldungen!

Zitat:

ERROR
System Configuration Data Read Error

Was das genau heißen mag, kann man vllt mal ergooglen evtl lässt sich auch im Handbuch was dazu finden

Zitat:

Hat das etwas mit dem Virus zu tuen? Habe ich bestimmt schon 1/2 Jahr.

Nein, da diese Meldungen vom POST/BIOS sind ist noch garnicht das Betriebssystem geladen was du üblicherweise benutzt.

Zitat:

4.Malawarebytes blockt immer noch eine Verbindung zu einer unsicheren Seite.

Wenn du schon sowas mitteilen musst, warum postest du denn nicht gleich das Log? Wäre sinnvoll oder nicht?

iwoflo · 26.03.2012, 20:25

Danke für die Infos.

Wie man sieht ist dies nicht so mein Bereich

Hier die letzte Protection LOG Datei:

Code:

ATTFilter

2012/03/26 12:42:52 +0200	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/26 12:42:58 +0200	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/26 12:43:01 +0200	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/26 12:43:06 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/26 12:50:53 +0200	IWONA-PC	Iwona	MESSAGE	Executing scheduled update:  Daily
2012/03/26 12:51:35 +0200	IWONA-PC	Iwona	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.03.25.01 to version v2012.03.26.02
2012/03/26 12:51:35 +0200	IWONA-PC	Iwona	MESSAGE	Starting database refresh
2012/03/26 12:51:35 +0200	IWONA-PC	Iwona	MESSAGE	Stopping IP protection
2012/03/26 12:51:36 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection stopped
2012/03/26 12:51:41 +0200	IWONA-PC	Iwona	MESSAGE	Database refreshed successfully
2012/03/26 12:51:41 +0200	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/26 12:51:46 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/26 12:52:37 +0200	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49289, Process: avp.exe)
2012/03/26 13:24:21 +0200	IWONA-PC	Iwona	MESSAGE	Stopping IP protection
2012/03/26 13:24:23 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection stopped
2012/03/26 13:31:13 +0200	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/26 13:31:20 +0200	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/26 13:31:23 +0200	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/26 13:31:28 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/26 19:20:04 +0200	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/26 19:20:13 +0200	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/26 19:20:16 +0200	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/26 19:20:22 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/26 19:43:34 +0200	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/26 19:43:40 +0200	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/26 19:43:43 +0200	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/26 19:43:48 +0200	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/26 19:53:30 +0200	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49262, Process: avp.exe)
2012/03/26 20:23:42 +0200	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49379, Process: avp.exe)

Gruss Flo

cosinus · 26.03.2012, 21:42

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

iwoflo · 26.03.2012, 22:24

Code:

ATTFilter

23:18:07.0974 3212	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:18:08.0042 3212	============================================================
23:18:08.0042 3212	Current date / time: 2012/03/26 23:18:08.0042
23:18:08.0042 3212	SystemInfo:
23:18:08.0042 3212	
23:18:08.0042 3212	OS Version: 6.0.6002 ServicePack: 2.0
23:18:08.0042 3212	Product type: Workstation
23:18:08.0042 3212	ComputerName: IWONA-PC
23:18:08.0042 3212	UserName: Iwona
23:18:08.0042 3212	Windows directory: C:\Windows
23:18:08.0042 3212	System windows directory: C:\Windows
23:18:08.0042 3212	Processor architecture: Intel x86
23:18:08.0042 3212	Number of processors: 2
23:18:08.0042 3212	Page size: 0x1000
23:18:08.0043 3212	Boot type: Normal boot
23:18:08.0043 3212	============================================================
23:18:09.0444 3212	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:18:09.0448 3212	Drive \Device\Harddisk1\DR2 - Size: 0x1DE800000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:18:09.0450 3212	\Device\Harddisk0\DR0:
23:18:09.0457 3212	MBR used
23:18:09.0457 3212	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xEB14000
23:18:09.0457 3212	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEE02800, BlocksNum 0xE3C3000
23:18:09.0457 3212	\Device\Harddisk1\DR2:
23:18:09.0458 3212	MBR used
23:18:09.0458 3212	\Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEF3FE0
23:18:09.0554 3212	Initialize success
23:18:09.0554 3212	============================================================
23:18:20.0041 6116	============================================================
23:18:20.0041 6116	Scan started
23:18:20.0041 6116	Mode: Manual; SigCheck; TDLFS; 
23:18:20.0041 6116	============================================================
23:18:21.0357 6116	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:18:21.0491 6116	ACPI - ok
23:18:21.0916 6116	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:18:21.0940 6116	adp94xx - ok
23:18:22.0083 6116	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:18:22.0101 6116	adpahci - ok
23:18:22.0131 6116	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:18:22.0145 6116	adpu160m - ok
23:18:22.0192 6116	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:18:22.0208 6116	adpu320 - ok
23:18:22.0314 6116	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:18:22.0341 6116	AeLookupSvc - ok
23:18:22.0433 6116	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:18:22.0454 6116	AFD - ok
23:18:22.0564 6116	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:18:22.0577 6116	agp440 - ok
23:18:22.0675 6116	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:18:22.0693 6116	aic78xx - ok
23:18:22.0810 6116	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:18:22.0842 6116	ALG - ok
23:18:22.0875 6116	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:18:22.0888 6116	aliide - ok
23:18:22.0977 6116	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:18:22.0991 6116	amdagp - ok
23:18:23.0012 6116	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:18:23.0025 6116	amdide - ok
23:18:23.0083 6116	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:18:23.0113 6116	AmdK7 - ok
23:18:23.0134 6116	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:18:23.0165 6116	AmdK8 - ok
23:18:23.0250 6116	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:18:23.0271 6116	Appinfo - ok
23:18:23.0313 6116	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:18:23.0328 6116	arc - ok
23:18:23.0386 6116	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:18:23.0399 6116	arcsas - ok
23:18:23.0478 6116	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:23.0510 6116	AsyncMac - ok
23:18:23.0556 6116	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:18:23.0569 6116	atapi - ok
23:18:23.0643 6116	Ati External Event Utility (581b9be9e92a0f3856cc85ec011edc6f) C:\Windows\system32\Ati2evxx.exe
23:18:23.0691 6116	Ati External Event Utility - ok
23:18:23.0911 6116	atikmdag        (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
23:18:23.0989 6116	atikmdag - ok
23:18:24.0143 6116	AtiPcie         (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:18:24.0158 6116	AtiPcie - ok
23:18:24.0229 6116	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:18:24.0259 6116	AudioEndpointBuilder - ok
23:18:24.0273 6116	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:18:24.0313 6116	Audiosrv - ok
23:18:24.0430 6116	AVP             (946d70667b0119f2beeae0849e1d46a2) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
23:18:24.0483 6116	AVP - ok
23:18:24.0587 6116	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:18:24.0618 6116	Beep - ok
23:18:24.0683 6116	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:18:24.0714 6116	BFE - ok
23:18:24.0876 6116	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
23:18:24.0917 6116	BITS - ok
23:18:24.0978 6116	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:18:25.0008 6116	blbdrive - ok
23:18:25.0114 6116	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:18:25.0131 6116	bowser - ok
23:18:25.0171 6116	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:18:25.0196 6116	BrFiltLo - ok
23:18:25.0245 6116	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:18:25.0270 6116	BrFiltUp - ok
23:18:25.0315 6116	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:18:25.0347 6116	Browser - ok
23:18:25.0514 6116	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:18:25.0570 6116	Brserid - ok
23:18:25.0678 6116	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:18:25.0731 6116	BrSerWdm - ok
23:18:25.0999 6116	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:18:26.0051 6116	BrUsbMdm - ok
23:18:26.0174 6116	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:18:26.0227 6116	BrUsbSer - ok
23:18:26.0375 6116	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:18:26.0428 6116	BTHMODEM - ok
23:18:26.0494 6116	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:18:26.0525 6116	cdfs - ok
23:18:26.0696 6116	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:18:26.0720 6116	cdrom - ok
23:18:26.0794 6116	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:18:26.0820 6116	CertPropSvc - ok
23:18:27.0050 6116	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:18:27.0082 6116	circlass - ok
23:18:27.0323 6116	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:18:27.0342 6116	CLFS - ok
23:18:27.0483 6116	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:18:27.0498 6116	clr_optimization_v2.0.50727_32 - ok
23:18:27.0630 6116	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:18:27.0646 6116	clr_optimization_v4.0.30319_32 - ok
23:18:27.0763 6116	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:18:27.0795 6116	CmBatt - ok
23:18:27.0827 6116	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:18:27.0841 6116	cmdide - ok
23:18:27.0885 6116	CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
23:18:27.0903 6116	CnxtHdAudAddService - ok
23:18:28.0027 6116	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:18:28.0041 6116	Compbatt - ok
23:18:28.0093 6116	COMSysApp - ok
23:18:28.0195 6116	ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:18:28.0202 6116	ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
23:18:28.0202 6116	ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
23:18:28.0395 6116	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:18:28.0407 6116	crcdisk - ok
23:18:28.0555 6116	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:18:28.0587 6116	Crusoe - ok
23:18:28.0652 6116	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:18:28.0679 6116	CryptSvc - ok
23:18:28.0900 6116	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:18:28.0938 6116	DcomLaunch - ok
23:18:29.0119 6116	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:18:29.0136 6116	DfsC - ok
23:18:29.0391 6116	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:18:29.0646 6116	DFSR - ok
23:18:29.0849 6116	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:18:29.0877 6116	Dhcp - ok
23:18:29.0998 6116	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:18:30.0012 6116	disk - ok
23:18:30.0136 6116	DNIMp50         (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
23:18:30.0143 6116	DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
23:18:30.0143 6116	DNIMp50 - detected UnsignedFile.Multi.Generic (1)
23:18:30.0207 6116	DNISp50         (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
23:18:30.0213 6116	DNISp50 ( UnsignedFile.Multi.Generic ) - warning
23:18:30.0213 6116	DNISp50 - detected UnsignedFile.Multi.Generic (1)
23:18:30.0287 6116	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:18:30.0304 6116	Dnscache - ok
23:18:30.0426 6116	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:18:30.0453 6116	dot3svc - ok
23:18:30.0535 6116	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:18:30.0569 6116	DPS - ok
23:18:30.0691 6116	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:18:30.0715 6116	drmkaud - ok
23:18:30.0887 6116	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:18:30.0922 6116	DXGKrnl - ok
23:18:31.0139 6116	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:18:31.0173 6116	E1G60 - ok
23:18:31.0291 6116	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:18:31.0319 6116	EapHost - ok
23:18:31.0405 6116	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:18:31.0421 6116	Ecache - ok
23:18:31.0597 6116	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:18:31.0617 6116	ehRecvr - ok
23:18:31.0634 6116	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:18:31.0652 6116	ehSched - ok
23:18:31.0777 6116	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:18:31.0795 6116	ehstart - ok
23:18:31.0960 6116	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:18:31.0990 6116	elxstor - ok
23:18:32.0209 6116	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:18:32.0240 6116	EMDMgmt - ok
23:18:32.0437 6116	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:18:32.0468 6116	ErrDev - ok
23:18:32.0627 6116	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:18:32.0659 6116	EventSystem - ok
23:18:32.0775 6116	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:18:32.0794 6116	exfat - ok
23:18:32.0980 6116	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:18:33.0006 6116	fastfat - ok
23:18:33.0085 6116	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:18:33.0116 6116	fdc - ok
23:18:33.0316 6116	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:18:33.0348 6116	fdPHost - ok
23:18:33.0380 6116	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:18:33.0434 6116	FDResPub - ok
23:18:33.0484 6116	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:18:33.0498 6116	FileInfo - ok
23:18:33.0543 6116	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:18:33.0573 6116	Filetrace - ok
23:18:33.0718 6116	FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
23:18:33.0761 6116	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
23:18:33.0761 6116	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
23:18:33.0903 6116	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:18:33.0933 6116	flpydisk - ok
23:18:33.0977 6116	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:18:33.0993 6116	FltMgr - ok
23:18:34.0081 6116	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:18:34.0116 6116	FontCache - ok
23:18:34.0215 6116	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:18:34.0228 6116	FontCache3.0.0.0 - ok
23:18:34.0300 6116	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:18:34.0326 6116	Fs_Rec - ok
23:18:34.0354 6116	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:18:34.0368 6116	gagp30kx - ok
23:18:34.0498 6116	GoogleDesktopManager (4edbba45ba5662945c7ac2c4cc80911f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:18:34.0548 6116	GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
23:18:34.0548 6116	GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
23:18:34.0704 6116	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:18:34.0739 6116	gpsvc - ok
23:18:34.0810 6116	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:18:34.0830 6116	HdAudAddService - ok
23:18:34.0941 6116	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:18:34.0999 6116	HDAudBus - ok
23:18:35.0062 6116	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:18:35.0115 6116	HidBth - ok
23:18:35.0148 6116	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:18:35.0199 6116	HidIr - ok
23:18:35.0287 6116	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
23:18:35.0306 6116	hidserv - ok
23:18:35.0350 6116	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:18:35.0377 6116	HidUsb - ok
23:18:35.0406 6116	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:18:35.0439 6116	hkmsvc - ok
23:18:35.0496 6116	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:18:35.0510 6116	HpCISSs - ok
23:18:35.0623 6116	HSF_DPV         (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:18:35.0657 6116	HSF_DPV - ok
23:18:35.0756 6116	HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:18:35.0773 6116	HSXHWAZL - ok
23:18:35.0867 6116	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:18:35.0891 6116	HTTP - ok
23:18:35.0941 6116	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:18:35.0954 6116	i2omp - ok
23:18:36.0052 6116	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:36.0077 6116	i8042prt - ok
23:18:36.0160 6116	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:18:36.0177 6116	iaStorV - ok
23:18:36.0287 6116	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:18:36.0295 6116	IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:18:36.0295 6116	IDriverT - detected UnsignedFile.Multi.Generic (1)
23:18:36.0393 6116	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:18:36.0427 6116	idsvc - ok
23:18:36.0525 6116	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:18:36.0539 6116	iirsp - ok
23:18:36.0620 6116	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:18:36.0653 6116	IKEEXT - ok
23:18:36.0679 6116	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:18:36.0692 6116	intelide - ok
23:18:36.0773 6116	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:18:36.0805 6116	intelppm - ok
23:18:36.0874 6116	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:18:36.0908 6116	IPBusEnum - ok
23:18:36.0954 6116	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:36.0986 6116	IpFilterDriver - ok
23:18:37.0061 6116	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:18:37.0081 6116	iphlpsvc - ok
23:18:37.0174 6116	IpInIp - ok
23:18:37.0298 6116	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:18:37.0330 6116	IPMIDRV - ok
23:18:37.0628 6116	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:18:37.0660 6116	IPNAT - ok
23:18:37.0829 6116	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:18:37.0861 6116	IRENUM - ok
23:18:38.0037 6116	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:18:38.0050 6116	isapnp - ok
23:18:38.0350 6116	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:18:38.0367 6116	iScsiPrt - ok
23:18:38.0426 6116	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:18:38.0439 6116	iteatapi - ok
23:18:38.0526 6116	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:18:38.0538 6116	iteraid - ok
23:18:38.0621 6116	jswpsapi - ok
23:18:38.0835 6116	jswpslwf        (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:18:38.0853 6116	jswpslwf - ok
23:18:38.0993 6116	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:39.0006 6116	kbdclass - ok
23:18:39.0064 6116	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:18:39.0095 6116	kbdhid - ok
23:18:39.0251 6116	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:39.0274 6116	KeyIso - ok
23:18:39.0413 6116	KL1             (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
23:18:39.0429 6116	KL1 - ok
23:18:39.0692 6116	kl2             (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
23:18:39.0705 6116	kl2 - ok
23:18:40.0088 6116	KLIF            (2b7064ff5681b8dde96b98709bb78884) C:\Windows\system32\DRIVERS\klif.sys
23:18:40.0127 6116	KLIF - ok
23:18:40.0347 6116	KLIM6           (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
23:18:40.0361 6116	KLIM6 - ok
23:18:40.0653 6116	klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
23:18:40.0667 6116	klmouflt - ok
23:18:41.0052 6116	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:18:41.0085 6116	KSecDD - ok
23:18:41.0250 6116	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:18:41.0317 6116	KtmRm - ok
23:18:41.0447 6116	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
23:18:41.0467 6116	LanmanServer - ok
23:18:41.0660 6116	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:18:41.0682 6116	LanmanWorkstation - ok
23:18:41.0878 6116	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:18:41.0910 6116	lltdio - ok
23:18:41.0993 6116	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:18:42.0028 6116	lltdsvc - ok
23:18:42.0114 6116	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:18:42.0177 6116	lmhosts - ok
23:18:42.0242 6116	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:18:42.0258 6116	LSI_FC - ok
23:18:42.0284 6116	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:18:42.0301 6116	LSI_SAS - ok
23:18:42.0356 6116	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:18:42.0370 6116	LSI_SCSI - ok
23:18:42.0428 6116	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:18:42.0460 6116	luafv - ok
23:18:42.0620 6116	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:18:42.0634 6116	MBAMProtector - ok
23:18:42.0691 6116	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:18:42.0720 6116	MBAMService - ok
23:18:42.0774 6116	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:18:42.0793 6116	Mcx2Svc - ok
23:18:42.0907 6116	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:18:42.0921 6116	mdmxsdk - ok
23:18:42.0965 6116	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:18:42.0979 6116	megasas - ok
23:18:43.0025 6116	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:18:43.0047 6116	MegaSR - ok
23:18:43.0150 6116	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:18:43.0183 6116	MMCSS - ok
23:18:43.0245 6116	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:18:43.0280 6116	Modem - ok
23:18:43.0313 6116	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:18:43.0345 6116	monitor - ok
23:18:43.0431 6116	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:18:43.0445 6116	mouclass - ok
23:18:43.0462 6116	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:18:43.0494 6116	mouhid - ok
23:18:43.0562 6116	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:18:43.0576 6116	MountMgr - ok
23:18:43.0636 6116	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:18:43.0653 6116	mpio - ok
23:18:43.0713 6116	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:18:43.0739 6116	mpsdrv - ok
23:18:43.0792 6116	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:18:43.0825 6116	MpsSvc - ok
23:18:43.0919 6116	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:18:43.0933 6116	Mraid35x - ok
23:18:44.0020 6116	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:18:44.0040 6116	MRxDAV - ok
23:18:44.0084 6116	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:44.0103 6116	mrxsmb - ok
23:18:44.0174 6116	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:44.0193 6116	mrxsmb10 - ok
23:18:44.0257 6116	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:44.0277 6116	mrxsmb20 - ok
23:18:44.0318 6116	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:18:44.0332 6116	msahci - ok
23:18:44.0357 6116	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:18:44.0371 6116	msdsm - ok
23:18:44.0428 6116	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:18:44.0463 6116	MSDTC - ok
23:18:44.0559 6116	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:18:44.0590 6116	Msfs - ok
23:18:44.0637 6116	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:18:44.0650 6116	msisadrv - ok
23:18:44.0708 6116	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:18:44.0741 6116	MSiSCSI - ok
23:18:44.0752 6116	msiserver - ok
23:18:44.0857 6116	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:18:44.0890 6116	MSKSSRV - ok
23:18:44.0949 6116	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:18:44.0980 6116	MSPCLOCK - ok
23:18:45.0039 6116	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:18:45.0070 6116	MSPQM - ok
23:18:45.0169 6116	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:18:45.0185 6116	MsRPC - ok
23:18:45.0231 6116	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:18:45.0244 6116	mssmbios - ok
23:18:45.0295 6116	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:18:45.0327 6116	MSTEE - ok
23:18:45.0409 6116	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:18:45.0424 6116	Mup - ok
23:18:45.0481 6116	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:18:45.0515 6116	napagent - ok
23:18:45.0580 6116	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:18:45.0600 6116	NativeWifiP - ok
23:18:45.0690 6116	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:18:45.0738 6116	NDIS - ok
23:18:45.0814 6116	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:18:45.0839 6116	NdisTapi - ok
23:18:45.0899 6116	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:18:45.0932 6116	Ndisuio - ok
23:18:45.0976 6116	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:18:46.0002 6116	NdisWan - ok
23:18:46.0020 6116	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:18:46.0045 6116	NDProxy - ok
23:18:46.0110 6116	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:18:46.0142 6116	NetBIOS - ok
23:18:46.0227 6116	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:18:46.0254 6116	netbt - ok
23:18:46.0296 6116	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:46.0315 6116	Netlogon - ok
23:18:46.0375 6116	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:18:46.0413 6116	Netman - ok
23:18:46.0453 6116	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:18:46.0489 6116	netprofm - ok
23:18:46.0566 6116	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:18:46.0580 6116	NetTcpPortSharing - ok
23:18:46.0642 6116	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:18:46.0655 6116	nfrd960 - ok
23:18:46.0709 6116	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:18:46.0744 6116	NlaSvc - ok
23:18:46.0779 6116	nmwcd - ok
23:18:46.0797 6116	nmwcdc - ok
23:18:46.0863 6116	nmwcdnsu - ok
23:18:46.0898 6116	nmwcdnsuc - ok
23:18:46.0972 6116	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:18:46.0997 6116	Npfs - ok
23:18:47.0034 6116	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:18:47.0067 6116	nsi - ok
23:18:47.0113 6116	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:18:47.0145 6116	nsiproxy - ok
23:18:47.0220 6116	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:18:47.0275 6116	Ntfs - ok
23:18:47.0368 6116	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:18:47.0421 6116	ntrigdigi - ok
23:18:47.0455 6116	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:18:47.0485 6116	Null - ok
23:18:47.0512 6116	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:18:47.0527 6116	nvraid - ok
23:18:47.0555 6116	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:18:47.0568 6116	nvstor - ok
23:18:47.0594 6116	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:18:47.0609 6116	nv_agp - ok
23:18:47.0686 6116	NwlnkFlt - ok
23:18:47.0702 6116	NwlnkFwd - ok
23:18:47.0799 6116	o2flash         (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
23:18:47.0806 6116	o2flash ( UnsignedFile.Multi.Generic ) - warning
23:18:47.0806 6116	o2flash - detected UnsignedFile.Multi.Generic (1)
23:18:47.0857 6116	O2MDRDR         (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
23:18:47.0870 6116	O2MDRDR - ok
23:18:47.0932 6116	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:18:47.0958 6116	ohci1394 - ok
23:18:47.0999 6116	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:48.0030 6116	p2pimsvc - ok
23:18:48.0047 6116	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:48.0079 6116	p2psvc - ok
23:18:48.0146 6116	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:18:48.0202 6116	Parport - ok
23:18:48.0285 6116	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:18:48.0299 6116	partmgr - ok
23:18:48.0326 6116	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:18:48.0378 6116	Parvdm - ok
23:18:48.0409 6116	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:18:48.0432 6116	PcaSvc - ok
23:18:48.0586 6116	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:18:48.0601 6116	pci - ok
23:18:48.0678 6116	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:18:48.0692 6116	pciide - ok
23:18:48.0728 6116	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:18:48.0745 6116	pcmcia - ok
23:18:48.0830 6116	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:18:48.0901 6116	PEAUTH - ok
23:18:49.0029 6116	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:18:49.0086 6116	pla - ok
23:18:49.0183 6116	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:18:49.0213 6116	PlugPlay - ok
23:18:49.0299 6116	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:49.0347 6116	PNRPAutoReg - ok
23:18:49.0366 6116	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:49.0414 6116	PNRPsvc - ok
23:18:49.0511 6116	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:18:49.0543 6116	PolicyAgent - ok
23:18:49.0652 6116	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:18:49.0685 6116	PptpMiniport - ok
23:18:49.0704 6116	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:18:49.0736 6116	Processor - ok
23:18:49.0802 6116	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:18:49.0830 6116	ProfSvc - ok
23:18:49.0874 6116	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:49.0892 6116	ProtectedStorage - ok
23:18:49.0976 6116	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:18:50.0001 6116	PSched - ok
23:18:50.0055 6116	QIOMem          (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
23:18:50.0070 6116	QIOMem - ok
23:18:50.0153 6116	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:18:50.0197 6116	ql2300 - ok
23:18:50.0303 6116	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:18:50.0320 6116	ql40xx - ok
23:18:50.0405 6116	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:18:50.0429 6116	QWAVE - ok
23:18:50.0456 6116	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:18:50.0474 6116	QWAVEdrv - ok
23:18:50.0553 6116	RapiMgr         (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
23:18:50.0586 6116	RapiMgr - ok
23:18:50.0639 6116	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:18:50.0671 6116	RasAcd - ok
23:18:50.0736 6116	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:18:50.0771 6116	RasAuto - ok
23:18:50.0809 6116	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:18:50.0842 6116	Rasl2tp - ok
23:18:50.0884 6116	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:18:50.0914 6116	RasMan - ok
23:18:50.0989 6116	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:18:51.0013 6116	RasPppoe - ok
23:18:51.0076 6116	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:18:51.0094 6116	RasSstp - ok
23:18:51.0129 6116	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:18:51.0156 6116	rdbss - ok
23:18:51.0197 6116	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:18:51.0227 6116	RDPCDD - ok
23:18:51.0291 6116	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:18:51.0326 6116	rdpdr - ok
23:18:51.0357 6116	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:18:51.0390 6116	RDPENCDD - ok
23:18:51.0448 6116	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:18:51.0467 6116	RDPWD - ok
23:18:51.0523 6116	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:18:51.0557 6116	RemoteAccess - ok
23:18:51.0627 6116	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:18:51.0656 6116	RemoteRegistry - ok
23:18:51.0719 6116	RimUsb - ok
23:18:51.0814 6116	RimVSerPort     (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
23:18:51.0830 6116	RimVSerPort - ok
23:18:51.0907 6116	ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
23:18:51.0940 6116	ROOTMODEM - ok
23:18:51.0999 6116	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:18:52.0017 6116	RpcLocator - ok
23:18:52.0080 6116	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:18:52.0116 6116	RpcSs - ok
23:18:52.0174 6116	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:18:52.0207 6116	rspndr - ok
23:18:52.0319 6116	RTL8187B        (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
23:18:52.0337 6116	RTL8187B - ok
23:18:52.0419 6116	RtlProt         (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
23:18:52.0433 6116	RtlProt - ok
23:18:52.0474 6116	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:52.0492 6116	SamSs - ok
23:18:52.0558 6116	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:18:52.0572 6116	sbp2port - ok
23:18:52.0654 6116	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:18:52.0681 6116	SCardSvr - ok
23:18:52.0731 6116	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:18:52.0763 6116	Schedule - ok
23:18:52.0873 6116	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:18:52.0898 6116	SCPolicySvc - ok
23:18:52.0960 6116	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
23:18:52.0986 6116	sdbus - ok
23:18:53.0028 6116	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:18:53.0049 6116	SDRSVC - ok
23:18:53.0124 6116	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:18:53.0177 6116	secdrv - ok
23:18:53.0214 6116	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:18:53.0248 6116	seclogon - ok
23:18:53.0267 6116	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:18:53.0302 6116	SENS - ok
23:18:53.0329 6116	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:18:53.0383 6116	Serenum - ok
23:18:53.0466 6116	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:18:53.0520 6116	Serial - ok
23:18:53.0553 6116	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:18:53.0584 6116	sermouse - ok
23:18:53.0696 6116	ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:18:53.0717 6116	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
23:18:53.0717 6116	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
23:18:53.0855 6116	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:18:53.0888 6116	SessionEnv - ok
23:18:53.0927 6116	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:18:53.0952 6116	sffdisk - ok
23:18:53.0979 6116	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:18:54.0010 6116	sffp_mmc - ok
23:18:54.0024 6116	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:18:54.0056 6116	sffp_sd - ok
23:18:54.0092 6116	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:18:54.0144 6116	sfloppy - ok
23:18:54.0232 6116	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:18:54.0270 6116	SharedAccess - ok
23:18:54.0317 6116	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:18:54.0339 6116	ShellHWDetection - ok
23:18:54.0391 6116	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:18:54.0405 6116	sisagp - ok
23:18:54.0466 6116	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:18:54.0480 6116	SiSRaid2 - ok
23:18:54.0504 6116	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:18:54.0519 6116	SiSRaid4 - ok
23:18:54.0645 6116	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:18:54.0746 6116	slsvc - ok
23:18:54.0871 6116	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:18:54.0899 6116	SLUINotify - ok
23:18:54.0950 6116	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:18:54.0976 6116	Smb - ok
23:18:55.0013 6116	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:18:55.0031 6116	SNMPTRAP - ok
23:18:55.0077 6116	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:18:55.0089 6116	spldr - ok
23:18:55.0173 6116	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:18:55.0194 6116	Spooler - ok
23:18:55.0263 6116	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:18:55.0286 6116	srv - ok
23:18:55.0332 6116	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:18:55.0350 6116	srv2 - ok
23:18:55.0412 6116	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:18:55.0429 6116	srvnet - ok
23:18:55.0459 6116	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:18:55.0494 6116	SSDPSRV - ok
23:18:55.0555 6116	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:18:55.0576 6116	SstpSvc - ok
23:18:55.0687 6116	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:18:55.0731 6116	stisvc - ok
23:18:55.0790 6116	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:18:55.0804 6116	swenum - ok
23:18:55.0877 6116	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:18:55.0908 6116	swprv - ok
23:18:55.0973 6116	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:18:55.0987 6116	Symc8xx - ok
23:18:56.0010 6116	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:18:56.0024 6116	Sym_hi - ok
23:18:56.0066 6116	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:18:56.0079 6116	Sym_u3 - ok
23:18:56.0155 6116	SynTP           (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
23:18:56.0172 6116	SynTP - ok
23:18:56.0252 6116	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:18:56.0292 6116	SysMain - ok
23:18:56.0341 6116	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:18:56.0364 6116	TabletInputService - ok
23:18:56.0412 6116	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:18:56.0442 6116	TapiSrv - ok
23:18:56.0505 6116	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:18:56.0540 6116	TBS - ok
23:18:56.0624 6116	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:18:56.0661 6116	Tcpip - ok
23:18:56.0774 6116	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:18:56.0813 6116	Tcpip6 - ok
23:18:56.0875 6116	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:18:56.0894 6116	tcpipreg - ok
23:18:56.0965 6116	tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:18:56.0980 6116	tdcmdpst - ok
23:18:57.0026 6116	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:18:57.0057 6116	TDPIPE - ok
23:18:57.0137 6116	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:18:57.0167 6116	TDTCP - ok
23:18:57.0213 6116	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:18:57.0239 6116	tdx - ok
23:18:57.0299 6116	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:18:57.0315 6116	TermDD - ok
23:18:57.0363 6116	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:18:57.0398 6116	TermService - ok
23:18:57.0506 6116	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:18:57.0528 6116	Themes - ok
23:18:57.0572 6116	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:18:57.0605 6116	THREADORDER - ok
23:18:57.0695 6116	TNaviSrv        (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
23:18:57.0712 6116	TNaviSrv - ok
23:18:57.0796 6116	TODDSrv         (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
23:18:57.0815 6116	TODDSrv - ok
23:18:57.0869 6116	TosCoSrv        (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
23:18:57.0891 6116	TosCoSrv - ok
23:18:57.0962 6116	TOSHIBA Bluetooth Service - ok
23:18:57.0981 6116	TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
23:18:57.0989 6116	TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
23:18:57.0989 6116	TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
23:18:58.0064 6116	Tosrfcom - ok
23:18:58.0099 6116	tosrfec         (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
23:18:58.0115 6116	tosrfec - ok
23:18:58.0157 6116	tos_sps32       (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
23:18:58.0175 6116	tos_sps32 - ok
23:18:58.0208 6116	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:18:58.0242 6116	TrkWks - ok
23:18:58.0321 6116	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:18:58.0345 6116	TrustedInstaller - ok
23:18:58.0436 6116	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:58.0469 6116	tssecsrv - ok
23:18:58.0542 6116	TuneUp.Defrag   (0d630405311e1ae574bc2ec6681e485e) C:\Windows\System32\TuneUpDefragService.exe
23:18:58.0565 6116	TuneUp.Defrag - ok
23:18:58.0774 6116	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:18:58.0792 6116	tunmp - ok
23:18:58.0882 6116	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:18:58.0898 6116	tunnel - ok
23:18:58.0935 6116	TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:18:58.0949 6116	TVALZ - ok
23:18:58.0969 6116	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:18:58.0984 6116	uagp35 - ok
23:18:59.0104 6116	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:18:59.0131 6116	udfs - ok
23:18:59.0173 6116	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:18:59.0207 6116	UI0Detect - ok
23:18:59.0311 6116	UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:18:59.0317 6116	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
23:18:59.0317 6116	UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
23:18:59.0422 6116	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:18:59.0437 6116	uliagpkx - ok
23:18:59.0467 6116	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:18:59.0485 6116	uliahci - ok
23:18:59.0513 6116	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:18:59.0528 6116	UlSata - ok
23:18:59.0551 6116	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:18:59.0565 6116	ulsata2 - ok
23:18:59.0670 6116	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:18:59.0703 6116	umbus - ok
23:18:59.0751 6116	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:18:59.0788 6116	upnphost - ok
23:18:59.0819 6116	upperdev - ok
23:18:59.0868 6116	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:59.0892 6116	usbccgp - ok
23:18:59.0991 6116	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:19:00.0044 6116	usbcir - ok
23:19:00.0106 6116	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:00.0132 6116	usbehci - ok
23:19:00.0162 6116	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:00.0189 6116	usbhub - ok
23:19:00.0288 6116	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:00.0314 6116	usbohci - ok
23:19:00.0341 6116	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:00.0373 6116	usbprint - ok
23:19:00.0393 6116	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:19:00.0418 6116	usbscan - ok
23:19:00.0484 6116	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
23:19:00.0507 6116	usbser - ok
23:19:00.0586 6116	UsbserFilt - ok
23:19:00.0628 6116	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:00.0653 6116	USBSTOR - ok
23:19:00.0691 6116	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:19:00.0716 6116	usbuhci - ok
23:19:00.0777 6116	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:19:00.0811 6116	usbvideo - ok
23:19:00.0912 6116	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
23:19:00.0936 6116	usb_rndisx - ok
23:19:00.0974 6116	UVCFTR          (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:19:00.0990 6116	UVCFTR - ok
23:19:01.0029 6116	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:19:01.0056 6116	UxSms - ok
23:19:01.0177 6116	UxTuneUp        (b759612a175a8318fb98d4823f56204d) C:\Windows\System32\uxtuneup.dll
23:19:01.0192 6116	UxTuneUp - ok
23:19:01.0243 6116	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:19:01.0280 6116	vds - ok
23:19:01.0366 6116	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:01.0396 6116	vga - ok
23:19:01.0483 6116	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:19:01.0514 6116	VgaSave - ok
23:19:01.0533 6116	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:19:01.0548 6116	viaagp - ok
23:19:01.0574 6116	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:19:01.0606 6116	ViaC7 - ok
23:19:01.0651 6116	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:19:01.0664 6116	viaide - ok
23:19:01.0750 6116	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:19:01.0763 6116	volmgr - ok
23:19:01.0819 6116	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:19:01.0838 6116	volmgrx - ok
23:19:01.0875 6116	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:19:01.0894 6116	volsnap - ok
23:19:02.0021 6116	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:19:02.0038 6116	vsmraid - ok
23:19:02.0104 6116	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:19:02.0164 6116	VSS - ok
23:19:02.0273 6116	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:19:02.0303 6116	W32Time - ok
23:19:02.0363 6116	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:19:02.0416 6116	WacomPen - ok
23:19:02.0442 6116	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0468 6116	Wanarp - ok
23:19:02.0476 6116	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0504 6116	Wanarpv6 - ok
23:19:02.0561 6116	WcesComm        (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
23:19:02.0599 6116	WcesComm - ok
23:19:02.0739 6116	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:19:02.0788 6116	wcncsvc - ok
23:19:02.0834 6116	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:19:02.0861 6116	WcsPlugInService - ok
23:19:02.0909 6116	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:19:02.0922 6116	Wd - ok
23:19:03.0029 6116	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:19:03.0077 6116	Wdf01000 - ok
23:19:03.0122 6116	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:19:03.0156 6116	WdiServiceHost - ok
23:19:03.0162 6116	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:19:03.0198 6116	WdiSystemHost - ok
23:19:03.0248 6116	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:19:03.0274 6116	WebClient - ok
23:19:03.0373 6116	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:19:03.0393 6116	Wecsvc - ok
23:19:03.0415 6116	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:19:03.0443 6116	wercplsupport - ok
23:19:03.0489 6116	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:19:03.0517 6116	WerSvc - ok
23:19:03.0590 6116	winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:19:03.0619 6116	winachsf - ok
23:19:03.0719 6116	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:19:03.0740 6116	WinDefend - ok
23:19:03.0750 6116	WinHttpAutoProxySvc - ok
23:19:03.0903 6116	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:19:03.0929 6116	Winmgmt - ok
23:19:03.0991 6116	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:19:04.0036 6116	WinRM - ok
23:19:04.0180 6116	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:19:04.0232 6116	Wlansvc - ok
23:19:04.0288 6116	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:04.0313 6116	WmiAcpi - ok
23:19:04.0419 6116	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:19:04.0446 6116	wmiApSrv - ok
23:19:04.0551 6116	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:19:04.0585 6116	WMPNetworkSvc - ok
23:19:04.0711 6116	WN111v2         (bdd5c936c2c3ebf4ad3cc61cefdc5806) C:\Windows\system32\DRIVERS\WN111v2v.sys
23:19:04.0752 6116	WN111v2 - ok
23:19:04.0814 6116	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:19:04.0837 6116	WPCSvc - ok
23:19:04.0928 6116	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:19:04.0948 6116	WPDBusEnum - ok
23:19:05.0031 6116	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:19:05.0048 6116	WpdUsb - ok
23:19:05.0231 6116	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:19:05.0263 6116	WPFFontCache_v0400 - ok
23:19:05.0348 6116	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:05.0379 6116	ws2ifsl - ok
23:19:05.0423 6116	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
23:19:05.0445 6116	wscsvc - ok
23:19:05.0457 6116	WSearch - ok
23:19:05.0556 6116	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:19:05.0623 6116	wuauserv - ok
23:19:05.0713 6116	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:19:05.0731 6116	WudfPf - ok
23:19:05.0794 6116	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:05.0813 6116	WUDFRd - ok
23:19:05.0842 6116	wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
23:19:05.0863 6116	wudfsvc - ok
23:19:05.0948 6116	XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
23:19:05.0962 6116	XAudio - ok
23:19:05.0993 6116	XAudioService   (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
23:19:06.0035 6116	XAudioService - ok
23:19:06.0102 6116	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
23:19:06.0127 6116	yukonwlh - ok
23:19:06.0181 6116	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:19:06.0375 6116	\Device\Harddisk0\DR0 - ok
23:19:06.0383 6116	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
23:19:09.0925 6116	\Device\Harddisk1\DR2 - ok
23:19:09.0960 6116	Boot (0x1200)   (674ee906655b29b875ba5d472718e5c7) \Device\Harddisk0\DR0\Partition0
23:19:09.0961 6116	\Device\Harddisk0\DR0\Partition0 - ok
23:19:09.0982 6116	Boot (0x1200)   (7a1eaa129a108b19812683df712398ac) \Device\Harddisk0\DR0\Partition1
23:19:09.0984 6116	\Device\Harddisk0\DR0\Partition1 - ok
23:19:09.0990 6116	Boot (0x1200)   (cd60bdecaa4f053c323f47c26754027a) \Device\Harddisk1\DR2\Partition0
23:19:09.0993 6116	\Device\Harddisk1\DR2\Partition0 - ok
23:19:09.0994 6116	============================================================
23:19:09.0994 6116	Scan finished
23:19:09.0994 6116	============================================================
23:19:10.0014 6032	Detected object count: 10
23:19:10.0014 6032	Actual detected object count: 10
23:19:30.0322 6032	ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0322 6032	ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0322 6032	DNIMp50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0322 6032	DNIMp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0325 6032	DNISp50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0326 6032	DNISp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0330 6032	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0330 6032	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0335 6032	GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0335 6032	GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0338 6032	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0338 6032	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0342 6032	o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0342 6032	o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0346 6032	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0347 6032	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0351 6032	TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0351 6032	TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:19:30.0354 6032	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0354 6032	UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

greez Flo

cosinus · 27.03.2012, 11:20

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

iwoflo · 27.03.2012, 19:41

Hab den Combofix gemacht.

Hier der Log

Code:

ATTFilter

ComboFix 12-03-27.03 - Iwona 27.03.2012  20:24:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2942.1913 [GMT 2:00]
ausgeführt von:: c:\users\Iwona\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\users\Iwona\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Iwona\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 18:33 . 2012-03-27 18:34	--------	d-----w-	c:\users\Iwona\AppData\Local\temp
2012-03-26 11:24 . 2012-03-26 11:24	--------	d-----w-	C:\_OTL
2012-03-23 13:16 . 2012-03-23 13:16	--------	d-----w-	c:\users\Iwona\AppData\Roaming\Malwarebytes
2012-03-23 13:15 . 2012-03-23 13:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-23 13:15 . 2012-03-23 13:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-23 13:15 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-22 16:02 . 2012-03-22 16:02	--------	d-----w-	c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-21 22:34 . 2012-03-21 22:34	--------	d-----w-	c:\users\Iwona\AppData\Local\PackageAware
2012-03-21 21:27 . 2012-03-21 21:27	--------	d-----w-	c:\program files\ESET
2012-03-18 22:15 . 2012-03-18 22:15	126976	--sha-r-	c:\windows\system32\stdole2A.dll
2012-03-16 19:40 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A64E3FB5-6B57-4D15-955B-D619ADF2BA7C}\mpengine.dll
2012-03-16 19:39 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-16 19:39 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-16 19:39 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-16 19:38 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-16 19:38 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-16 19:38 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-16 19:38 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-16 19:38 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-16 19:38 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-06 18:27 . 2012-03-19 16:38	--------	d-----w-	c:\users\Iwona\AppData\Local\ISL
2012-03-06 18:26 . 2012-03-06 18:26	--------	d-----w-	c:\program files\ISL
2012-03-03 15:22 . 2012-03-19 16:38	--------	d-----w-	c:\users\Iwona\AppData\Local\SCE
2012-03-03 15:22 . 2012-03-03 15:22	--------	d-----w-	c:\users\Public\Sony Online Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-12 09:10	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-12 07:45 . 2009-08-11 22:50	182264	----a-w-	c:\windows\system32\BpShellEx.dll
2012-03-13 04:38 . 2012-03-21 22:04	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Comcenter Easy"="c:\program files\FAX.de\ComCenter\ComCenterEasy.exe" [2010-06-17 3174400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-14 352976]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"EPSON BX305 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE /FU "c:\windows\TEMP\E_S7001.tmp" /EF "HKCU"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"NDSTray.exe"=NDSTray.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RIMBBLaunchAgent.exe"=c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab
FF - ProfilePath - c:\users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 20:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-27  20:37:25
ComboFix-quarantined-files.txt  2012-03-27 18:37
.
Vor Suchlauf: 14 Verzeichnis(se), 27.974.602.752 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 27.774.251.008 Bytes frei
.
- - End Of File - - D57EE4504B961F27159333EA8983E20F

Greetz Flo