bProtector for Windows searchplugins

johofer · 31.07.2012, 12:03

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Hannes :: HOFER_LAPTOP [Administrator]

Schutz: Aktiviert

31.07.2012 07:43:51
mbam-log-2012-07-31 (07-43-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 384628
Laufzeit: 1 Stunde(n), 43 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysldtray (Backdoor.Bot) -> Daten: C:\Windows\ld15.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Captcha7 (Spyware.OnlineGames) -> Daten: rundll "C:\Program Files\captcha.dll",captcha -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sysfbtray (Worm.KoobFace) -> Daten: C:\Windows\freddy73.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hannes\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\0101120101465155.xxe (KoobFace.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.07.2012 13:06:44 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Hannes\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 204,37 Mb Available Physical Memory | 20,01% Memory free
2,37 Gb Paging File | 0,33 Gb Available in Paging File | 13,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 13,26 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive E: | 54,66 Gb Total Space | 54,51 Gb Free Space | 99,73% Space Free | Partition Type: NTFS
Drive F: | 120,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HOFER_LAPTOP | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Corel\Graphics9\Programs\coreldrw.exe (Corel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll ()
MOD - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\728d1e4141a6736eaa190c50c64b1c1b\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Programme\Winamp\winampa.exe ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll ()
MOD - c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll ()
MOD - C:\Programme\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU ()
MOD - C:\Programme\TOSHIBA\ConfigFree\NotifyCFF.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Corel\Graphics9\Programs\crlweb91.dll ()
MOD - C:\Windows\System32\shw32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.2.463.83\bProtect.exe (bProtector)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (comHost) -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s3017unic) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070628.003\IDSvix86.sys (Symantec Corporation)
DRV - (s116unic) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\drivers\symids.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (SE27bus) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{379378E5-2813-4E77-81D1-880619D81CB6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension [2012.07.14 17:30:07 | 000,000,000 | ---D | M]
 
[2012.04.26 14:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions
[2012.04.26 14:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.04.26 14:15:17 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Siemens SmartSync - ScheduleSync] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3763147448-2540374928-1796028379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DE0EA00-5B9B-45B2-8284-F64A6F30A8A5}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45AF0DFF-A4DB-4ED7-B45A-AC87677CEF8B}: DhcpNameServer = 192.168.20.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.2.463.83\protector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\Shell\AutoRun\command - "" = RECYCLER\autorun.exe
O33 - MountPoints2\{15e5c95e-2107-11df-a9b2-00a0d16c74bb}\Shell\open\command - "" = RECYCLER\autorun.exe
O33 - MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc04713-b6a9-11dc-843e-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc0472d-b6a9-11dc-843e-00a0d16c74bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{8423d886-ec3c-11dd-9a8e-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{c276349d-b95b-11dc-b533-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c86227dd-128b-11dd-8f2e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce76eadd-1230-11dd-91e7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ce76ec36-1230-11dd-91e7-00a0d16c74bb}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 10:25:45 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\bProtectorForWindows
[2012.07.31 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\searchplugins
[2012.07.31 10:01:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.07.31 07:48:24 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.31 07:48:24 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.31 07:48:24 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.31 07:48:24 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.31 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\searchplugins
[2012.07.31 07:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\bProtectorForWindows
[2012.07.31 07:38:35 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2012.07.31 07:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 07:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 07:38:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.31 07:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 14:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\bProtectorForWindows
[2012.07.20 14:15:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Umsätze 2012
[2012.07.14 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Hannes\.thumbnails
[2012.07.14 17:33:03 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\fontconfig
[2012.07.14 17:32:55 | 000,000,000 | ---D | C] -- C:\Users\Hannes\.gimp-2.8
[2012.07.14 17:32:54 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\gegl-0.2
[2012.07.14 17:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.07.14 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\PerformerSoft
[2012.07.14 17:31:11 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012.07.14 17:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer
[2012.07.14 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.07.14 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Conduit
[2012.07.14 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Hannes\searchplugins
[2012.07.14 17:30:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2012.07.14 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2012.07.14 17:30:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\bProtectorForWindows
[2012.07.14 17:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2012.07.14 16:39:33 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Flaschen
[2012.07.13 10:21:18 | 002,742,264 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 002,668,536 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Calendar.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 001,931,256 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 000,894,968 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 000,815,880 | ---- | C] (Bennet-Tec Information Systems, Inc.) -- C:\Windows\System32\MDraw30.ocx
[2012.07.13 10:21:18 | 000,579,576 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v15.2.1.0213.ocx
[2012.07.13 10:21:18 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2012.07.13 10:21:17 | 000,292,864 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevEin20.ocx
[182 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 13:25:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
[2012.07.31 12:53:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 12:53:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 12:52:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 10:01:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.07.31 09:52:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 09:46:48 | 000,032,128 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\nvModes.001
[2012.07.31 09:43:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 09:42:54 | 1071,702,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 07:47:46 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.31 07:47:46 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.31 07:47:46 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.31 07:47:45 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.31 07:47:45 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.07.31 07:38:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 14:44:58 | 000,032,128 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\nvModes.dat
[2012.07.23 13:09:34 | 003,186,060 | ---- | M] () -- C:\Users\Hannes\Desktop\LBG - Kellerbuch_1943103.zip
[2012.07.20 10:47:09 | 000,000,104 | ---- | M] () -- C:\Users\Hannes\Desktop\Papierkorb.lnk
[2012.07.16 07:46:35 | 000,001,356 | ---- | M] () -- C:\Users\Hannes\AppData\Local\d3d9caps.dat
[2012.07.14 20:04:22 | 000,007,942 | ---- | M] () -- C:\Users\Hannes\AppData\Local\recently-used.xbel
[2012.07.14 17:43:15 | 000,000,061 | ---- | M] () -- C:\Users\Hannes\.gtk-bookmarks
[2012.07.14 17:30:46 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.13 09:29:01 | 000,202,912 | ---- | M] () -- C:\Users\Hannes\Desktop\44 Kleinhans.pdf
[2012.07.13 07:45:54 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.13 07:40:05 | 000,256,940 | ---- | M] () -- C:\Users\Hannes\Desktop\Foto.JPG
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[182 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 07:38:15 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 10:47:09 | 000,000,104 | ---- | C] () -- C:\Users\Hannes\Desktop\Papierkorb.lnk
[2012.07.14 20:04:22 | 000,007,942 | ---- | C] () -- C:\Users\Hannes\AppData\Local\recently-used.xbel
[2012.07.14 17:43:15 | 000,000,061 | ---- | C] () -- C:\Users\Hannes\.gtk-bookmarks
[2012.07.14 17:30:45 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.13 09:26:41 | 000,202,912 | ---- | C] () -- C:\Users\Hannes\Desktop\44 Kleinhans.pdf
[2012.07.13 07:39:55 | 000,256,940 | ---- | C] () -- C:\Users\Hannes\Desktop\Foto.JPG
[2011.02.02 09:21:06 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.05.25 15:44:03 | 000,003,431 | ---- | C] () -- C:\Users\Hannes\vorgrubber.spl
[2008.05.15 12:59:32 | 000,246,940 | ---- | C] () -- C:\Users\Hannes\logo.zip
[2008.05.13 12:25:34 | 000,320,120 | ---- | C] () -- C:\Users\Hannes\Weinfest Programm Scan 13.05.pdf
[2008.05.13 12:09:08 | 016,437,516 | ---- | C] () -- C:\Users\Hannes\weinfest.cdr
[2008.05.04 16:30:13 | 000,000,418 | ---- | C] () -- C:\Users\Hannes\Dokumente - Verknüpfung.lnk
[2008.02.27 22:00:11 | 000,015,005 | ---- | C] () -- C:\Users\Hannes\exportAddressbook.csv
[2008.01.10 17:56:12 | 000,015,428 | ---- | C] () -- C:\Users\Hannes\RefEdit.exd
[2007.07.22 15:08:17 | 000,015,360 | ---- | C] () -- C:\Users\Hannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.26 08:30:34 | 000,107,266 | ---- | C] () -- C:\Users\Hannes\Gemeinschaftskodex Wein.pdf
[2007.04.26 08:30:33 | 000,236,959 | ---- | C] () -- C:\Users\Hannes\Emailadressen.WAB
[2007.04.26 08:30:33 | 000,229,951 | ---- | C] () -- C:\Users\Hannes\Emailadressen.WA~
[2007.04.26 07:52:54 | 000,006,656 | ---- | C] () -- C:\Users\Hannes\Kontakte Vista.csv
[2007.03.21 13:34:28 | 000,006,821 | ---- | C] () -- C:\Users\Hannes\kontakte von vista.csv
[2007.03.20 12:04:43 | 000,025,773 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\UserTile.png
[2007.03.15 17:32:15 | 000,032,128 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\nvModes.dat
[2007.03.15 17:32:15 | 000,032,128 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\nvModes.001
[2007.03.15 14:04:57 | 000,001,356 | ---- | C] () -- C:\Users\Hannes\AppData\Local\d3d9caps.dat
[2002.07.10 17:09:23 | 000,000,184 | ---- | C] () -- C:\Users\Hannes\hpsfx.ini
 
========== LOP Check ==========
 
[2009.07.31 13:54:26 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Teleca
[2009.01.16 00:38:01 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FarmingSimulator2008
[2007.03.15 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ICQLite
[2010.05.12 11:46:06 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\InterTrust
[2007.07.22 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\InterVideo
[2012.07.13 10:21:19 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\LBG - Kellerbuch
[2010.11.15 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MAPILab Ltd
[2010.12.15 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\mresreg
[2011.10.12 09:46:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nokia
[2010.11.30 23:12:20 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite
[2007.03.20 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PeerNetworking
[2012.07.14 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PerformerSoft
[2011.05.03 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Teleca
[2012.04.26 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TomTom
[2007.03.20 14:00:33 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Toshiba
[2012.02.16 10:25:53 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\UDC Profiles
[2008.04.22 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Uninstall
[2007.03.16 19:52:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\XCPCSync.OEM
[2012.05.30 17:41:11 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\XnView
[2012.07.31 09:41:22 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.31 13:25:19 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >

--- --- ---

bProtector for Windows searchplugins

Plagegeister aller Art und deren Bekämpfung: bProtector for Windows searchplugins

bProtector for Windows searchplugins

Ähnliche Themen: bProtector for Windows searchplugins