Recycler Virus

BernieB · 29.04.2012, 18:17

Hallo zusammen,

ich habe seit einiger Zeit einen Trojaner auf meinem PC, der "Recycler" heißt und mittlerweile auch meine externen Festplatten, USB-Sticks, SD-Karten und auch meinen neuen Kindle befallen hat. Ich habe schon mehrere Virenprogramme ausprobiert, die allerdings den Virus nicht gefunden haben. Anbei der Report des Virenprogramms "Avira". Ich bin mit meinem Latein am Ende und habe mir schon überlegt einfach einen neuen PC zu kaufen, allerdings habe ich dann immer noch den Virus auf den anderen Datenträgern...Wie kriege ich das Ding auf Dauer los?

Vielen Dank für eure Ratschläge.

Gruß
Bernadette

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 29. April 2012 19:08

Es wird nach 3719726 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : Bojko
Computername : BBOJKO

Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31/01/2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 31/01/2012 06:55:52
AVSCAN.DLL : 12.1.0.18 65744 Bytes 31/01/2012 06:56:29
LUKE.DLL : 12.1.0.19 68304 Bytes 31/01/2012 06:56:01
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 31/01/2012 06:55:52
AVREG.DLL : 12.1.0.36 229128 Bytes 29/04/2012 11:18:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 11:17:51
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 11:18:01
VBASE005.VDF : 7.11.26.45 2048 Bytes 28/03/2012 11:18:01
VBASE006.VDF : 7.11.26.46 2048 Bytes 28/03/2012 11:18:01
VBASE007.VDF : 7.11.26.47 2048 Bytes 28/03/2012 11:18:01
VBASE008.VDF : 7.11.26.48 2048 Bytes 28/03/2012 11:18:01
VBASE009.VDF : 7.11.26.49 2048 Bytes 28/03/2012 11:18:01
VBASE010.VDF : 7.11.26.50 2048 Bytes 28/03/2012 11:18:01
VBASE011.VDF : 7.11.26.51 2048 Bytes 28/03/2012 11:18:01
VBASE012.VDF : 7.11.26.52 2048 Bytes 28/03/2012 11:18:02
VBASE013.VDF : 7.11.26.53 2048 Bytes 28/03/2012 11:18:02
VBASE014.VDF : 7.11.26.107 221696 Bytes 30/03/2012 11:18:02
VBASE015.VDF : 7.11.26.179 224768 Bytes 02/04/2012 11:18:03
VBASE016.VDF : 7.11.26.241 142336 Bytes 04/04/2012 11:18:03
VBASE017.VDF : 7.11.27.41 247808 Bytes 08/04/2012 11:18:04
VBASE018.VDF : 7.11.27.107 161280 Bytes 12/04/2012 11:18:04
VBASE019.VDF : 7.11.27.159 148992 Bytes 13/04/2012 11:18:05
VBASE020.VDF : 7.11.27.201 207360 Bytes 17/04/2012 11:18:05
VBASE021.VDF : 7.11.28.3 237568 Bytes 19/04/2012 11:18:06
VBASE022.VDF : 7.11.28.49 193536 Bytes 20/04/2012 11:18:06
VBASE023.VDF : 7.11.28.99 195072 Bytes 23/04/2012 11:18:07
VBASE024.VDF : 7.11.28.133 247808 Bytes 24/04/2012 11:18:08
VBASE025.VDF : 7.11.28.183 186880 Bytes 26/04/2012 11:18:09
VBASE026.VDF : 7.11.28.184 2048 Bytes 26/04/2012 11:18:09
VBASE027.VDF : 7.11.28.185 2048 Bytes 26/04/2012 11:18:09
VBASE028.VDF : 7.11.28.186 2048 Bytes 26/04/2012 11:18:09
VBASE029.VDF : 7.11.28.187 2048 Bytes 26/04/2012 11:18:09
VBASE030.VDF : 7.11.28.188 2048 Bytes 26/04/2012 11:18:09
VBASE031.VDF : 7.11.28.226 114176 Bytes 27/04/2012 11:18:10
Engineversion : 8.2.10.58
AEVDF.DLL : 8.1.2.2 106868 Bytes 31/01/2012 06:55:38
AESCRIPT.DLL : 8.1.4.18 455034 Bytes 29/04/2012 11:18:18
AESCN.DLL : 8.1.8.2 131444 Bytes 29/04/2012 11:18:18
AESBX.DLL : 8.2.5.5 606579 Bytes 29/04/2012 11:18:19
AERDL.DLL : 8.1.9.15 639348 Bytes 31/01/2012 06:55:37
AEPACK.DLL : 8.2.16.9 807287 Bytes 29/04/2012 11:18:18
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 29/04/2012 11:18:17
AEHEUR.DLL : 8.1.4.21 4682102 Bytes 29/04/2012 11:18:16
AEHELP.DLL : 8.1.20.0 254326 Bytes 29/04/2012 11:18:12
AEGEN.DLL : 8.1.5.28 422260 Bytes 29/04/2012 11:18:11
AEEXP.DLL : 8.1.0.33 82293 Bytes 29/04/2012 11:18:19
AEEMU.DLL : 8.1.3.0 393589 Bytes 31/01/2012 06:55:34
AECORE.DLL : 8.1.25.6 201078 Bytes 29/04/2012 11:18:11
AEBB.DLL : 8.1.1.0 53618 Bytes 31/01/2012 06:55:33
AVWINLL.DLL : 12.1.0.17 27344 Bytes 31/01/2012 06:55:54
AVPREF.DLL : 12.1.0.17 51920 Bytes 31/01/2012 06:55:51
AVREP.DLL : 12.1.0.17 179408 Bytes 31/01/2012 06:55:51
AVARKT.DLL : 12.1.0.23 209360 Bytes 31/01/2012 06:55:46
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 31/01/2012 06:55:47
SQLITE3.DLL : 3.7.0.0 398288 Bytes 31/01/2012 06:56:07
AVSMTP.DLL : 12.1.0.17 62928 Bytes 31/01/2012 06:55:52
NETNT.DLL : 12.1.0.17 17104 Bytes 31/01/2012 06:56:02
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 31/01/2012 06:56:32
RCTEXT.DLL : 12.1.0.16 98512 Bytes 31/01/2012 06:56:32

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Meine Dokumente
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\mydocs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 29. April 2012 19:08

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'psqltray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'phtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ifrmewrk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZCfgSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLACTRLW.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TFncKy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TAudEff.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSBattM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosHKCW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMESBS32.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMERzCtl.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TMEEJME.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSODDCtl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSMain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmoothView.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TFNF5.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thpsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AGRSMMSG.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TEDTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess '00THotkey.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLOChangeLogSvcu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wdfmgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Tmesrv31.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Tmesbs32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ThpSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'phsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ntmulti.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'S24EvMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nsl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nslsvice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1444' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'D:\Documents'

Ende des Suchlaufs: Sonntag, 29. April 2012 19:11
Benötigte Zeit: 02:28 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

150 Verzeichnisse wurden überprüft
3459 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
3459 Dateien ohne Befall
22 Archive wurden durchsucht
0 Warnungen
0 Hinweise

kira · 30.04.2012, 08:17

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Zitat von BernieB

Ich habe schon mehrere Virenprogramme ausprobiert, die allerdings den Virus nicht gefunden haben.

► Beschreibe genau, welche Versuche du unternommen hast, um das Problem zu lösen (die schon vorhandenen Ergebnisse auch posten)

► Ab jetzt sofort gilt, bis zum Ende der Reinigung>:

Zitat:

Hast Du externe Festplatte, USB-Sticks und/oder andere externe Speichermedien? Bitte immer (über die ganze Reinigungszeit!!) anschließen,damit gescannt werden kann.- alle Wechseldatenträger und immer bei gedrückter Shift-Taste am USB-Anschluss des Rechners einstecken! - So verhindest Du die Ausführung der AUTORUN-Funktion -> Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

BernieB · 04.05.2012, 19:31

Vielen Dank für die schnelle Antwort.

Hier der OLT-Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.05.2012 20:13:33 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 446,18 Mb Available Physical Memory | 43,95% Memory free
2,40 Gb Paging File | 1,84 Gb Available in Paging File | 76,74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 1,11 Gb Free Space | 7,22% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,17 Gb Free Space | 0,48% Space Free | Partition Type: NTFS
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Bojko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Notes\nsl.exe (IBM Corp)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\Program Files\Funk Software\Proxy Host\PhSvc.exe (Funk Software, Inc.)
PRC - C:\Program Files\Funk Software\Proxy Host\PhTray.exe (Funk Software, Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\TME3\TMERzCtl.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TME3\TMESRV31.EXE (TOSHIBA)
PRC - C:\WINDOWS\system32\TPSODDCtl.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
PRC - C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe (VERITAS Software Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TME3\TMEEJME.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TME3\TMESBS32.EXE (TOSHIBA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Multi-user Cleanup Service) -- C:\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (ProxyHostService) -- C:\Program Files\Funk Software\Proxy Host\PhSvc.exe (Funk Software, Inc.)
SRV - (Tmesrv) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (VRTSChangeJournalReader) -- C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe (VERITAS Software Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (Tmesbs) -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe (TOSHIBA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (vsdatant) -- System32\vsdatant.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ProxyHostDriver) -- C:\WINDOWS\system32\drivers\ph32isys.sys ()
DRV - (ProxyHostMirrorDisplay) -- C:\WINDOWS\system32\drivers\ph32imin.sys (Funk Software, Inc.)
DRV - (ProxyHostInputFilter) -- C:\WINDOWS\system32\drivers\ph32ifil.sys (Funk Software, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TEchoCan) -- C:\WINDOWS\system32\drivers\TEchoCan.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\WINDOWS\system32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Thpdrv) -- C:\WINDOWS\system32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\WINDOWS\system32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (TMEI3E) -- C:\WINDOWS\system32\drivers\TMEI3E.SYS (Toshiba Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.theron.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;;;;;;;;;;;;;;;;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100012
FF - prefs.js..network.proxy.backup.ftp: "proxy"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.28 09:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 09:55:02 | 000,000,000 | ---D | M]
 
[2012.04.28 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Extensions
[2012.05.04 20:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Firefox\Profiles\szwyymv4.default\extensions
[2012.05.03 23:35:58 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Firefox\Profiles\szwyymv4.default\extensions\toolbar@ask.com
[2012.04.28 09:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.05.01 19:17:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012.04.28 09:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.28 09:54:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.28 09:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.28 09:54:54 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.28 09:54:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.07.16 12:56:06 | 000,001,683 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 		localhost
O1 - Hosts: 217.243.231.136		proxy
O1 - Hosts: 217.243.231.130		tc-k-cs-01 	th-col-w2k3-as1 
O1 - Hosts: 217.243.231.131		th-col-notes2 	th-col-w2k3-as2
O1 - Hosts: 217.243.231.132		th-col-as6
O1 - Hosts: 217.243.231.133 	th-col-as7
O1 - Hosts: 217.243.231.134		th-col-notes3	th-col-w2k-as3
O1 - Hosts: 217.243.231.135		th-col-notes4	th-col-w2k-bes		                              
O1 - Hosts: 217.243.231.137		speed-u-up-notes1	th-col-w2k-as5	
O1 - Hosts: 10.10.12.11 		th-col-w2k3-fs1			#Office Server Koeln
O1 - Hosts: 10.10.10.10 		th-muc-w2k3-fs1	th-muc-notes1	#Office Server Muenchen
O1 - Hosts: 10.10.13.10 		th-ber-w2k3-fs1	th-ber-notes1 	#Office Server Berlin
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [000StTHK] C:\windows\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\windows\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\windows\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\windows\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DLO-Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe (VERITAS Software Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154017643109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = theron.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F162A5D-864D-4A1E-BC93-FAC7317B1772}: NameServer = 192.168.236.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B318AB5C-55D2-474A-8FE2-6B3CD0A5CA3E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\windows\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.30 15:08:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:08:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\Shell - "" = AutoRun
O33 - MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.04 20:12:30 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:57:34 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.05.04 19:55:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.04 19:52:56 | 000,000,000 | R-SD | C] -- D:\Documents\Safe
[2012.05.01 19:16:22 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2012.05.01 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.05.01 19:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012.05.01 19:15:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2012.05.01 19:15:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll
[2012.05.01 19:15:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe
[2012.05.01 19:14:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll
[2012.05.01 02:58:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\IETldCache
[2012.04.30 15:24:32 | 000,000,000 | ---D | C] -- C:\windows\WBEM
[2012.04.30 15:23:26 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2012.04.30 15:21:15 | 000,000,000 | ---D | C] -- C:\windows\System32\KB905474
[2012.04.30 15:08:15 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012.04.29 19:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Malwarebytes
[2012.04.29 19:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.04.29 19:35:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.29 19:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.29 19:32:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:54:58 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2012.04.29 13:31:40 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bthport.sys
[2012.04.29 13:31:10 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40.dll
[2012.04.29 13:31:10 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll
[2012.04.29 13:30:54 | 001,860,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2012.04.29 13:30:30 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2012.04.29 13:30:21 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll
[2012.04.29 13:30:00 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll
[2012.04.29 13:29:18 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\t2embed.dll
[2012.04.29 13:29:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\fontsub.dll
[2012.04.29 13:29:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2012.04.29 13:28:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndproxy.sys
[2012.04.29 13:27:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rmcast.sys
[2012.04.29 13:27:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2012.04.29 13:26:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadce.dll
[2012.04.29 13:24:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2012.04.29 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Avira
[2012.04.29 13:19:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mup.sys
[2012.04.29 13:18:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
[2012.04.29 13:17:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml3.dll
[2012.04.29 13:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012.04.29 13:15:35 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\VGX.dll
[2012.04.29 13:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.04.29 13:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\AskToolbar
[2012.04.29 13:14:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[2012.04.29 13:14:25 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2012.04.29 13:13:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.04.29 13:12:53 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.04.29 13:12:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.04.29 13:12:52 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012.04.29 13:08:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wab.exe
[2012.04.29 13:07:50 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rpcrt4.dll
[2012.04.29 13:04:00 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2012.04.29 12:54:15 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2012.04.29 12:54:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\irbus.sys
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rwnh.dll
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comsdupd.exe
[2012.04.29 12:54:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\smtpapi.dll
[2012.04.29 12:53:59 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3d1ag.dll
[2012.04.29 12:53:59 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvaa.dll
[2012.04.29 12:53:59 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2cqag.dll
[2012.04.29 12:53:59 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvag.dll
[2012.04.29 12:53:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2012.04.29 12:53:58 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3duag.dll
[2012.04.29 12:53:58 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ativvaxx.dll
[2012.04.29 12:53:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2012.04.29 12:53:58 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativtmxx.dll
[2012.04.29 12:53:58 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativmvxx.ax
[2012.04.29 12:53:58 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativdaxx.ax
[2012.04.29 12:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2012.04.29 12:53:57 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2012.04.29 12:53:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2012.04.29 12:53:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2012.04.29 12:53:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2012.04.29 12:53:56 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2012.04.29 12:53:56 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2012.04.29 12:53:56 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2012.04.29 12:53:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2012.04.29 12:53:55 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\hsfcisp2.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2012.04.29 12:53:52 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2012.04.29 12:53:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2012.04.29 12:53:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2012.04.29 12:53:52 | 000,086,016 | ---- | C] (Conexant) -- C:\windows\System32\mdmxsdk.dll
[2012.04.29 12:53:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2012.04.29 12:53:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2012.04.29 12:53:51 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\mtxparhd.dll
[2012.04.29 12:53:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2012.04.29 12:53:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2012.04.29 12:53:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2012.04.29 12:53:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2012.04.29 12:53:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2012.04.29 12:53:50 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll
[2012.04.29 12:53:50 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\s3gnb.dll
[2012.04.29 12:53:50 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2012.04.29 12:53:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2012.04.29 12:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2012.04.29 12:53:49 | 000,286,792 | ---- | C] (Smart Link) -- C:\windows\System32\slextspk.dll
[2012.04.29 12:53:49 | 000,188,508 | ---- | C] (Smart Link) -- C:\windows\System32\slgen.dll
[2012.04.29 12:53:49 | 000,073,832 | ---- | C] (Smart Link) -- C:\windows\System32\slcoinst.dll
[2012.04.29 12:53:49 | 000,073,796 | ---- | C] (Smart Link) -- C:\windows\System32\slserv.exe
[2012.04.29 12:53:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2012.04.29 12:53:49 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\System32\slrundll.exe
[2012.04.29 12:53:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2012.04.29 12:53:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vidcap.ax
[2012.04.29 12:53:48 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll
[2012.04.29 12:53:48 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2012.04.29 12:53:47 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll
[2012.04.29 12:53:45 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\slrundll.exe
[2012.04.29 12:53:45 | 000,000,000 | ---D | C] -- C:\windows\System32\en-us
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\System32\scripting
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\l2schemas
[2012.04.29 12:53:43 | 000,000,000 | ---D | C] -- C:\windows\System32\en
[2012.04.29 12:53:42 | 000,000,000 | ---D | C] -- C:\windows\System32\bits
[2012.04.29 12:50:37 | 000,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2012.04.29 12:47:51 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1btxx.sys
[2012.04.29 12:47:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1pdxx.sys
[2012.04.29 12:47:51 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1mdxx.sys
[2012.04.29 12:47:51 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv01nt5.dll
[2012.04.29 12:47:51 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv02nt5.dll
[2012.04.29 12:47:51 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv11nt5.dll
[2012.04.29 12:47:51 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv09nt5.dll
[2012.04.29 12:47:51 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv07nt5.dll
[2012.04.29 12:47:51 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv05nt5.dll
[2012.04.29 12:47:51 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv08nt5.dll
[2012.04.29 12:47:51 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic
[2012.04.29 12:47:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtag.sys
[2012.04.29 12:47:50 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtaa.sys
[2012.04.29 12:47:50 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinrvxx.sys
[2012.04.29 12:47:50 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atintuxx.sys
[2012.04.29 12:47:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1rvxx.sys
[2012.04.29 12:47:50 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxsxx.sys
[2012.04.29 12:47:50 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinbtxx.sys
[2012.04.29 12:47:50 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinraxx.sys
[2012.04.29 12:47:50 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1tuxx.sys
[2012.04.29 12:47:50 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xsxx.sys
[2012.04.29 12:47:50 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxbxx.sys
[2012.04.29 12:47:50 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1raxx.sys
[2012.04.29 12:47:50 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xbxx.sys
[2012.04.29 12:47:50 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinsnxx.sys
[2012.04.29 12:47:50 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1snxx.sys
[2012.04.29 12:47:50 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1ttxx.sys
[2012.04.29 12:47:50 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinpdxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinttxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinmdxx.sys
[2012.04.29 12:47:49 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthprint.sys
[2012.04.29 12:47:49 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv04nt5.dll
[2012.04.29 12:47:49 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv01nt5.dll
[2012.04.29 12:47:49 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv10nt5.dll
[2012.04.29 12:47:49 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\ch7xxnt5.dll
[2012.04.29 12:47:49 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv06nt5.dll
[2012.04.29 12:47:49 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv02nt5.dll
[2012.04.29 12:47:47 | 001,309,184 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlstrm.sys
[2012.04.29 12:47:47 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\drivers\mtxparhm.sys
[2012.04.29 12:47:47 | 000,180,360 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\ntmtlfax.sys
[2012.04.29 12:47:47 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\drivers\s3gnbm.sys
[2012.04.29 12:47:47 | 000,126,686 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlmnt5.sys
[2012.04.29 12:47:47 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rndismpx.sys
[2012.04.29 12:47:47 | 000,013,776 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\recagent.sys
[2012.04.29 12:47:47 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mutohpen.sys
[2012.04.29 12:47:46 | 000,404,990 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slntamr.sys
[2012.04.29 12:47:46 | 000,129,535 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnt7554.sys
[2012.04.29 12:47:46 | 000,095,424 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnthal.sys
[2012.04.29 12:47:46 | 000,013,240 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slwdmsup.sys
[2012.04.29 12:47:46 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\smbali.sys
[2012.04.29 12:47:46 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\siint5.dll
[2012.04.29 12:47:45 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv10nt.sys
[2012.04.29 12:47:45 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv06nt.sys
[2012.04.29 12:47:45 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv11nt.sys
[2012.04.29 12:47:45 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv09nt.sys
[2012.04.29 12:47:45 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv07nt.sys
[2012.04.29 12:47:45 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\vchnt5.dll
[2012.04.29 12:47:45 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv08nt.sys
[2012.04.29 12:42:45 | 000,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2012.04.29 12:30:24 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.28 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.04.28 10:38:39 | 000,000,000 | ---D | C] -- D:\Documents\Simply Super Software
[2012.04.28 09:50:15 | 000,000,000 | R--D | C] -- D:\Documents\My Videos
[2012.04.28 09:48:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.04.28 09:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2012.04.15 18:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\.elfohilfe
[2012.04.15 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Steuererklärung
[2012.04.15 18:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\elsterformular
[2012.04.15 17:54:02 | 000,000,000 | ---D | C] -- C:\4918109223655e5f196f
[2012.04.15 17:49:14 | 000,000,000 | ---D | C] -- D:\Documents\Hausarbeiten MBA
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 20:20:01 | 000,000,234 | ---- | M] () -- C:\windows\tasks\Scheduled Update for Ask Toolbar.job
[2012.05.04 20:12:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:55:48 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.04 19:52:45 | 000,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2012.05.04 19:52:22 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012.05.04 19:50:50 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.04 19:50:48 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.03 19:37:21 | 000,442,334 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.03 19:37:21 | 000,071,912 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.05.02 20:15:02 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\PowerPoint 2003.lnk
[2012.05.01 20:30:38 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2003.lnk
[2012.05.01 19:41:13 | 000,247,104 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.01 02:58:30 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.04.30 15:25:10 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2012.04.30 15:07:35 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 19:33:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:26:53 | 000,001,594 | ---- | M] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:04:22 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2012.04.29 12:47:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012.04.29 12:36:27 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.29 12:16:49 | 000,000,512 | ---- | M] () -- C:\windows\randseed.rnd
[2012.04.29 12:09:19 | 000,036,014 | -H-- | M] () -- C:\windows\System32\vsconfig.xml
[2012.04.28 13:02:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Word 2003.lnk
[2012.04.22 17:07:14 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Bojko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.04 19:55:48 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.04.30 15:21:16 | 000,000,260 | ---- | C] () -- C:\windows\tasks\WGASetup.job
[2012.04.30 15:07:34 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 13:22:50 | 000,001,594 | ---- | C] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:15:16 | 000,000,234 | ---- | C] () -- C:\windows\tasks\Scheduled Update for Ask Toolbar.job
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\dllcache\iacenc.dll
[2012.04.29 12:47:49 | 000,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2012.04.29 12:47:49 | 000,064,352 | ---- | C] () -- C:\windows\System32\drivers\ativmc20.cod
[2012.04.29 12:47:47 | 000,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2012.04.15 17:49:21 | 001,152,609 | ---- | C] () -- D:\Documents\THERON-Values Firmday MUC 2005.pdf
[2010.08.30 11:28:18 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

--- --- ---

Und hier der Extra-Log:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.05.2012 20:13:33 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 446,18 Mb Available Physical Memory | 43,95% Memory free
2,40 Gb Paging File | 1,84 Gb Available in Paging File | 76,74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 1,11 Gb Free Space | 7,22% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,17 Gb Free Space | 0,48% Space Free | Partition Type: NTFS
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Bojko\Desktop\incredimail_install.exe" = C:\Documents and Settings\Bojko\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07DA5DF1-7407-4F8E-AD51-B63673BBB44F}" = VERITAS Backup Exec DLO Agent
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.6.0.198
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DFB275E-92F1-4D4A-A546-C5475917FA41}" = Lotus Notes 7.0.2
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6FE06890-1C53-4F70-8824-261B921B1EB8}" = Proxy Host
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
"ie8" = Windows Internet Explorer 8
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pdf995" = Pdf995
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Sametime Client v2.5" = Sametime Client v2.5
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2012 09:27:52 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 30.04.2012 17:26:36 | Computer Name = BBOJKO | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 30.04.2012 20:58:16 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 30.04.2012 20:58:48 | Computer Name = BBOJKO | Source = Application Error | ID = 1004
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 01.05.2012 13:07:34 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 01.05.2012 13:07:37 | Computer Name = BBOJKO | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 01.05.2012 13:07:39 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 01.05.2012 13:09:04 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 01.05.2012 13:12:43 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 01.05.2012 13:14:31 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
[ System Events ]
Error - 01.05.2012 13:48:30 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 02.05.2012 14:11:22 | Computer Name = BBOJKO | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOM-THERON due to the
 following:   %%1311.    Make sure that the computer is connected to the network and try
again.
 If the problem persists, please contact your domain administrator.
 
Error - 02.05.2012 14:14:24 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 02.05.2012 14:24:38 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 02.05.2012 14:28:41 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 03.05.2012 13:34:07 | Computer Name = BBOJKO | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOM-THERON due to the
 following:   %%1311.    Make sure that the computer is connected to the network and try
again.
 If the problem persists, please contact your domain administrator.
 
Error - 03.05.2012 13:35:11 | Computer Name = BBOJKO | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
 service and therefore cannot download and install updates according to the set 
schedule. Windows will continue to try to establish a connection.
 
Error - 03.05.2012 13:35:25 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 03.05.2012 13:38:23 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 03.05.2012 13:41:37 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 3 time(s).
 
 
< End of report >

--- --- ---

Und hier noch die mit den CCleaner erzeugte Textdatei:

Code:

ATTFilter

Adobe Flash Player ActiveX	Adobe Systems Incorporated	04.05.2012		9.0.47.0
Adobe Reader 8.1.2	Adobe Systems Incorporated	29.02.2008	86,6MB	8.1.2
ALPS Touch Pad Driver				
Avira Free Antivirus	Avira	04.05.2012		12.0.0.898
Avira SearchFree Toolbar plus Web Protection	Ask.com	29.04.2012	4,25MB	1.14.1.0
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	29.04.2012		1.2.0.20064
Bluetooth Stack for Windows by Toshiba		28.09.2007	28,6MB	v4.00.36(T)
CCleaner	Piriform	04.05.2012		3.18
CD/DVD Drive Acoustic Silencer	TOSHIBA	04.05.2012		1.00.008
DeepBurner v1.6.0.198		01.08.2006		
ElsterFormular	Landesfinanzdirektion Thüringen	04.05.2012		13.1.1.8531p
Google Chrome	Google Inc.	04.05.2012		18.0.1025.168
Google Toolbar for Internet Explorer		02.03.2008		
High Definition Audio Driver Package - KB888111	Microsoft Corporation			20040219.000000
Intel(R) Graphics Media Accelerator Driver		04.05.2012		6.14.10.4631
Intel(R) PRO Network Connections Drivers		04.05.2012		
Intel(R) PROSet/Wireless Software	Intel Corporation	04.05.2012		10.01.0000
InterVideo WinDVD Creator 2	InterVideo Inc.	04.05.2012		2.0.14.376
InterVideo WinDVD for TOSHIBA	InterVideo Inc.	04.05.2012		5.0-B11.529
J2SE Runtime Environment 5.0 Update 4	Sun Microsystems, Inc.	31.01.2006	151,3MB	1.5.0.40
Lotus Notes 7.0.2	IBM	19.09.2007	327MB	7.02.6269
Macromedia Flash Player	Macromedia, Inc.	31.01.2006	0,98MB	7.0.19.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	29.04.2012		1.61.0.1400
Microsoft .NET Framework 1.1		03.05.2012		
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	01.05.2012	184,9MB	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	01.05.2012	179,8MB	3.2.30729
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	01.05.2012		
Microsoft Office 2003 Proofing Tools	Microsoft Corporation	21.09.2007	99,8MB	11.0.7969.0
Microsoft Office OneNote 2003	Microsoft Corporation	19.09.2007	222MB	11.0.7969.0
Microsoft Office Professional Edition 2003	Microsoft Corporation	08.05.2008	553MB	11.0.7969.0
Microsoft Office Visio Viewer 2003 (English)	Microsoft Corporation	01.08.2006	19,9MB	11.0.3709.5614
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	29.04.2012	11,1MB	10.0.40219
Mozilla Firefox (3.0.15)	Mozilla	04.05.2012		3.0.15 (de)
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	19.09.2007	2,62MB	4.20.9848.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	30.04.2012	1,42MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	30.04.2012	2,77MB	4.20.9876.0
NVIDIA Drivers		04.05.2012		
PC Connectivity Solution	Nokia	28.09.2007	8,42MB	7.7.10.0
Pdf995		04.05.2012		
Protector Suite 5.4	UPEK	25.07.2006	33,8MB	5.4.0.2688
Proxy Host	Funk Software	01.08.2006	9,04MB	5.10.985
QuickTime	Apple Computer, Inc.	01.08.2006		7.1
Sametime Client v2.5		04.05.2012		
SD Secure Module	TOSHIBA Corporation	31.01.2006	52,00KB	1.0.4
SigmaTel Audio	SigmaTel	31.01.2006		5.10.4650.0
Skype™ 5.8	Skype Technologies S.A.	04.05.2012	19,1MB	5.8.158
Sonic DLA	Sonic Solutions	31.01.2006	2,39MB	5.2.0
Sonic RecordNow!	Sonic Solutions	31.01.2006	13,9MB	7.31
TOSHIBA Assist		04.05.2012		
TOSHIBA ConfigFree		04.05.2012		5.90.05
TOSHIBA Controls				
TOSHIBA Display Devices Change Utility		04.05.2012		
TOSHIBA Dual Pointing Device Utility				
TOSHIBA HDD Protection	TOSHIBA Corporation	31.01.2006	1,12MB	1.01.08e
TOSHIBA Hotkey Utility for Display Devices		04.05.2012		
TOSHIBA Manuals	TOSHIBA	31.01.2006		7.05
TOSHIBA Mic Effect		04.05.2012		2.05.00 EC CHM
TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP		04.05.2012		
TOSHIBA Password Utility	TOSHIBA Corporation	31.01.2006		2.01.01
TOSHIBA PC Diagnostic Tool		29.04.2012		
TOSHIBA Power Saver		04.05.2012		7.08.00
TOSHIBA SD Memory Boot Utility	TOSHIBA Corporation	31.01.2006	0,21MB	1.1.0.0A
TOSHIBA SD Memory Card Format		04.05.2012		
TOSHIBA Security Assist	TOSHIBA	31.01.2006		1.1.1
TOSHIBA Software Modem				2.1.62 (SM2162ALD04)
TOSHIBA Utilities	TOSHIBA Corporation	31.01.2006		4.30.11
TOSHIBA Wireless Key Logon	TOSHIBA	01.02.2006	2,19MB	1.00.00
TOSHIBA Zooming Utility		04.05.2012		
VERITAS Backup Exec DLO Agent	VERITAS Software	19.09.2007	7,56MB	2.00.00.0000
VideoLAN VLC media player 0.8.6c	VideoLAN Team	04.05.2012		0.8.6c
Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)	Nokia	04.05.2012		03/19/2007 6.83.31.1
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)	Nokia	04.05.2012		02/15/2007 3.1
Windows Internet Explorer 8	Microsoft Corporation	30.04.2012		20090308.140743
Windows XP Service Pack 3	Microsoft Corporation	29.04.2012		20080414.031525
WinZip		04.05.2012		
Wireless Hotkey		04.05.2012		2.0.0.6

kira · 04.05.2012, 20:00

hast Du meine Frage übersehen?:

Zitat:

Zitat von kira

► Beschreibe genau, welche Versuche du unternommen hast, um das Problem zu lösen (die schon vorhandenen Ergebnisse auch posten)

BernieB · 04.05.2012, 20:44

Ups, sorry.

also, ich habe mit Avira einen Scan durchgeführt und die Log-Analyse unten schon gepostet.

Des Weiteren habe ich Malwarebytes heruntergeladen und das System gescannt.

Hier der Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Bojko :: BBOJKO [Administrator]

29.04.2012 19:37:56
mbam-log-2012-04-29 (19-37-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222751
Laufzeit: 8 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Darüber hinaus habe ich den Trojan Remover runtergeladen und das System gescannt. Allerdings habe ich den schon wieder deinstalliert und deshalb liegen keine Analysen vor.

Reicht dir das als Info?

Danke nochmal für die Hilfe!!!

kira · 05.05.2012, 09:43

1.
Deinstalliere:

Zitat:

Avira SearchFree Toolbar plus Web Protection Ask.com
Avira SearchFree Toolbar plus Web Protection Updater Ask.com

Info
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal:
Hier klicken zum Weiterlesen:
-> http://www.chip.de/news/AntiVir-Serv..._45444953.html
► Wer möchte diese Adware auf seinen Rechner haben?!
Lieber ohne Webguard, als mit ein Adware...

2.
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum?

Code:

ATTFilter

O1 - Hosts: 127.0.0.1 		localhost
O1 - Hosts: 217.243.231.136		proxy
O1 - Hosts: 217.243.231.130		tc-k-cs-01 	th-col-w2k3-as1 
O1 - Hosts: 217.243.231.131		th-col-notes2 	th-col-w2k3-as2
O1 - Hosts: 217.243.231.132		th-col-as6
O1 - Hosts: 217.243.231.133 	th-col-as7
O1 - Hosts: 217.243.231.134		th-col-notes3	th-col-w2k-as3
O1 - Hosts: 217.243.231.135		th-col-notes4	th-col-w2k-bes		                              
O1 - Hosts: 217.243.231.137		speed-u-up-notes1	th-col-w2k-as5	
O1 - Hosts: 10.10.12.11 		th-col-w2k3-fs1			#Office Server Koeln
O1 - Hosts: 10.10.10.10 		th-muc-w2k3-fs1	th-muc-notes1	#Office Server Muenchen
O1 - Hosts: 10.10.13.10 		th-ber-w2k3-fs1	th-ber-notes1 	#Office Server Berlin

3.
Deine eigenen Einstellungen, sofern Du welche vorgenommen hast?:

Code:

ATTFilter

FF - prefs.js..network.proxy.backup.ftp: "proxy"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - user.js - File not found

Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

im Internet Explorer::-> Ändern von Proxyeinstellungen in Internet Explorer
über das Menü Extras-> Internetoptionen-> Verbindungen-> den Unterpunkt LAN-Einstellungen

Code:

ATTFilter

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;;;;;;;;;;;;;;;;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theron.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100012
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.30 15:08:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:08:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\Shell - "" = AutoRun
O33 - MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

6.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

7.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:->

Code:

ATTFilter

Mozilla Firefox

BernieB · 05.05.2012, 16:08

Hi, hier folgt die Berichterstattung:

1. Avira toolbar habe ich deinstalliert

2. Nein, das habe ich nicht selbst eingetragen. Das war meine ehemaliger Arbeitgeber - das ist ein Arbeits-notebook, das ich als Abfindung bekommen habe als ich die Firma verlassen habe. Ich habe eigentlich nichts an den Einstellungen verändert, das wurde alles von der Firma gemacht, bei der ich gearbeitet habe. Da ich das NB jetzt nur noch privat nutze, könnte ich das ändern, wenn nötig?

3. Hier gilt das selbe wie bei 2. - alles Einstellungen von meinem ehemaligen Arbeitgeber. Ich habe die Proxyeinstellungen aus Firefox und Internet Explorer rausgenommen.

4. Ich habe keine Änderungen an den Logfiles vorgenommen. Ich habe dein Skript mit OLT laufen lassen.

Hier der Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: toolbar@ask.com:3.14.1.100012 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
File c:\Program Files\Google\GoogleToolbar1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41c5cd22-15bc-11dd-983a-00059a3c7800}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41c5cd22-15bc-11dd-983a-00059a3c7800}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41c5cd22-15bc-11dd-983a-00059a3c7800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41c5cd22-15bc-11dd-983a-00059a3c7800}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f84e7808-158e-11de-998e-00130268f121}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f84e7808-158e-11de-998e-00130268f121}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f84e7808-158e-11de-998e-00130268f121}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f84e7808-158e-11de-998e-00130268f121}\ not found.
File F:\LaunchU3.exe -a not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bojko\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bojko\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 25214 bytes
->Temporary Internet Files folder emptied: 1572366 bytes
->Flash cache emptied: 300 bytes
 
User: Administrator
->Temp folder emptied: 59371013 bytes
->Temporary Internet Files folder emptied: 4803053 bytes
->Flash cache emptied: 300 bytes
 
User: All Users
 
User: Bojko
->Temp folder emptied: 339117280 bytes
->Temporary Internet Files folder emptied: 71781784 bytes
->Java cache emptied: 13426555 bytes
->FireFox cache emptied: 32313761 bytes
->Flash cache emptied: 19571 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 300 bytes
 
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 3024003 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24267244 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 108606318 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4344181664 bytes
 
Total Files Cleaned = 4.771,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05052012_122018

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

5. Java-Version ist aktualisiert, danke!

6. Adobe auch aktualisiert.

7. Danke für die Tipps zum Explorer, habe ich durchgelesen.

8. Mozilla ist aktualisiert.

9. Das System wurde mit CCleaner gereinigt.

10. Habe die SUPERAntiSpyware heruntergeladen und das System gescannt.
Hier der Log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/05/2012 at 03:22 PM

Application Version : 5.0.1148

Core Rules Database Version : 8560
Trace Rules Database Version: 6372

Scan type       : Complete Scan
Total Scan Time : 02:07:23

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 641
Memory threats detected   : 0
Registry items scanned    : 34664
Registry threats detected : 0
File items scanned        : 33479
File threats detected     : 37

Adware.Tracking Cookie
	C:\Documents and Settings\Bojko\Cookies\W9E33YY0.txt [ /atdmt.com ]
	C:\Documents and Settings\Bojko\Cookies\AHUEGL6U.txt [ /c.atdmt.com ]
	C:\DOCUMENTS AND SETTINGS\ADMIN\Cookies\admin@mediaplex[1].txt [ Cookie:admin@mediaplex.com/ ]
	C:\DOCUMENTS AND SETTINGS\ADMIN\Cookies\admin@msnportal.112.2o7[1].txt [ Cookie:admin@msnportal.112.2o7.net/ ]
	C:\DOCUMENTS AND SETTINGS\DEFAULT USER\Cookies\admin@mediaplex[1].txt [ Cookie:admin@mediaplex.com/ ]
	C:\DOCUMENTS AND SETTINGS\DEFAULT USER\Cookies\admin@msnportal.112.2o7[1].txt [ Cookie:admin@msnportal.112.2o7.net/ ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.dyntracker.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\BOJKO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SZWYYMV4.DEFAULT\COOKIES.SQLITE ]

11. Habe die wichtigsten Datenträger angeschlossen, allerdings konnte ich noch nicht alle infizierten Datenträger anschließen, weil meine USB-Schnittstellen nicht reichen. Ich habe mir einen USB-Verteiler bestellt, dann muss ich das ggf nochmal machen. Ich bin mir ziemlich sicher, dass der Virus über einen externen Datenträger übertragen wurde, da ich schon seit mehreren Jahren nicht mehr online mit dem notebook war.

12. Online-Systemcheck habe ich durchgeführt und er hat ein paar schädliche Dateien erkannt und beseitigt. Allerdings gab es kein Ereignisprotokoll...

13. Hier die OLT Logfiles:

Extra:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.05.2012 16:45:14 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 388,41 Mb Available Physical Memory | 38,26% Memory free
2,40 Gb Paging File | 1,41 Gb Available in Paging File | 58,92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 1,26 Gb Free Space | 8,18% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,15 Gb Free Space | 0,42% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 216,02 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive G: | 3,25 Gb Total Space | 2,98 Gb Free Space | 91,57% Space Free | Partition Type: FAT32
Drive H: | 465,64 Gb Total Space | 212,65 Gb Free Space | 45,67% Space Free | Partition Type: FAT32
Drive I: | 3,63 Gb Total Space | 1,91 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========

OLT-Log:

Code:

ATTFilter

OTL logfile created on: 05.05.2012 16:45:14 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 388,41 Mb Available Physical Memory | 38,26% Memory free
2,40 Gb Paging File | 1,41 Gb Available in Paging File | 58,92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 1,26 Gb Free Space | 8,18% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,15 Gb Free Space | 0,42% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 216,02 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive G: | 3,25 Gb Total Space | 2,98 Gb Free Space | 91,57% Space Free | Partition Type: FAT32
Drive H: | 465,64 Gb Total Space | 212,65 Gb Free Space | 45,67% Space Free | Partition Type: FAT32
Drive I: | 3,63 Gb Total Space | 1,91 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 20:12:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2006.09.27 06:38:06 | 000,016,896 | ---- | M] (IBM Corp) -- C:\Notes\nsl.exe
PRC - [2006.09.27 06:38:06 | 000,007,680 | ---- | M] (IBM Corp) -- C:\Notes\nslsvice.exe
PRC - [2006.05.02 17:15:50 | 000,357,888 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\PhSvc.exe
PRC - [2006.05.02 17:15:50 | 000,271,872 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\PhTray.exe
PRC - [2006.04.07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.04.07 16:37:32 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.01.27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.24 12:26:12 | 000,069,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2006.01.19 20:47:44 | 000,118,784 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.EXE
PRC - [2006.01.18 13:46:54 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2006.01.18 13:46:50 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006.01.18 13:46:38 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006.01.13 13:42:56 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005.12.22 01:44:38 | 000,581,632 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2005.12.21 21:33:02 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005.12.21 13:57:54 | 000,167,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2005.12.05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005.11.28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005.11.28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005.11.03 01:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005.10.06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.10.05 14:33:46 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2005.08.05 17:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe
PRC - [2005.05.17 13:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005.05.12 12:31:38 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005.05.11 12:01:24 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2005.04.25 15:15:36 | 000,271,960 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
PRC - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004.12.28 17:37:22 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJME.exe
PRC - [2003.10.28 16:38:42 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\TMESBS32.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.05 13:14:15 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.05 13:14:15 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.05 13:14:15 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.05 13:14:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005.07.22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.09.27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2006.09.27 06:38:06 | 000,007,680 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2006.05.02 17:15:50 | 000,357,888 | ---- | M] (Funk Software, Inc.) [Auto | Running] -- C:\Program Files\Funk Software\Proxy Host\PhSvc.exe -- (ProxyHostService)
SRV - [2006.01.19 20:47:44 | 000,118,784 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005.12.21 13:57:54 | 000,167,936 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2005.04.25 15:15:36 | 000,271,960 | ---- | M] (VERITAS Software Corporation) [Auto | Running] -- C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe -- (VRTSChangeJournalReader)
SRV - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003.10.28 16:38:42 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.05.02 17:17:14 | 000,061,184 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ph32isys.sys -- (ProxyHostDriver)
DRV - [2006.05.02 17:17:10 | 000,012,800 | ---- | M] (Funk Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ph32imin.sys -- (ProxyHostMirrorDisplay)
DRV - [2006.05.02 17:17:06 | 000,014,208 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ph32ifil.sys -- (ProxyHostInputFilter)
DRV - [2006.04.13 20:00:28 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006.02.24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.02.10 11:17:46 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005.12.26 19:59:42 | 000,595,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2005.12.26 16:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2005.12.21 21:55:50 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2005.12.21 21:55:34 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2005.12.21 21:25:32 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005.12.13 00:32:54 | 001,083,576 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.12.05 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.15 18:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.10.06 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.10.06 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.10.06 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.10.06 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.10.06 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.10.06 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.10.06 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.09.09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005.08.25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.06.10 22:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.28 01:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2004.11.13 14:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2004.08.03 22:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2004.06.16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.SYS -- (TMEI3E)
DRV - [2004.05.09 05:38:00 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003.09.19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.01.29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001.08.17 12:14:44 | 000,441,728 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcmbase.sys -- (fpcmbase)
DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 0B DF A3 AD 2A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\SearchScopes,DefaultScope = {58BD0A1F-B60B-47EB-9AE2-62F119B3971E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{58BD0A1F-B60B-47EB-9AE2-62F119B3971E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.05 09:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.05 12:53:49 | 000,000,000 | ---D | M]
 
[2012.04.28 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Extensions
[2012.05.05 12:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Firefox\Profiles\szwyymv4.default\extensions
[2012.05.05 12:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.05.05 12:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.07.16 12:56:06 | 000,001,683 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 		localhost
O1 - Hosts: 217.243.231.136		proxy
O1 - Hosts: 217.243.231.130		tc-k-cs-01 	th-col-w2k3-as1 
O1 - Hosts: 217.243.231.131		th-col-notes2 	th-col-w2k3-as2
O1 - Hosts: 217.243.231.132		th-col-as6
O1 - Hosts: 217.243.231.133 	th-col-as7
O1 - Hosts: 217.243.231.134		th-col-notes3	th-col-w2k-as3
O1 - Hosts: 217.243.231.135		th-col-notes4	th-col-w2k-bes		                              
O1 - Hosts: 217.243.231.137		speed-u-up-notes1	th-col-w2k-as5	
O1 - Hosts: 10.10.12.11 		th-col-w2k3-fs1			#Office Server Koeln
O1 - Hosts: 10.10.10.10 		th-muc-w2k3-fs1	th-muc-notes1	#Office Server Muenchen
O1 - Hosts: 10.10.13.10 		th-ber-w2k3-fs1	th-ber-notes1 	#Office Server Berlin
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\windows\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\windows\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\windows\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\windows\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DLO-Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe (VERITAS Software Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154017643109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = theron.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F162A5D-864D-4A1E-BC93-FAC7317B1772}: NameServer = 192.168.236.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B318AB5C-55D2-474A-8FE2-6B3CD0A5CA3E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\windows\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.30 15:08:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:08:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:11:01 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:11:02 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.05 15:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.05 13:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\SUPERAntiSpyware.com
[2012.05.05 13:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012.05.05 13:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.05.05 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.05 13:08:38 | 000,000,000 | R-SD | C] -- D:\Documents\Safe
[2012.05.05 13:01:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bojko\Recent
[2012.05.05 13:01:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\UserData
[2012.05.05 12:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.05 12:52:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.05 12:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.05.05 12:49:51 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012.05.05 12:49:51 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.05.05 12:49:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.05.05 12:49:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.05.05 12:49:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.05.05 12:49:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2012.05.05 12:20:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.05 12:11:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\PrivacIE
[2012.05.05 09:33:15 | 000,000,000 | ---D | C] -- D:\Documents\Downloads
[2012.05.05 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.05 09:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.05.04 22:50:32 | 000,000,000 | ---D | C] -- C:\windows\ie8updates
[2012.05.04 20:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Logfiles
[2012.05.04 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012.05.04 20:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012.05.04 20:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.05.04 20:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\Temp
[2012.05.04 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012.05.04 20:28:02 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318(2).exe
[2012.05.04 20:27:47 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318.exe
[2012.05.04 20:12:30 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:59:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2012.05.04 19:59:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2012.05.04 19:59:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2012.05.04 19:59:32 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.05.04 19:55:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.01 19:16:22 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2012.05.01 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.05.01 19:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012.05.01 19:15:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2012.05.01 19:15:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll
[2012.05.01 19:15:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe
[2012.05.01 19:14:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll
[2012.05.01 02:58:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\IETldCache
[2012.04.30 15:24:32 | 000,000,000 | ---D | C] -- C:\windows\WBEM
[2012.04.30 15:23:26 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2012.04.30 15:21:15 | 000,000,000 | ---D | C] -- C:\windows\System32\KB905474
[2012.04.30 15:08:15 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012.04.29 19:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Malwarebytes
[2012.04.29 19:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.04.29 19:35:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.29 19:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.29 19:32:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:54:58 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2012.04.29 13:31:40 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bthport.sys
[2012.04.29 13:31:10 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40.dll
[2012.04.29 13:31:10 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll
[2012.04.29 13:30:54 | 001,860,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2012.04.29 13:30:30 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2012.04.29 13:30:21 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll
[2012.04.29 13:30:00 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll
[2012.04.29 13:29:18 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\t2embed.dll
[2012.04.29 13:29:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\fontsub.dll
[2012.04.29 13:29:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2012.04.29 13:28:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndproxy.sys
[2012.04.29 13:27:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rmcast.sys
[2012.04.29 13:27:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2012.04.29 13:26:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadce.dll
[2012.04.29 13:24:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2012.04.29 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Avira
[2012.04.29 13:19:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mup.sys
[2012.04.29 13:18:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
[2012.04.29 13:17:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml3.dll
[2012.04.29 13:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012.04.29 13:15:35 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\vgx.dll
[2012.04.29 13:14:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[2012.04.29 13:14:25 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2012.04.29 13:13:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.04.29 13:12:53 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.04.29 13:12:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.04.29 13:12:52 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012.04.29 13:08:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wab.exe
[2012.04.29 13:07:50 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rpcrt4.dll
[2012.04.29 13:04:00 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2012.04.29 12:54:15 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2012.04.29 12:54:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\irbus.sys
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rwnh.dll
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comsdupd.exe
[2012.04.29 12:54:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\smtpapi.dll
[2012.04.29 12:53:59 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3d1ag.dll
[2012.04.29 12:53:59 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvaa.dll
[2012.04.29 12:53:59 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2cqag.dll
[2012.04.29 12:53:59 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvag.dll
[2012.04.29 12:53:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2012.04.29 12:53:58 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3duag.dll
[2012.04.29 12:53:58 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ativvaxx.dll
[2012.04.29 12:53:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2012.04.29 12:53:58 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativtmxx.dll
[2012.04.29 12:53:58 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativmvxx.ax
[2012.04.29 12:53:58 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativdaxx.ax
[2012.04.29 12:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2012.04.29 12:53:57 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2012.04.29 12:53:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2012.04.29 12:53:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2012.04.29 12:53:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2012.04.29 12:53:56 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2012.04.29 12:53:56 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2012.04.29 12:53:56 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2012.04.29 12:53:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2012.04.29 12:53:55 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\hsfcisp2.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2012.04.29 12:53:52 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2012.04.29 12:53:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2012.04.29 12:53:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2012.04.29 12:53:52 | 000,086,016 | ---- | C] (Conexant) -- C:\windows\System32\mdmxsdk.dll
[2012.04.29 12:53:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2012.04.29 12:53:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2012.04.29 12:53:51 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\mtxparhd.dll
[2012.04.29 12:53:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2012.04.29 12:53:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2012.04.29 12:53:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2012.04.29 12:53:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2012.04.29 12:53:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2012.04.29 12:53:50 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll
[2012.04.29 12:53:50 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\s3gnb.dll
[2012.04.29 12:53:50 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2012.04.29 12:53:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2012.04.29 12:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2012.04.29 12:53:49 | 000,286,792 | ---- | C] (Smart Link) -- C:\windows\System32\slextspk.dll
[2012.04.29 12:53:49 | 000,188,508 | ---- | C] (Smart Link) -- C:\windows\System32\slgen.dll
[2012.04.29 12:53:49 | 000,073,832 | ---- | C] (Smart Link) -- C:\windows\System32\slcoinst.dll
[2012.04.29 12:53:49 | 000,073,796 | ---- | C] (Smart Link) -- C:\windows\System32\slserv.exe
[2012.04.29 12:53:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2012.04.29 12:53:49 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\System32\slrundll.exe
[2012.04.29 12:53:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2012.04.29 12:53:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vidcap.ax
[2012.04.29 12:53:48 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll
[2012.04.29 12:53:48 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2012.04.29 12:53:47 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll
[2012.04.29 12:53:45 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\slrundll.exe
[2012.04.29 12:53:45 | 000,000,000 | ---D | C] -- C:\windows\System32\en-us
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\System32\scripting
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\l2schemas
[2012.04.29 12:53:43 | 000,000,000 | ---D | C] -- C:\windows\System32\en
[2012.04.29 12:53:42 | 000,000,000 | ---D | C] -- C:\windows\System32\bits
[2012.04.29 12:50:37 | 000,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2012.04.29 12:47:51 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1btxx.sys
[2012.04.29 12:47:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1pdxx.sys
[2012.04.29 12:47:51 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1mdxx.sys
[2012.04.29 12:47:51 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv01nt5.dll
[2012.04.29 12:47:51 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv02nt5.dll
[2012.04.29 12:47:51 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv11nt5.dll
[2012.04.29 12:47:51 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv09nt5.dll
[2012.04.29 12:47:51 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv07nt5.dll
[2012.04.29 12:47:51 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv05nt5.dll
[2012.04.29 12:47:51 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv08nt5.dll
[2012.04.29 12:47:51 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic
[2012.04.29 12:47:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtag.sys
[2012.04.29 12:47:50 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtaa.sys
[2012.04.29 12:47:50 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinrvxx.sys
[2012.04.29 12:47:50 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atintuxx.sys
[2012.04.29 12:47:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1rvxx.sys
[2012.04.29 12:47:50 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxsxx.sys
[2012.04.29 12:47:50 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinbtxx.sys
[2012.04.29 12:47:50 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinraxx.sys
[2012.04.29 12:47:50 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1tuxx.sys
[2012.04.29 12:47:50 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xsxx.sys
[2012.04.29 12:47:50 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxbxx.sys
[2012.04.29 12:47:50 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1raxx.sys
[2012.04.29 12:47:50 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xbxx.sys
[2012.04.29 12:47:50 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinsnxx.sys
[2012.04.29 12:47:50 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1snxx.sys
[2012.04.29 12:47:50 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1ttxx.sys
[2012.04.29 12:47:50 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinpdxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinttxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinmdxx.sys
[2012.04.29 12:47:49 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthprint.sys
[2012.04.29 12:47:49 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv04nt5.dll
[2012.04.29 12:47:49 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv01nt5.dll
[2012.04.29 12:47:49 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv10nt5.dll
[2012.04.29 12:47:49 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\ch7xxnt5.dll
[2012.04.29 12:47:49 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv06nt5.dll
[2012.04.29 12:47:49 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv02nt5.dll
[2012.04.29 12:47:47 | 001,309,184 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlstrm.sys
[2012.04.29 12:47:47 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\drivers\mtxparhm.sys
[2012.04.29 12:47:47 | 000,180,360 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\ntmtlfax.sys
[2012.04.29 12:47:47 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\drivers\s3gnbm.sys
[2012.04.29 12:47:47 | 000,126,686 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlmnt5.sys
[2012.04.29 12:47:47 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rndismpx.sys
[2012.04.29 12:47:47 | 000,013,776 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\recagent.sys
[2012.04.29 12:47:47 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mutohpen.sys
[2012.04.29 12:47:46 | 000,404,990 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slntamr.sys
[2012.04.29 12:47:46 | 000,129,535 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnt7554.sys
[2012.04.29 12:47:46 | 000,095,424 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnthal.sys
[2012.04.29 12:47:46 | 000,013,240 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slwdmsup.sys
[2012.04.29 12:47:46 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\smbali.sys
[2012.04.29 12:47:46 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\siint5.dll
[2012.04.29 12:47:45 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv10nt.sys
[2012.04.29 12:47:45 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv06nt.sys
[2012.04.29 12:47:45 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv11nt.sys
[2012.04.29 12:47:45 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv09nt.sys
[2012.04.29 12:47:45 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv07nt.sys
[2012.04.29 12:47:45 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\vchnt5.dll
[2012.04.29 12:47:45 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv08nt.sys
[2012.04.29 12:42:45 | 000,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2012.04.29 12:30:24 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.28 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.04.28 10:38:39 | 000,000,000 | ---D | C] -- D:\Documents\Simply Super Software
[2012.04.28 09:50:15 | 000,000,000 | R--D | C] -- D:\Documents\My Videos
[2012.04.28 09:48:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.04.28 09:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2012.04.15 18:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\.elfohilfe
[2012.04.15 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Steuererklärung
[2012.04.15 18:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\elsterformular
[2012.04.15 17:54:02 | 000,000,000 | ---D | C] -- C:\4918109223655e5f196f
[2012.04.15 17:49:14 | 000,000,000 | ---D | C] -- D:\Documents\Hausarbeiten MBA
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.05 16:40:02 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.05 13:13:28 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.05 13:09:52 | 000,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2012.05.05 13:08:25 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012.05.05 13:07:41 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.05 13:07:20 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.05 13:07:18 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 12:53:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012.05.05 12:49:30 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012.05.05 12:49:30 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.05.05 12:49:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.05.05 12:49:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.05.05 12:49:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.05.05 12:49:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2012.05.05 09:32:09 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.05.05 09:32:09 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.05.05 09:26:20 | 000,442,808 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.05 09:26:20 | 000,072,386 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.05.04 20:35:06 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.04 20:35:06 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.04 20:30:55 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.04 20:28:02 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318(2).exe
[2012.05.04 20:27:52 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318.exe
[2012.05.04 20:12:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:55:48 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.02 20:15:02 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\PowerPoint 2003.lnk
[2012.05.01 20:30:38 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2003.lnk
[2012.05.01 19:41:13 | 000,247,104 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.01 02:58:30 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.04.30 15:07:35 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 19:33:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:26:53 | 000,001,594 | ---- | M] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:04:22 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2012.04.29 12:47:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012.04.29 12:36:27 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.29 12:16:49 | 000,000,512 | ---- | M] () -- C:\windows\randseed.rnd
[2012.04.29 12:09:19 | 000,036,014 | -H-- | M] () -- C:\windows\System32\vsconfig.xml
[2012.04.28 13:02:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Word 2003.lnk
[2012.04.22 17:07:14 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Bojko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.05.05 13:13:28 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.05 12:53:50 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012.05.05 12:53:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012.05.05 09:32:09 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.04 20:35:06 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.04 20:35:06 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.04 20:30:55 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.04 20:28:45 | 000,001,096 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.04 20:28:44 | 000,001,092 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.04 19:55:48 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.04.30 15:21:16 | 000,000,260 | ---- | C] () -- C:\windows\tasks\WGASetup.job
[2012.04.30 15:07:34 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 13:22:50 | 000,001,594 | ---- | C] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\dllcache\iacenc.dll
[2012.04.29 12:47:49 | 000,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2012.04.29 12:47:49 | 000,064,352 | ---- | C] () -- C:\windows\System32\drivers\ativmc20.cod
[2012.04.29 12:47:47 | 000,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2012.04.15 17:49:21 | 001,152,609 | ---- | C] () -- D:\Documents\THERON-Values Firmday MUC 2005.pdf
[2010.08.30 11:28:18 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
 
========== LOP Check ==========
 
[2007.10.13 17:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012.04.15 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElsterFormular
[2012.04.28 09:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2007.09.28 11:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008.03.14 11:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Okidata
[2007.09.28 11:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012.04.28 12:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006.07.25 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2007.10.28 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\DeepBurner
[2012.04.15 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\elsterformular
[2007.09.19 16:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\InterVideo
[2009.09.12 15:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\MyDataZone
[2008.05.15 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\Nokia
[2007.09.28 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\PC Suite
[2007.10.19 11:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\pdf995
[2006.07.25 03:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\Protector Suite
[2008.03.19 14:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\Thinstall
[2007.09.19 15:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\toshiba
[2012.05.05 13:09:52 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\WGASetup.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Ansonsten gab es eigentlich keine weiteren Auffälligkeiten zwischenzeitlich.

Gruß und Danke

kira · 06.05.2012, 09:08

zu 2. und 3.: das heißt, können ohne zu bedenken gelöscht werden?

1.
Lade dir HostsXpert auf dem Desktop speichern & und entpacken

Ordner HostsXpert öffnen.
HostsXpert.exe doppelklicken.
klicke auf Restore Microsoft's Hosts File,dann OK.

Zitat:

kannst immer selbst kontrollieren/Änderungen vornehmen:

Das ist die Hosts-Datei,die ist standartmäßig vorhanden:

Zitat:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost

127.0.0.1 localhost

Die wichtigste Zeile ist die letzte, da gehts um den Localhost. Alles was nach Localhost eingetragen ist, kann bedenkenlos gelöscht werden. darf nur der Eintrag
127.0.0.1 Localhost drin sein!

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

BernieB · 06.05.2012, 10:09

Ja, 2 und 3 können ohne Bedenken gelöscht werden.

1. Habe HostsXpert runtergeladen und Microsofts Hostfile restored (ging allerdings sehr schnell und ich habe kein Ergebnis erhalten; hab auch nicht ganz verstanden was ich mit dieser Hosts-Datei dann machen muss???)

2. OLT

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.05.2012 11:03:52 - Run 3
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 474,14 Mb Available Physical Memory | 46,71% Memory free
2,40 Gb Paging File | 1,61 Gb Available in Paging File | 67,07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 1,18 Gb Free Space | 7,70% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,15 Gb Free Space | 0,42% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 212,65 Gb Free Space | 45,67% Space Free | Partition Type: FAT32
Drive I: | 3,63 Gb Total Space | 1,91 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 20:12:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006.09.27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2006.09.27 06:38:06 | 000,016,896 | ---- | M] (IBM Corp) -- C:\Notes\nsl.exe
PRC - [2006.09.27 06:38:06 | 000,007,680 | ---- | M] (IBM Corp) -- C:\Notes\nslsvice.exe
PRC - [2006.05.02 17:15:50 | 000,357,888 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\PhSvc.exe
PRC - [2006.05.02 17:15:50 | 000,271,872 | ---- | M] (Funk Software, Inc.) -- C:\Program Files\Funk Software\Proxy Host\PhTray.exe
PRC - [2006.04.07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.04.07 16:37:32 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.01.27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.24 12:26:12 | 000,069,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2006.01.19 20:47:44 | 000,118,784 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.EXE
PRC - [2006.01.18 13:46:54 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2006.01.18 13:46:50 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006.01.18 13:46:38 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006.01.13 13:42:56 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005.12.22 01:44:38 | 000,581,632 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2005.12.21 21:33:02 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005.12.21 13:57:54 | 000,167,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2005.12.05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005.11.28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005.11.28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005.11.03 01:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005.10.06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.10.05 14:33:46 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2005.08.05 17:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe
PRC - [2005.05.17 13:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005.05.12 12:31:38 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005.05.11 12:01:24 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2005.04.25 15:15:36 | 000,271,960 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
PRC - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004.12.28 17:37:22 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMEEJME.exe
PRC - [2003.10.28 16:38:42 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\TMESBS32.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.06 10:32:34 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.06 10:32:34 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.05 13:14:15 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.05 13:14:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
MOD - [2007.01.13 03:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.13 03:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005.07.22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.09.27 06:38:22 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2006.09.27 06:38:06 | 000,007,680 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2006.05.02 17:15:50 | 000,357,888 | ---- | M] (Funk Software, Inc.) [Auto | Running] -- C:\Program Files\Funk Software\Proxy Host\PhSvc.exe -- (ProxyHostService)
SRV - [2006.01.19 20:47:44 | 000,118,784 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005.12.21 13:57:54 | 000,167,936 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2005.04.25 15:15:36 | 000,271,960 | ---- | M] (VERITAS Software Corporation) [Auto | Running] -- C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe -- (VRTSChangeJournalReader)
SRV - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003.10.28 16:38:42 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.05.02 17:17:14 | 000,061,184 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ph32isys.sys -- (ProxyHostDriver)
DRV - [2006.05.02 17:17:10 | 000,012,800 | ---- | M] (Funk Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ph32imin.sys -- (ProxyHostMirrorDisplay)
DRV - [2006.05.02 17:17:06 | 000,014,208 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ph32ifil.sys -- (ProxyHostInputFilter)
DRV - [2006.04.13 20:00:28 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006.02.24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.02.10 11:17:46 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.02.08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005.12.26 19:59:42 | 000,595,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2005.12.26 16:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2005.12.21 21:55:50 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2005.12.21 21:55:34 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2005.12.21 21:25:32 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005.12.13 00:32:54 | 001,083,576 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.12.05 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.15 18:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.10.06 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.10.06 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.10.06 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.10.06 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.10.06 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.10.06 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.10.06 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.09.09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005.08.25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.06.10 22:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.28 01:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2004.11.13 14:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2004.08.03 22:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2004.06.16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.SYS -- (TMEI3E)
DRV - [2004.05.09 05:38:00 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003.09.19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.01.29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001.08.17 12:14:44 | 000,441,728 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcmbase.sys -- (fpcmbase)
DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 0B DF A3 AD 2A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\SearchScopes,DefaultScope = {58BD0A1F-B60B-47EB-9AE2-62F119B3971E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{58BD0A1F-B60B-47EB-9AE2-62F119B3971E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.05 09:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.05 12:53:49 | 000,000,000 | ---D | M]
 
[2012.04.28 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Extensions
[2012.05.06 10:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Firefox\Profiles\szwyymv4.default\extensions
[2012.05.05 12:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.05.05 12:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.06 11:02:21 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [000StTHK] C:\windows\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\windows\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\windows\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\windows\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DLO-Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe (VERITAS Software Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154017643109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = theron.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F162A5D-864D-4A1E-BC93-FAC7317B1772}: NameServer = 192.168.236.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B318AB5C-55D2-474A-8FE2-6B3CD0A5CA3E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\windows\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.30 15:08:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:08:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:11:02 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.06 10:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\HostsXpert
[2012.05.06 10:31:27 | 000,000,000 | R-SD | C] -- D:\Documents\Safe
[2012.05.05 15:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.05 13:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\SUPERAntiSpyware.com
[2012.05.05 13:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012.05.05 13:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.05.05 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.05 13:01:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bojko\Recent
[2012.05.05 13:01:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\UserData
[2012.05.05 12:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.05 12:52:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.05 12:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.05.05 12:49:51 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012.05.05 12:49:51 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.05.05 12:49:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.05.05 12:49:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.05.05 12:49:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.05.05 12:49:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2012.05.05 12:20:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.05 12:11:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\PrivacIE
[2012.05.05 09:33:15 | 000,000,000 | ---D | C] -- D:\Documents\Downloads
[2012.05.05 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.05 09:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.05.04 22:50:32 | 000,000,000 | ---D | C] -- C:\windows\ie8updates
[2012.05.04 20:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Logfiles
[2012.05.04 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012.05.04 20:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012.05.04 20:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.05.04 20:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\Temp
[2012.05.04 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012.05.04 20:28:02 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318(2).exe
[2012.05.04 20:27:47 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318.exe
[2012.05.04 20:12:30 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:59:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2012.05.04 19:59:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2012.05.04 19:59:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2012.05.04 19:59:32 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.05.04 19:55:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.01 19:16:22 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2012.05.01 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.05.01 19:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012.05.01 19:15:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2012.05.01 19:15:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll
[2012.05.01 19:15:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe
[2012.05.01 19:14:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll
[2012.05.01 02:58:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\IETldCache
[2012.04.30 15:24:32 | 000,000,000 | ---D | C] -- C:\windows\WBEM
[2012.04.30 15:23:26 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2012.04.30 15:21:15 | 000,000,000 | ---D | C] -- C:\windows\System32\KB905474
[2012.04.30 15:08:15 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012.04.29 19:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Malwarebytes
[2012.04.29 19:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.04.29 19:35:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.29 19:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.29 19:32:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:54:58 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2012.04.29 13:31:40 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bthport.sys
[2012.04.29 13:31:10 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40.dll
[2012.04.29 13:31:10 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll
[2012.04.29 13:30:54 | 001,860,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2012.04.29 13:30:30 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2012.04.29 13:30:21 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll
[2012.04.29 13:30:00 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll
[2012.04.29 13:29:18 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\t2embed.dll
[2012.04.29 13:29:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\fontsub.dll
[2012.04.29 13:29:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2012.04.29 13:28:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndproxy.sys
[2012.04.29 13:27:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rmcast.sys
[2012.04.29 13:27:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2012.04.29 13:26:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadce.dll
[2012.04.29 13:24:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2012.04.29 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Avira
[2012.04.29 13:19:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mup.sys
[2012.04.29 13:18:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
[2012.04.29 13:17:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml3.dll
[2012.04.29 13:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012.04.29 13:15:35 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\vgx.dll
[2012.04.29 13:14:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[2012.04.29 13:14:25 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2012.04.29 13:13:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.04.29 13:12:53 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.04.29 13:12:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.04.29 13:12:52 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012.04.29 13:08:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wab.exe
[2012.04.29 13:07:50 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rpcrt4.dll
[2012.04.29 13:04:00 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2012.04.29 12:54:15 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2012.04.29 12:54:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\irbus.sys
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rwnh.dll
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comsdupd.exe
[2012.04.29 12:54:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\smtpapi.dll
[2012.04.29 12:53:59 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3d1ag.dll
[2012.04.29 12:53:59 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvaa.dll
[2012.04.29 12:53:59 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2cqag.dll
[2012.04.29 12:53:59 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvag.dll
[2012.04.29 12:53:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2012.04.29 12:53:58 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3duag.dll
[2012.04.29 12:53:58 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ativvaxx.dll
[2012.04.29 12:53:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2012.04.29 12:53:58 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativtmxx.dll
[2012.04.29 12:53:58 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativmvxx.ax
[2012.04.29 12:53:58 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativdaxx.ax
[2012.04.29 12:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2012.04.29 12:53:57 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2012.04.29 12:53:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2012.04.29 12:53:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2012.04.29 12:53:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2012.04.29 12:53:56 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2012.04.29 12:53:56 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2012.04.29 12:53:56 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2012.04.29 12:53:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2012.04.29 12:53:55 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\hsfcisp2.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2012.04.29 12:53:52 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2012.04.29 12:53:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2012.04.29 12:53:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2012.04.29 12:53:52 | 000,086,016 | ---- | C] (Conexant) -- C:\windows\System32\mdmxsdk.dll
[2012.04.29 12:53:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2012.04.29 12:53:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2012.04.29 12:53:51 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\mtxparhd.dll
[2012.04.29 12:53:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2012.04.29 12:53:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2012.04.29 12:53:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2012.04.29 12:53:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2012.04.29 12:53:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2012.04.29 12:53:50 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll
[2012.04.29 12:53:50 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\s3gnb.dll
[2012.04.29 12:53:50 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2012.04.29 12:53:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2012.04.29 12:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2012.04.29 12:53:49 | 000,286,792 | ---- | C] (Smart Link) -- C:\windows\System32\slextspk.dll
[2012.04.29 12:53:49 | 000,188,508 | ---- | C] (Smart Link) -- C:\windows\System32\slgen.dll
[2012.04.29 12:53:49 | 000,073,832 | ---- | C] (Smart Link) -- C:\windows\System32\slcoinst.dll
[2012.04.29 12:53:49 | 000,073,796 | ---- | C] (Smart Link) -- C:\windows\System32\slserv.exe
[2012.04.29 12:53:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2012.04.29 12:53:49 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\System32\slrundll.exe
[2012.04.29 12:53:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2012.04.29 12:53:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vidcap.ax
[2012.04.29 12:53:48 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll
[2012.04.29 12:53:48 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2012.04.29 12:53:47 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll
[2012.04.29 12:53:45 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\slrundll.exe
[2012.04.29 12:53:45 | 000,000,000 | ---D | C] -- C:\windows\System32\en-us
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\System32\scripting
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\l2schemas
[2012.04.29 12:53:43 | 000,000,000 | ---D | C] -- C:\windows\System32\en
[2012.04.29 12:53:42 | 000,000,000 | ---D | C] -- C:\windows\System32\bits
[2012.04.29 12:50:37 | 000,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2012.04.29 12:47:51 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1btxx.sys
[2012.04.29 12:47:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1pdxx.sys
[2012.04.29 12:47:51 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1mdxx.sys
[2012.04.29 12:47:51 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv01nt5.dll
[2012.04.29 12:47:51 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv02nt5.dll
[2012.04.29 12:47:51 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv11nt5.dll
[2012.04.29 12:47:51 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv09nt5.dll
[2012.04.29 12:47:51 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv07nt5.dll
[2012.04.29 12:47:51 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv05nt5.dll
[2012.04.29 12:47:51 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv08nt5.dll
[2012.04.29 12:47:51 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic
[2012.04.29 12:47:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtag.sys
[2012.04.29 12:47:50 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtaa.sys
[2012.04.29 12:47:50 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinrvxx.sys
[2012.04.29 12:47:50 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atintuxx.sys
[2012.04.29 12:47:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1rvxx.sys
[2012.04.29 12:47:50 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxsxx.sys
[2012.04.29 12:47:50 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinbtxx.sys
[2012.04.29 12:47:50 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinraxx.sys
[2012.04.29 12:47:50 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1tuxx.sys
[2012.04.29 12:47:50 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xsxx.sys
[2012.04.29 12:47:50 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxbxx.sys
[2012.04.29 12:47:50 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1raxx.sys
[2012.04.29 12:47:50 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xbxx.sys
[2012.04.29 12:47:50 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinsnxx.sys
[2012.04.29 12:47:50 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1snxx.sys
[2012.04.29 12:47:50 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1ttxx.sys
[2012.04.29 12:47:50 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinpdxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinttxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinmdxx.sys
[2012.04.29 12:47:49 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthprint.sys
[2012.04.29 12:47:49 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv04nt5.dll
[2012.04.29 12:47:49 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv01nt5.dll
[2012.04.29 12:47:49 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv10nt5.dll
[2012.04.29 12:47:49 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\ch7xxnt5.dll
[2012.04.29 12:47:49 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv06nt5.dll
[2012.04.29 12:47:49 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv02nt5.dll
[2012.04.29 12:47:47 | 001,309,184 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlstrm.sys
[2012.04.29 12:47:47 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\drivers\mtxparhm.sys
[2012.04.29 12:47:47 | 000,180,360 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\ntmtlfax.sys
[2012.04.29 12:47:47 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\drivers\s3gnbm.sys
[2012.04.29 12:47:47 | 000,126,686 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlmnt5.sys
[2012.04.29 12:47:47 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rndismpx.sys
[2012.04.29 12:47:47 | 000,013,776 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\recagent.sys
[2012.04.29 12:47:47 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mutohpen.sys
[2012.04.29 12:47:46 | 000,404,990 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slntamr.sys
[2012.04.29 12:47:46 | 000,129,535 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnt7554.sys
[2012.04.29 12:47:46 | 000,095,424 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnthal.sys
[2012.04.29 12:47:46 | 000,013,240 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slwdmsup.sys
[2012.04.29 12:47:46 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\smbali.sys
[2012.04.29 12:47:46 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\siint5.dll
[2012.04.29 12:47:45 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv10nt.sys
[2012.04.29 12:47:45 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv06nt.sys
[2012.04.29 12:47:45 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv11nt.sys
[2012.04.29 12:47:45 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv09nt.sys
[2012.04.29 12:47:45 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv07nt.sys
[2012.04.29 12:47:45 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\vchnt5.dll
[2012.04.29 12:47:45 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv08nt.sys
[2012.04.29 12:42:45 | 000,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2012.04.29 12:30:24 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.28 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.04.28 10:38:39 | 000,000,000 | ---D | C] -- D:\Documents\Simply Super Software
[2012.04.28 09:50:15 | 000,000,000 | R--D | C] -- D:\Documents\My Videos
[2012.04.28 09:48:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.04.28 09:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2012.04.15 18:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\.elfohilfe
[2012.04.15 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Steuererklärung
[2012.04.15 18:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\elsterformular
[2012.04.15 17:54:02 | 000,000,000 | ---D | C] -- C:\4918109223655e5f196f
[2012.04.15 17:49:14 | 000,000,000 | ---D | C] -- D:\Documents\Hausarbeiten MBA
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.06 10:40:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.06 10:32:18 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012.05.06 10:31:38 | 000,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2012.05.06 10:30:59 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.06 10:30:41 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.06 10:30:39 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 19:14:47 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Bojko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.05 13:13:28 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.05 12:53:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012.05.05 12:49:30 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012.05.05 12:49:30 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.05.05 12:49:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.05.05 12:49:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.05.05 12:49:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.05.05 12:49:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2012.05.05 09:32:09 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.05.05 09:32:09 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.05.05 09:26:20 | 000,442,808 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.05 09:26:20 | 000,072,386 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.05.04 20:35:06 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.04 20:35:06 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.04 20:30:55 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.04 20:28:02 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318(2).exe
[2012.05.04 20:27:52 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318.exe
[2012.05.04 20:12:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:55:48 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.02 20:15:02 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\PowerPoint 2003.lnk
[2012.05.01 20:30:38 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2003.lnk
[2012.05.01 19:41:13 | 000,247,104 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.01 02:58:30 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.04.30 15:07:35 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 19:33:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:26:53 | 000,001,594 | ---- | M] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:04:22 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2012.04.29 12:47:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012.04.29 12:36:27 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.29 12:16:49 | 000,000,512 | ---- | M] () -- C:\windows\randseed.rnd
[2012.04.29 12:09:19 | 000,036,014 | -H-- | M] () -- C:\windows\System32\vsconfig.xml
[2012.04.28 13:02:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Word 2003.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.05 13:13:28 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.05 12:53:50 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012.05.05 12:53:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012.05.05 09:32:09 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.04 20:35:06 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.04 20:35:06 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.04 20:30:55 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.04 20:28:45 | 000,001,096 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.04 20:28:44 | 000,001,092 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.04 19:55:48 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.04.30 15:21:16 | 000,000,260 | ---- | C] () -- C:\windows\tasks\WGASetup.job
[2012.04.30 15:07:34 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 13:22:50 | 000,001,594 | ---- | C] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\dllcache\iacenc.dll
[2012.04.29 12:47:49 | 000,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2012.04.29 12:47:49 | 000,064,352 | ---- | C] () -- C:\windows\System32\drivers\ativmc20.cod
[2012.04.29 12:47:47 | 000,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2012.04.15 17:49:21 | 001,152,609 | ---- | C] () -- D:\Documents\THERON-Values Firmday MUC 2005.pdf
[2010.08.30 11:28:18 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
 
========== LOP Check ==========
 
[2007.10.13 17:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012.04.15 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElsterFormular
[2012.04.28 09:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2007.09.28 11:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008.03.14 11:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Okidata
[2007.09.28 11:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012.04.28 12:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006.07.25 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2007.10.28 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\DeepBurner
[2012.04.15 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\elsterformular
[2007.09.19 16:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\InterVideo
[2009.09.12 15:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\MyDataZone
[2008.05.15 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\Nokia
[2007.09.28 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\PC Suite
[2007.10.19 11:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\pdf995
[2006.07.25 03:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\Protector Suite
[2008.03.19 14:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\Thinstall
[2007.09.19 15:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bojko\Application Data\toshiba
[2012.05.06 10:31:38 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\WGASetup.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extra:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.05.2012 11:03:52 - Run 3
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 474,14 Mb Available Physical Memory | 46,71% Memory free
2,40 Gb Paging File | 1,61 Gb Available in Paging File | 67,07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 1,18 Gb Free Space | 7,70% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,15 Gb Free Space | 0,42% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 212,65 Gb Free Space | 45,67% Space Free | Partition Type: FAT32
Drive I: | 3,63 Gb Total Space | 1,91 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Bojko\Desktop\incredimail_install.exe" = C:\Documents and Settings\Bojko\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07DA5DF1-7407-4F8E-AD51-B63673BBB44F}" = VERITAS Backup Exec DLO Agent
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.6.0.198
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DFB275E-92F1-4D4A-A546-C5475917FA41}" = Lotus Notes 7.0.2
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6FE06890-1C53-4F70-8824-261B921B1EB8}" = Proxy Host
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pdf995" = Pdf995
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Sametime Client v2.5" = Sametime Client v2.5
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.05.2012 07:09:04 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 05.05.2012 07:13:01 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 05.05.2012 07:16:34 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 05.05.2012 11:12:32 | Computer Name = BBOJKO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.2, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 06.05.2012 04:30:51 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 06.05.2012 04:30:53 | Computer Name = BBOJKO | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 06.05.2012 04:30:57 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 06.05.2012 04:31:34 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
 0.0.0.0, fault address 0x00000000.
 
Error - 06.05.2012 04:35:35 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 06.05.2012 04:38:51 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
[ System Events ]
Error - 05.05.2012 06:33:35 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.05.2012 06:36:48 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 05.05.2012 06:43:27 | Computer Name = BBOJKO | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOM-THERON due to the
 following:   %%1311.    Make sure that the computer is connected to the network and try
again.
 If the problem persists, please contact your domain administrator.
 
Error - 05.05.2012 06:44:39 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.05.2012 06:47:55 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.05.2012 06:51:08 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 3 time(s).
 
Error - 05.05.2012 07:07:24 | Computer Name = BBOJKO | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOM-THERON due to the
 following:   %%1311.    Make sure that the computer is connected to the network and try
again.
 If the problem persists, please contact your domain administrator.
 
Error - 05.05.2012 07:09:50 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.05.2012 07:13:04 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 2 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.05.2012 07:16:45 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 3 time(s).
 
 
< End of report >

--- --- ---

kira · 07.05.2012, 06:56

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {58BD0A1F-B60B-47EB-9AE2-62F119B3971E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{58BD0A1F-B60B-47EB-9AE2-62F119B3971E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.30 15:08:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:08:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:11:02 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]
[2012.05.06 10:40:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.06 10:30:59 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.04 20:28:45 | 000,001,096 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.04 20:28:44 | 000,001,092 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

3.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows 2000 (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

BernieB · 07.05.2012, 21:08

habe ein problem mit combofix. Ich habe das programm gestartet und habe eine fehlermeldung bekommen als ich die wiederherstellungskonsole runter laden wollte. Irgendwas mit invalid boot partition. Habe auf ok gedrückt und das programm hat den scan begonnen. Nach 20 min ist der computer schwarz geworden und seit dem tut sich nix mehr. Was machen?

So, das hat wohl nicht geklappt. Habe einen Kaltstart machen müssen. Der Computer ist aber ganz normal hochgefahren und bislang habe ich keine Auffälligkeiten entdeckt.

Hier noch mein Bericht:

1. OLT Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{58BD0A1F-B60B-47EB-9AE2-62F119B3971E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BD0A1F-B60B-47EB-9AE2-62F119B3971E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File  not found.
File  not found.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File C:\windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\windows\tasks\GoogleUpdateTaskMachineCore.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bojko\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bojko\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Bojko
->Temp folder emptied: 15865594 bytes
->Temporary Internet Files folder emptied: 5543400 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 263989249 bytes
->Flash cache emptied: 1940 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 272,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05072012_210038

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2. Ich habe meine Daten auf zwei externen Festplatten gesichert. Allerdings sind beide mit dem Virus befallen. Ich habe jetzt für den Combofix-Scan nur eine Festplatte angeschlossen und die andere zur Sicherheit nicht (allerdings ist da wie gesagt noch der Virus drauf)

3. Combofix wie gesagt hat nicht funktioniert - ich denke weil ich die Wiederherstellungskonsole nicht runterladen konnte.

Soll ich es noch einmal versuchen?

kira · 08.05.2012, 09:30

1.
USB-Stick oder Datenträger desinfizieren:
Lade Dir das Programm auf deinen PC herunter:-> Panda USB Vaccine

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
Poste die Logfiles in Code-Tags hier in den Thread.

BernieB · 08.05.2012, 23:17

Kann ich dieses ComboFix jetzt wieder deinstallieren?

1. Was genau meinst du denn mit infiziertem Datenträger? Wie gesagt ich habe mittlerweile ca 10 infizierte Datenträger (Sticks, Festplatten, etc). Soll ich die alle anschließen gleichzeitig?

2. OLT

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.05.2012 00:13:10 - Run 4
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 256,21 Mb Available Physical Memory | 25,24% Memory free
2,40 Gb Paging File | 1,61 Gb Available in Paging File | 67,08% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 0,48 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,11 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,74 Gb Total Space | 3,45 Gb Free Space | 92,19% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 216,02 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive I: | 3,63 Gb Total Space | 1,91 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Documents and Settings\Bojko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Notes\nsl.exe (IBM Corp)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\Program Files\Funk Software\Proxy Host\PhSvc.exe (Funk Software, Inc.)
PRC - C:\Program Files\Funk Software\Proxy Host\PhTray.exe (Funk Software, Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\TME3\TMERzCtl.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TME3\TMESRV31.EXE (TOSHIBA)
PRC - C:\WINDOWS\system32\TPSODDCtl.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
PRC - C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe (VERITAS Software Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TME3\TMEEJME.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TME3\TMESBS32.EXE (TOSHIBA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Multi-user Cleanup Service) -- C:\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (ProxyHostService) -- C:\Program Files\Funk Software\Proxy Host\PhSvc.exe (Funk Software, Inc.)
SRV - (Tmesrv) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA)
SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (VRTSChangeJournalReader) -- C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe (VERITAS Software Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (Tmesbs) -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe (TOSHIBA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (vsdatant) -- System32\vsdatant.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ProxyHostDriver) -- C:\WINDOWS\system32\drivers\ph32isys.sys ()
DRV - (ProxyHostMirrorDisplay) -- C:\WINDOWS\system32\drivers\ph32imin.sys (Funk Software, Inc.)
DRV - (ProxyHostInputFilter) -- C:\WINDOWS\system32\drivers\ph32ifil.sys (Funk Software, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TEchoCan) -- C:\WINDOWS\system32\drivers\TEchoCan.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\WINDOWS\system32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Thpdrv) -- C:\WINDOWS\system32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\WINDOWS\system32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (TMEI3E) -- C:\WINDOWS\system32\drivers\TMEI3E.SYS (Toshiba Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (fpcmbase) -- C:\WINDOWS\system32\drivers\fpcmbase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 0B DF A3 AD 2A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..browser.search.selectedEngine: "Panda Safe Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.mystart.com/?pr=vmn&rlz=1V1IPYX&id=pandasecuritytb&v=3_0"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.05 09:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.05 12:53:49 | 000,000,000 | ---D | M]
 
[2012.04.28 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Extensions
[2012.05.09 00:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Firefox\Profiles\szwyymv4.default\extensions
[2012.05.09 00:09:11 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\Bojko\Application Data\Mozilla\Firefox\Profiles\szwyymv4.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012.05.05 12:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.05.05 12:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.11.20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.27 17:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml
 
O1 HOSTS File: ([2012.05.06 11:02:21 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O4 - HKLM..\Run: [000StTHK] C:\windows\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\windows\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [ProxyHostTrayIcon] C:\Program Files\Funk Software\Proxy Host\phtray.exe (Funk Software, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\windows\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\windows\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKCU..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DLO-Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe (VERITAS Software Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154017643109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = theron.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F162A5D-864D-4A1E-BC93-FAC7317B1772}: NameServer = 192.168.236.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B318AB5C-55D2-474A-8FE2-6B3CD0A5CA3E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\windows\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bojko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.30 15:08:15 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.30 15:08:16 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.04.30 15:11:01 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.09 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Panda Security
[2012.05.09 00:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012.05.09 00:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\panda2_0dn
[2012.05.09 00:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2012.05.09 00:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\pandasecuritytb
[2012.05.09 00:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2012.05.09 00:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.05.09 00:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012.05.09 00:06:47 | 000,000,000 | ---D | C] -- C:\temp
[2012.05.09 00:04:50 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2012.05.08 23:56:40 | 000,000,000 | R-SD | C] -- D:\Documents\Safe
[2012.05.07 23:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.05.07 21:23:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.05.07 21:23:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.05.07 21:23:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.05.07 21:23:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012.05.07 21:23:20 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012.05.07 21:23:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.05.07 21:23:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.07 21:12:06 | 004,486,979 | R--- | C] (Swearware) -- C:\Documents and Settings\Bojko\Desktop\ComboFix.exe
[2012.05.06 10:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\HostsXpert
[2012.05.05 15:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.05 13:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\SUPERAntiSpyware.com
[2012.05.05 13:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012.05.05 13:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.05.05 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.05 13:01:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bojko\Recent
[2012.05.05 13:01:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\UserData
[2012.05.05 12:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.05 12:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.05.05 12:49:51 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012.05.05 12:49:51 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.05.05 12:49:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.05.05 12:49:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.05.05 12:49:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.05.05 12:49:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2012.05.05 12:20:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.05 12:11:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\PrivacIE
[2012.05.05 09:33:15 | 000,000,000 | ---D | C] -- D:\Documents\Downloads
[2012.05.05 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.05 09:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.05.04 22:50:32 | 000,000,000 | ---D | C] -- C:\windows\ie8updates
[2012.05.04 20:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Logfiles
[2012.05.04 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012.05.04 20:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012.05.04 20:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.05.04 20:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\Temp
[2012.05.04 20:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012.05.04 20:28:02 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318(2).exe
[2012.05.04 20:27:47 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318.exe
[2012.05.04 20:12:30 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:59:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2012.05.04 19:59:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2012.05.04 19:59:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2012.05.04 19:59:32 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.04 19:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.05.04 19:55:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.01 19:16:22 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2012.05.01 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.05.01 19:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012.05.01 19:15:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2012.05.01 19:15:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll
[2012.05.01 19:15:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe
[2012.05.01 19:14:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll
[2012.05.01 19:14:58 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll
[2012.05.01 02:58:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bojko\IETldCache
[2012.04.30 15:24:32 | 000,000,000 | ---D | C] -- C:\windows\WBEM
[2012.04.30 15:23:26 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2012.04.30 15:21:15 | 000,000,000 | ---D | C] -- C:\windows\System32\KB905474
[2012.04.30 15:08:15 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012.04.29 19:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Malwarebytes
[2012.04.29 19:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.04.29 19:35:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.29 19:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.29 19:32:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:54:58 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2012.04.29 13:31:40 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bthport.sys
[2012.04.29 13:31:10 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40.dll
[2012.04.29 13:31:10 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll
[2012.04.29 13:30:54 | 001,860,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2012.04.29 13:30:30 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2012.04.29 13:30:21 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll
[2012.04.29 13:30:00 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll
[2012.04.29 13:29:18 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\t2embed.dll
[2012.04.29 13:29:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\fontsub.dll
[2012.04.29 13:29:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2012.04.29 13:28:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndproxy.sys
[2012.04.29 13:27:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rmcast.sys
[2012.04.29 13:27:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2012.04.29 13:26:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadce.dll
[2012.04.29 13:24:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2012.04.29 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\Avira
[2012.04.29 13:19:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mup.sys
[2012.04.29 13:18:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
[2012.04.29 13:17:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml3.dll
[2012.04.29 13:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012.04.29 13:15:35 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\vgx.dll
[2012.04.29 13:14:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndistapi.sys
[2012.04.29 13:14:25 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rdpwd.sys
[2012.04.29 13:13:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.04.29 13:12:53 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.04.29 13:12:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.04.29 13:12:52 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.29 13:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012.04.29 13:08:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wab.exe
[2012.04.29 13:07:50 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rpcrt4.dll
[2012.04.29 13:04:00 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2012.04.29 12:54:15 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2012.04.29 12:54:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2012.04.29 12:54:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\irbus.sys
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rwnh.dll
[2012.04.29 12:54:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comsdupd.exe
[2012.04.29 12:54:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\smtpapi.dll
[2012.04.29 12:53:59 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3d1ag.dll
[2012.04.29 12:53:59 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvaa.dll
[2012.04.29 12:53:59 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2cqag.dll
[2012.04.29 12:53:59 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvag.dll
[2012.04.29 12:53:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2012.04.29 12:53:58 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3duag.dll
[2012.04.29 12:53:58 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ativvaxx.dll
[2012.04.29 12:53:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2012.04.29 12:53:58 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativtmxx.dll
[2012.04.29 12:53:58 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativmvxx.ax
[2012.04.29 12:53:58 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativdaxx.ax
[2012.04.29 12:53:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2012.04.29 12:53:57 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2012.04.29 12:53:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2012.04.29 12:53:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2012.04.29 12:53:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2012.04.29 12:53:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2012.04.29 12:53:56 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2012.04.29 12:53:56 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2012.04.29 12:53:56 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2012.04.29 12:53:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2012.04.29 12:53:55 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\hsfcisp2.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2012.04.29 12:53:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2012.04.29 12:53:52 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2012.04.29 12:53:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2012.04.29 12:53:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2012.04.29 12:53:52 | 000,086,016 | ---- | C] (Conexant) -- C:\windows\System32\mdmxsdk.dll
[2012.04.29 12:53:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2012.04.29 12:53:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2012.04.29 12:53:51 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\mtxparhd.dll
[2012.04.29 12:53:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2012.04.29 12:53:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2012.04.29 12:53:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2012.04.29 12:53:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2012.04.29 12:53:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2012.04.29 12:53:50 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll
[2012.04.29 12:53:50 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\s3gnb.dll
[2012.04.29 12:53:50 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2012.04.29 12:53:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2012.04.29 12:53:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2012.04.29 12:53:49 | 000,286,792 | ---- | C] (Smart Link) -- C:\windows\System32\slextspk.dll
[2012.04.29 12:53:49 | 000,188,508 | ---- | C] (Smart Link) -- C:\windows\System32\slgen.dll
[2012.04.29 12:53:49 | 000,073,832 | ---- | C] (Smart Link) -- C:\windows\System32\slcoinst.dll
[2012.04.29 12:53:49 | 000,073,796 | ---- | C] (Smart Link) -- C:\windows\System32\slserv.exe
[2012.04.29 12:53:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2012.04.29 12:53:49 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\System32\slrundll.exe
[2012.04.29 12:53:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2012.04.29 12:53:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vidcap.ax
[2012.04.29 12:53:48 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll
[2012.04.29 12:53:48 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2012.04.29 12:53:47 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll
[2012.04.29 12:53:45 | 000,032,866 | ---- | C] (Smart Link) -- C:\windows\slrundll.exe
[2012.04.29 12:53:45 | 000,000,000 | ---D | C] -- C:\windows\System32\en-us
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\System32\scripting
[2012.04.29 12:53:44 | 000,000,000 | ---D | C] -- C:\windows\l2schemas
[2012.04.29 12:53:43 | 000,000,000 | ---D | C] -- C:\windows\System32\en
[2012.04.29 12:53:42 | 000,000,000 | ---D | C] -- C:\windows\System32\bits
[2012.04.29 12:50:37 | 000,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2012.04.29 12:47:51 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1btxx.sys
[2012.04.29 12:47:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1pdxx.sys
[2012.04.29 12:47:51 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1mdxx.sys
[2012.04.29 12:47:51 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv01nt5.dll
[2012.04.29 12:47:51 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv02nt5.dll
[2012.04.29 12:47:51 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv11nt5.dll
[2012.04.29 12:47:51 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv09nt5.dll
[2012.04.29 12:47:51 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv07nt5.dll
[2012.04.29 12:47:51 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv05nt5.dll
[2012.04.29 12:47:51 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\adv08nt5.dll
[2012.04.29 12:47:51 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic
[2012.04.29 12:47:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtag.sys
[2012.04.29 12:47:50 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtaa.sys
[2012.04.29 12:47:50 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinrvxx.sys
[2012.04.29 12:47:50 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atintuxx.sys
[2012.04.29 12:47:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1rvxx.sys
[2012.04.29 12:47:50 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxsxx.sys
[2012.04.29 12:47:50 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinbtxx.sys
[2012.04.29 12:47:50 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinraxx.sys
[2012.04.29 12:47:50 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1tuxx.sys
[2012.04.29 12:47:50 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xsxx.sys
[2012.04.29 12:47:50 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxbxx.sys
[2012.04.29 12:47:50 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1raxx.sys
[2012.04.29 12:47:50 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xbxx.sys
[2012.04.29 12:47:50 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinsnxx.sys
[2012.04.29 12:47:50 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1snxx.sys
[2012.04.29 12:47:50 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1ttxx.sys
[2012.04.29 12:47:50 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinpdxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinttxx.sys
[2012.04.29 12:47:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinmdxx.sys
[2012.04.29 12:47:49 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthprint.sys
[2012.04.29 12:47:49 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv04nt5.dll
[2012.04.29 12:47:49 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv01nt5.dll
[2012.04.29 12:47:49 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv10nt5.dll
[2012.04.29 12:47:49 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\ch7xxnt5.dll
[2012.04.29 12:47:49 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv06nt5.dll
[2012.04.29 12:47:49 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\atv02nt5.dll
[2012.04.29 12:47:47 | 001,309,184 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlstrm.sys
[2012.04.29 12:47:47 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\drivers\mtxparhm.sys
[2012.04.29 12:47:47 | 000,180,360 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\ntmtlfax.sys
[2012.04.29 12:47:47 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\drivers\s3gnbm.sys
[2012.04.29 12:47:47 | 000,126,686 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlmnt5.sys
[2012.04.29 12:47:47 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rndismpx.sys
[2012.04.29 12:47:47 | 000,013,776 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\recagent.sys
[2012.04.29 12:47:47 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mutohpen.sys
[2012.04.29 12:47:46 | 000,404,990 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slntamr.sys
[2012.04.29 12:47:46 | 000,129,535 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnt7554.sys
[2012.04.29 12:47:46 | 000,095,424 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnthal.sys
[2012.04.29 12:47:46 | 000,013,240 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slwdmsup.sys
[2012.04.29 12:47:46 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\smbali.sys
[2012.04.29 12:47:46 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\siint5.dll
[2012.04.29 12:47:45 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv10nt.sys
[2012.04.29 12:47:45 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\watv06nt.sys
[2012.04.29 12:47:45 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv11nt.sys
[2012.04.29 12:47:45 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv09nt.sys
[2012.04.29 12:47:45 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv07nt.sys
[2012.04.29 12:47:45 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\vchnt5.dll
[2012.04.29 12:47:45 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\drivers\wadv08nt.sys
[2012.04.29 12:42:45 | 000,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2012.04.29 12:30:24 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.28 10:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.04.28 10:38:39 | 000,000,000 | ---D | C] -- D:\Documents\Simply Super Software
[2012.04.28 09:50:15 | 000,000,000 | R--D | C] -- D:\Documents\My Videos
[2012.04.28 09:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2012.04.15 18:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Local Settings\Application Data\.elfohilfe
[2012.04.15 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Desktop\Steuererklärung
[2012.04.15 18:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bojko\Application Data\elsterformular
[2012.04.15 17:54:02 | 000,000,000 | ---D | C] -- C:\4918109223655e5f196f
[2012.04.15 17:49:14 | 000,000,000 | ---D | C] -- D:\Documents\Hausarbeiten MBA
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.09 00:08:48 | 000,000,264 | ---- | M] () -- C:\windows\System32\PSUNCpl.dat
[2012.05.08 23:58:27 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012.05.08 23:58:03 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.05.08 23:58:03 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.05.08 23:56:26 | 000,000,260 | ---- | M] () -- C:\windows\tasks\WGASetup.job
[2012.05.08 23:56:06 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.08 23:56:03 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.08 23:56:03 | 000,266,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.07 23:23:51 | 000,441,906 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.07 23:23:51 | 000,071,842 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.05.07 21:12:34 | 004,486,979 | R--- | M] (Swearware) -- C:\Documents and Settings\Bojko\Desktop\ComboFix.exe
[2012.05.05 19:14:47 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Bojko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.05 13:13:28 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.05 12:53:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012.05.05 12:49:30 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012.05.05 12:49:30 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.05.05 12:49:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.05.05 12:49:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.05.05 12:49:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.05.05 12:49:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2012.05.05 09:32:09 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.05.05 09:32:09 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.05.04 20:35:06 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.04 20:35:06 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.04 20:30:55 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.04 20:28:02 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318(2).exe
[2012.05.04 20:27:52 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Bojko\Desktop\ccsetup318.exe
[2012.05.04 20:12:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bojko\Desktop\OTL.exe
[2012.05.04 19:55:48 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.02 20:15:02 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\PowerPoint 2003.lnk
[2012.05.01 20:30:38 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2003.lnk
[2012.05.01 02:58:30 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.04.30 15:07:35 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 19:33:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Bojko\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.29 13:26:53 | 000,001,594 | ---- | M] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:04:22 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2012.04.29 12:47:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012.04.29 12:36:27 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bojko\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.04.29 12:16:49 | 000,000,512 | ---- | M] () -- C:\windows\randseed.rnd
[2012.04.29 12:09:19 | 000,036,014 | -H-- | M] () -- C:\windows\System32\vsconfig.xml
[2012.04.28 13:02:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Bojko\Desktop\Word 2003.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.09 00:08:48 | 000,000,264 | ---- | C] () -- C:\windows\System32\PSUNCpl.dat
[2012.05.07 21:23:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.05.07 21:23:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.05.07 21:23:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.05.07 21:23:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.05.07 21:23:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.05.05 13:13:28 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.05 12:53:50 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012.05.05 12:53:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012.05.05 09:32:09 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.04 20:35:06 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012.05.04 20:35:06 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Bojko\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.04 20:30:55 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.04 19:55:48 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.04.30 15:21:16 | 000,000,260 | ---- | C] () -- C:\windows\tasks\WGASetup.job
[2012.04.30 15:07:34 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Bojko\Desktop\Flash_Disinfector.exe
[2012.04.29 19:35:15 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 13:22:50 | 000,001,594 | ---- | C] () -- C:\windows\VPNUnInstall.MIF
[2012.04.29 13:15:49 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012.04.29 13:14:01 | 000,003,072 | ---- | C] () -- C:\windows\System32\dllcache\iacenc.dll
[2012.04.29 12:47:49 | 000,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2012.04.29 12:47:49 | 000,064,352 | ---- | C] () -- C:\windows\System32\drivers\ativmc20.cod
[2012.04.29 12:47:47 | 000,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2012.04.15 17:49:21 | 001,152,609 | ---- | C] () -- D:\Documents\THERON-Values Firmday MUC 2005.pdf
[2010.08.30 11:28:18 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat

< End of report >

--- --- ---

Extras

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.05.2012 00:13:10 - Run 4
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Documents and Settings\Bojko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 256,21 Mb Available Physical Memory | 25,24% Memory free
2,40 Gb Paging File | 1,61 Gb Available in Paging File | 67,08% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,39 Gb Total Space | 0,48 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
Drive D: | 35,20 Gb Total Space | 0,11 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,74 Gb Total Space | 3,45 Gb Free Space | 92,19% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 216,02 Gb Free Space | 46,38% Space Free | Partition Type: NTFS
Drive I: | 3,63 Gb Total Space | 1,91 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
 
Computer Name: BBOJKO | User Name: Bojko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Bojko\Desktop\incredimail_install.exe" = C:\Documents and Settings\Bojko\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\Panda Security\Panda Security Toolbar\dtUser.exe" = C:\Program Files\Panda Security\Panda Security Toolbar\dtUser.exe:*:Enabled:Panda Security Toolbar DTX Broker -- (Visicom Media Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07DA5DF1-7407-4F8E-AD51-B63673BBB44F}" = VERITAS Backup Exec DLO Agent
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.6.0.198
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DFB275E-92F1-4D4A-A546-C5475917FA41}" = Lotus Notes 7.0.2
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6FE06890-1C53-4F70-8824-261B921B1EB8}" = Proxy Host
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Pdf995" = Pdf995
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Sametime Client v2.5" = Sametime Client v2.5
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2012 15:07:50 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 07.05.2012 15:11:06 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 07.05.2012 16:49:44 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 07.05.2012 16:49:44 | Computer Name = BBOJKO | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 07.05.2012 16:49:50 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 07.05.2012 16:50:31 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
Error - 08.05.2012 17:56:13 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 08.05.2012 17:56:14 | Computer Name = BBOJKO | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 08.05.2012 17:56:18 | Computer Name = BBOJKO | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 08.05.2012 17:58:52 | Computer Name = BBOJKO | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.6024, faulting 
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.
 
[ System Events ]
Error - 07.05.2012 16:51:03 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
 Service service to connect.
 
Error - 07.05.2012 16:51:03 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due 
to the following error:   %%1053
 
Error - 07.05.2012 16:51:06 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 08.05.2012 17:56:13 | Computer Name = BBOJKO | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOM-THERON due to the
 following:   %%1311.    Make sure that the computer is connected to the network and try
again.
 If the problem persists, please contact your domain administrator.
 
Error - 08.05.2012 17:57:46 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
 Service service to connect.
 
Error - 08.05.2012 17:57:46 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due 
to the following error:   %%1053
 
Error - 08.05.2012 17:59:09 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 08.05.2012 18:00:47 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 08.05.2012 18:00:47 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 08.05.2012 18:00:47 | Computer Name = BBOJKO | Source = Service Control Manager | ID = 7031
Description = The Avira Echtzeit Scanner service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
 
< End of report >

--- --- ---

Sorry, vergessen zu sagen: Panda habe ich heruntergeladen

kira · 09.05.2012, 04:51

Zitat:

Zitat von BernieB

1. Was genau meinst du denn mit infiziertem Datenträger? Wie gesagt ich habe mittlerweile ca 10 infizierte Datenträger (Sticks, Festplatten, etc). Soll ich die alle anschließen gleichzeitig?

natürlich das ist zu viel...dann kannst nur eines machen um die gewünschten Ergebnisse zu erzielen:

Daten aus alle Datenträger zusammensammeln, sozusagen auf als eine einzige - Platte speichern/sichern (vorher jede externe Festplatten mit Panda immunisieren:-> http://research.pandasecurity.com/Pa...-NTFS-Support/ )
dann alle andere Datenträger formatieren (bis auf neue "Sammelplatte")
"Sammelplatte" auch mit Panda immunisieren
Rechner neu aufsetzen
extern gesicherte Daten mit mindestens 3 Onlinescanner erneut prüfen - Kostenlose Online Scanner - Anleitung
Absolut empfehlenswerter Scanner:

Zitat:

Eset Online Scanner (NOD32)
Panda-Aktivscan
Symantec Security Check

Tipps & Rat:

➊
Datensicherung:
► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
- Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen
- Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall!
- Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren!

- Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...:
- die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten

Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung

➋
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7

➌
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Neuaufsetzen (Windows XP, Vista und Windows 7) - Anleitungen