Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Redirekt Virus Google und andere Bidvertiser ?! (https://www.trojaner-board.de/112189-redirekt-virus-google-andere-bidvertiser.html)

iwoflo 23.03.2012 21:44
Redirekt Virus Google und andere Bidvertiser ?!
 
Hi Leute,

ich hoffe Ihr könnt mir helfen.

Ich habe seit einigen Tagen so ein Problem mit Suchseiten. Immer wenn ich etwas suche und den link anklicke werde ich umgeleitet auf ( oft) bidvertiser und dann irgendwie weiter.

Auch wenn ich bidvertiser bei z.b. google. eingebe kommt ein schwarzer browser.

Nach meinem Kasperskycheck habe was gefunden und löschen lassen.

Aber das Problem besteht noch immer.

Bei anderen Foren habe ich bisher nur gelesen, dass die Lösung nur Benutzerspezifisch ist.
Deswegen der neue Tread.

Auch ist es so, dass wenn irgendwie ein Link Bidvertiser drin hat, kommt auch eine schwarze Seite.

Please Help ^^. :knuddel:

Vielen Dank im voraus.

PS:
Windows Vist
Notebook

So jetzt habe ich mal ein paar scans gemacht.

1x Malawarebytes
1x OTL

Hier die Logs ( alle die ich habe). Hoffe die helfen weiter.

Grüsse Flo

[code] Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Aktiviert

23.03.2012 22:59:35
mbam-log-2012-03-23 (22-59-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373756
Laufzeit: 1 Stunde(n), 22 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\aquaplay (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende) [\code]

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Deaktiviert

24.03.2012 08:59:07
mbam-log-2012-03-24 (08-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372007
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

So und jetzt noch folgende protection logs ( benötigt ? keine Ahnung hoffentlich hilft es)

Code:
2012/03/23 14:19:57 +0100        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/23 14:20:07 +0100        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/23 14:20:10 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/23 14:20:16 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/23 14:24:25 +0100        IWONA-PC        Iwona        MESSAGE        Starting database refresh
2012/03/23 14:24:25 +0100        IWONA-PC        Iwona        MESSAGE        Stopping IP protection
2012/03/23 14:24:27 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection stopped
2012/03/23 14:24:38 +0100        IWONA-PC        Iwona        MESSAGE        Database refreshed successfully
2012/03/23 14:24:38 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/23 14:30:10 +0100        IWONA-PC        Iwona        MESSAGE        Executing scheduled update:  Daily
2012/03/23 14:31:06 +0100        IWONA-PC        Iwona        ERROR        Scheduled update failed:  No address found failed with error code 11004
2012/03/23 19:01:52 +0100        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 53606, Process: avp.exe)
2012/03/23 19:01:52 +0100        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 53610, Process: avp.exe)
2012/03/23 20:30:27 +0100        IWONA-PC        Iwona        IP-BLOCK        78.46.103.44 (Type: outgoing, Port: 55079, Process: avp.exe)
2012/03/23 21:29:56 +0100        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/23 21:30:33 +0100        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/23 21:30:36 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/23 21:30:55 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/23 21:31:33 +0100        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 49195, Process: avp.exe)
2012/03/23 22:01:46 +0100        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 49499, Process: avp.exe)

jetzt noch mal der 2te scan

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Deaktiviert

24.03.2012 08:59:07
mbam-log-2012-03-24 (08-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372007
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und der protection log

Code:
2012/03/24 00:30:27 +0100        IWONA-PC        Iwona        MESSAGE        Stopping IP protection
2012/03/24 00:30:29 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection stopped
2012/03/24 06:45:37 +0100        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/24 06:45:47 +0100        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/24 06:45:50 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/24 06:45:55 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/24 07:07:51 +0100        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/24 07:07:57 +0100        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/24 07:08:00 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/24 07:08:05 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/24 07:20:53 +0100        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/24 07:21:00 +0100        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/24 07:21:03 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/24 07:21:08 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/24 10:32:39 +0100        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/24 10:32:42 +0100        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/24 10:32:45 +0100        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/24 10:32:50 +0100        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully



Hier noch die OTL logs

Code:
OTL logfile created on: 24.03.2012 10:20:34 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 75,32% Memory free
6,00 Gb Paging File | 5,52 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 30,77 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 7,46 Gb Total Space | 2,28 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.24 10:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.14 19:53:14 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.04 00:30:49 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.17 13:56:26 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.14 19:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.01.13 10:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.10.01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.02.01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.27 22:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.04.09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006.10.30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKLM\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 23:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 11:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.23 13:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.22 23:23:01 | 000,000,000 | ---D | M]
 
[2012.03.20 11:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions
[2010.09.05 18:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions
[2012.03.21 23:41:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.03.21 23:12:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.21 23:17:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.21 23:23:45 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\ext@sprng.me
[2012.03.21 23:12:26 | 000,002,112 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\searchplugins\wot-safe-search.xml
[2012.03.21 23:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 08:32:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.22 23:24:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.08.22 23:24:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\DENDZONES@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.30 12:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.12.03 01:00:29 | 000,438,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 15094 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe ()
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7C41E0-BE10-4C6C-983C-A5A12539B3B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A99EA8-11FE-4AD3-AD01-86F632F9298B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 10:19:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2012.03.23 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.23 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.23 14:15:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.23 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 17:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.22 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Kraftgeräte Isotonik
[2012.03.21 23:34:48 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\PackageAware
[2012.03.21 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.16 20:39:37 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.16 20:39:36 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.16 20:38:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.16 20:38:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.16 20:38:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.16 20:38:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.16 20:38:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.15 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Bilder Privat
[2012.03.10 22:43:25 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\ministry
[2012.03.10 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\german
[2012.03.06 19:27:29 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\ISL
[2012.03.06 19:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.03.06 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\ISL
[2012.03.03 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\SCE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 10:19:49 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.24 10:19:49 | 000,600,080 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.24 10:19:49 | 000,130,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.24 10:19:49 | 000,107,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.24 10:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.24 08:45:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 07:18:36 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.24 07:18:26 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.24 07:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 07:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 14:15:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 16:07:52 | 002,629,120 | ---- | M] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 14:53:03 | 000,006,488 | ---- | M] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 12:34:52 | 000,050,692 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.21 23:05:31 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 17:38:57 | 000,036,214 | -H-- | M] () -- C:\Users\Iwona\Desktop\mxfilerelatedcache.mxc2
[2012.03.19 15:44:27 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 14:52:32 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 14:52:14 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\templ1.html
[2012.03.19 11:11:06 | 000,007,084 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.18 23:15:26 | 000,126,976 | RHS- | M] () -- C:\Windows\System32\stdole2A.dll
[2012.03.17 08:48:25 | 000,289,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.15 19:03:54 | 000,011,199 | ---- | M] () -- C:\Users\Iwona\Desktop\Inventarliste Geräte.ods
[2012.03.14 18:43:10 | 000,027,032 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 11:49:48 | 000,008,343 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 18:34:11 | 001,953,279 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 16:55:08 | 000,006,678 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 16:25:49 | 000,010,192 | ---- | M] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.12 04:03:04 | 000,000,963 | ---- | M] () -- C:\Users\Iwona\Desktop\config.dat
[2012.03.11 17:17:41 | 000,201,728 | ---- | M] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 17:03:42 | 000,124,416 | ---- | M] (www.sft-loader.de) -- C:\Users\Iwona\Desktop\dsconn.dll
[2012.03.06 19:29:38 | 012,735,995 | ---- | M] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 19:26:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.23 14:15:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 16:11:50 | 002,629,120 | ---- | C] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 14:52:58 | 000,006,488 | ---- | C] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 12:34:49 | 000,050,692 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.21 23:05:31 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.21 23:05:30 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 17:38:30 | 000,036,214 | -H-- | C] () -- C:\Users\Iwona\Desktop\mxfilerelatedcache.mxc2
[2012.03.19 15:44:27 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 14:52:32 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 13:13:04 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\templ1.html
[2012.03.18 23:15:26 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\stdole2A.dll
[2012.03.18 23:15:26 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.14 18:43:08 | 000,027,032 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 14:37:49 | 000,007,084 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.14 11:49:46 | 000,008,343 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 18:34:05 | 001,953,279 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 16:55:06 | 000,006,678 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 16:25:47 | 000,010,192 | ---- | C] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.06 19:29:35 | 012,735,995 | ---- | C] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 19:26:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.01.23 16:33:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.03 01:34:14 | 000,000,098 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.14 21:57:48 | 000,004,915 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.03.01 19:13:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.01 19:13:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.01 19:13:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.01 19:13:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.01 19:13:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.01 19:13:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.01 19:13:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.01 19:13:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.01 19:13:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.01 19:13:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.01 19:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.01 19:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.01 19:13:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.01 19:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.01 19:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.01 19:13:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.01 19:13:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.01 19:13:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.01 19:13:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.19 14:16:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.22 23:23:56 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.22 23:23:56 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.16 00:49:27 | 000,000,036 | ---- | C] () -- C:\Users\Iwona\AppData\Local\housecall.guid.cache
[2010.05.10 21:10:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

< End of report >

UND

Code:
OTL Extras logfile created on: 24.03.2012 10:20:34 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 75,32% Memory free
6,00 Gb Paging File | 5,52 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 30,77 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 7,46 Gb Total Space | 2,28 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E1741-EDF1-4412-8C7C-B2209AE0C7BE}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{04006F6F-5E42-4B57-B49D-6BADCB61B5AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{06603ADA-EC2D-4701-8480-44D2DB684FC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0BB19C23-F746-4A9D-A4A3-94054DB8811E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0FC70A64-EFC5-4BF9-A424-B863782FFC15}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{0FF08B6A-A1E0-4CF3-A52B-27A1AE30909C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{12C65E58-CF49-4749-8D5C-A599BE16DC40}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{13BD0673-B180-403E-8AF5-07D3CB0662E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17555DE7-F56A-4AA8-AC05-DBDC02596764}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{2A8F8773-7E9D-45D2-8090-D208B96634D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{351A76FD-D34A-483B-9E80-E859F2DDF12D}" = rport=445 | protocol=6 | dir=out | app=system |
"{363CB5D1-69FC-4296-A19D-5CFC47ACE527}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{36BD9966-D043-4D6D-97DE-E6319C71E10D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{38A7BA71-6A9A-483A-B34C-F1D9A6D1FFA2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{45770112-5781-4063-BB51-62E6B4697852}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C44897D-F96A-46FC-BD4E-0119C9EB1777}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{4C687C51-9106-4ABC-BD25-9D958BA62CF2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{56C9D4D2-CA15-4D2A-B74D-72646BCCBC08}" = lport=10243 | protocol=6 | dir=in | app=system |
"{570CD276-07ED-4968-A15D-8375360A1C45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5F934B1B-CAF6-469C-BA23-035AFF317443}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{6979AB44-F56B-4F01-97F8-891F421E0924}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C3E613F-B747-41F4-9612-3D880B25BF30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C4B527E-44E1-427F-BB1B-9FA0AE4FD652}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7432D018-1AAF-4B6E-90ED-CC5043B06484}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{7A7162ED-97B3-4F24-9933-24D2F147AFD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B6B04AD-FECB-4F75-AA8B-E5C56595D145}" = lport=29137 | protocol=6 | dir=in | name=windows core service |
"{7E77A793-3165-4894-BBBE-D59FB1FF75DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{848CA032-0F99-4B7F-86E9-903BEF95AA7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{859D3BAD-FD1E-4C5A-B37B-E3B24ABA6ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{99DE5FB7-5A43-4030-B554-606C8FB61FF8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9CB02DA1-C1BA-4CD3-BBBD-79E390590F6C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A121367A-5B27-4D33-91C2-06CEDEE80323}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{A57F1A31-9A35-470B-A303-74DC15468B64}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A5F994B9-B030-4D8E-AB51-71392C6C148F}" = rport=138 | protocol=17 | dir=out | app=system |
"{A88CED61-A0D5-4A2A-B862-E2404999EC5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8B41856-0201-4761-9A79-BAAC8C1FDD12}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{AB5F8174-A8A6-4EF1-8C91-1E30E5A553BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B395CC63-A144-46F2-8965-7FC666AF76CD}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3BD5126-6F3D-4E6B-BB32-7F98D1BEF89E}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{B94F755C-DA20-44F1-B298-251D1A5154F9}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C1292AEE-C4DB-4A1C-A7C3-8DEEF499DBDC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C22C6B9D-B916-4C6B-9496-D9DB21A5AEBC}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{D142356C-CAAB-424F-8432-912BDBB4EFC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D79B984B-03BA-4B79-BCCE-68774C488797}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E65082B2-89B8-4DC1-B6B4-6BDE3A5DEF27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9AEBF31-729F-4604-B5E4-E915860966DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA2330ED-22BC-4593-9978-AA16E89D1397}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB47F7BA-C331-4DCC-B869-D89802E22A7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B0662-B026-4D43-8F2C-A4F8CDB02B8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A69EDE7-66A3-4453-8081-9EB5F5E4830B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{1055A628-764C-44C5-A82D-02181D813770}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{161F7AB2-676C-4C51-82CE-45E9B463A606}" = protocol=6 | dir=out | app=system |
"{16DBBF04-6800-47F6-AB62-361B3478BF88}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{18FA9C7B-4513-4108-B30F-1BD704A8D18D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A796952-901D-4525-878B-BBEBC5564A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F4D63FD-16A0-4F16-8193-4F88D7E6CE60}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{232FE57E-C882-4F86-A4E1-D9D7BC3CC6A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2ABE9053-16C1-4A88-8D1F-B91C60C090F0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{31D1B9D3-573E-4FF7-956B-1817D2099F69}" = protocol=6 | dir=in | app=c:\program files\buhl\business\buero plus next\bpnext.exe |
"{3F921A19-4C85-4883-8AA2-9BCD891E47D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41FBEF40-3AD5-4717-A72E-8D0957373E45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{451C356E-1BDC-4C8D-BD27-B0DA1BB3E02C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{4B365FCA-5023-4D2C-A950-00DF65409BD7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5724FB13-4437-49FD-AC94-6548F618160D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{583F09D2-F99D-4266-A6BC-FA2C616EACEA}" = protocol=17 | dir=in | app=c:\users\iwona\downloads\pdf_creator_setup.exe |
"{6A0B0BA6-48BB-4604-B598-74E212BDA513}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{6F842B4D-B6AE-4ED0-877C-FE1DE4970F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8271CCDF-6575-46DA-81EC-805B38C8A396}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{85773256-B5DB-4899-9820-26153FF6F973}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{866110BA-8516-4F4A-8F87-10CF587C78AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88018CF0-3A47-46CF-A040-0F7DC52EB918}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CE24D4D-101D-4E08-B910-1CBC28D64D8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9DB6780D-D823-444B-AF12-54FA73CD1F7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A03A97F6-33AE-4B25-A572-B0AEDEB0B543}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A17B1335-6DD7-482A-93DF-2B6138B286E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A9DBEE33-B80F-4D9A-8061-937ACE7F501D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6A1A581-275B-46A0-BDF4-CFD977F1FF0A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B7756F95-91CD-4CD6-BD01-F9051B56C799}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C1F5D673-DAB4-443C-AF3F-2F99791162E3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{CC4EBA22-0622-49F9-BD0A-194EA571C859}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{D14D57D8-8C50-4410-A89F-121413AA517E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAD100AE-8050-4E93-9119-8482F677E4F0}" = protocol=17 | dir=in | app=c:\program files\buhl\business\buero plus next\bpnext.exe |
"{E0EC9C10-AA45-40F9-A7E9-072EF1FD7840}" = protocol=6 | dir=in | app=c:\users\iwona\downloads\pdf_creator_setup.exe |
"TCP Query User{4082258C-731B-4555-92CE-2E35CB7B254D}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe |
"TCP Query User{4F152418-D3BD-4A6B-824B-4841A4BB7CC6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{5D9F5AA9-9458-41CC-AFFA-2907E6218BE0}C:\users\iwona\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\iwona\desktop\leecher.exe |
"TCP Query User{71855612-1E2F-41DB-92F5-4DC0D39B0861}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe |
"TCP Query User{B96B2416-BE3E-4C3C-B207-978463F28C6B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{CB60BBE0-AA6F-4252-A764-B8EDAB9C9E33}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe |
"TCP Query User{D10141D0-6F1C-49C4-A658-7157BC2438F7}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{05CE9062-0C39-44A5-9E5B-3FFB9A191D8A}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe |
"UDP Query User{46822B7A-B21A-4204-AA62-E80007713B58}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe |
"UDP Query User{6F41738E-71BE-4451-AEBB-DF06FCE92646}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{AAA52008-717D-4983-B57F-7EDD33DDB3E6}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe |
"UDP Query User{AF6D8815-2D89-458D-A4EA-1D426FE6A9D1}C:\users\iwona\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\iwona\desktop\leecher.exe |
"UDP Query User{B075C078-53DE-4B72-BC18-79C52318D96E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{B3D3D7D6-0676-4F86-8E39-1D42579B4FBC}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{02DD09E1-3365-75C2-BFD0-43412EEFB45E}" = CCC Help Finnish
"{033649DD-2651-D029-5663-29E61094E7E8}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A084990-69FE-6D33-4BD0-AD6FD8AE57E8}" = CCC Help Japanese
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11E2CEB4-09B4-1392-392D-4FAA23B88AF8}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1365D613-47EA-38F7-BD83-0F1A8E6AFAAE}" = CCC Help Polish
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2012
"{160D6F45-15AF-10A2-DC61-FB4FE5CBE9BA}" = Skins
"{18796D6B-60D7-2771-D145-90A366A9A78D}" = CCC Help German
"{1ABBBBA0-A790-3C9D-F806-A14140BCDFBF}" = ccc-utility
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F26C039-E655-91CB-E3AD-82A272BCD8B6}" = CCC Help English
"{2015087B-31D9-8661-5A9C-B1EA6D3C22C0}" = CCC Help Turkish
"{202B6750-A01B-A7BD-7D0B-ADE001239C04}" = CCC Help Hungarian
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2547290E-8DDF-7479-4E73-9CFE99989F08}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{28E9B542-E70C-8C81-D5A9-D4410FDDA1D8}" = Catalyst Control Center Localization Korean
"{2B95D414-26A8-8DD6-567E-E58B2C0CAF69}" = CCC Help Czech
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3347DE17-A1EE-16C6-A7B0-F474FB3B985A}" = Catalyst Control Center Localization Dutch
"{353A838E-85B5-F8E7-FABA-EA2055DD4418}" = ccc-core-static
"{35691D1C-EBA1-D1BF-53D0-00BD59713DF5}" = Catalyst Control Center Localization Finnish
"{36F7B270-B9EF-E9AB-87AE-67FE6EBD232B}" = CCC Help Danish
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38767763-328D-7529-7E25-909C15ED2A87}" = Catalyst Control Center Localization Russian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA3B438-18DB-97BE-FB52-AEF329CF85E5}" = Catalyst Control Center Localization Hungarian
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{46516ED6-47E6-31C1-F3A7-1D280FBA6438}" = Catalyst Control Center Localization Portuguese
"{46EB4EC8-F43A-D6D9-97EB-A23B625BD8C9}" = CCC Help Korean
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F3D958A-ADBF-98D0-5F7C-25B61B9FC941}" = Catalyst Control Center Graphics Previews Vista
"{60D1F96A-1858-6EFC-1303-425BA95DB80E}" = Catalyst Control Center Localization Japanese
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61CA53F0-C162-DD83-64CA-3746A5ECA94A}" = Catalyst Control Center Localization Danish
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6717AD52-855E-BA83-C733-151C5D9EAFF5}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7613C81D-378E-BECD-0FFC-8C4345FAD40C}" = ATI Catalyst Install Manager
"{76F0B78F-8E7F-1FD5-5A16-4D7DE94871B1}" = Catalyst Control Center Localization Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B5F16F1-6929-74B3-6265-62DBD5AC997F}" = Catalyst Control Center Localization Turkish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC30050-DAEC-8076-8DC9-30012A0B5EC9}" = CCC Help Greek
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE70EF8-F70C-E35C-CC76-AD0B85827C08}" = Catalyst Control Center Graphics Full Existing
"{8CF50625-4147-9026-6BF2-8AB7CE8ABE93}" = Catalyst Control Center Localization Polish
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{949D54CF-E476-30C5-42A8-69C75C51A875}" = CCC Help Swedish
"{97E9C12B-1319-B6AF-39E4-E8204C887564}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A58DF0E3-4A0C-2BCE-0761-A04A38302E61}" = CCC Help Thai
"{A8432E22-FDAD-02FE-6FD5-E1395C186FBB}" = Catalyst Control Center Localization Italian
"{A871F719-F328-8A59-951E-C57E165DA65A}" = Catalyst Control Center Localization French
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AD8178D1-B2E2-43E7-63E4-1320DD2E0F27}" = Catalyst Control Center Localization Chinese Standard
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B063AFC7-F4E1-8164-6FA9-DC72C7A5DC22}" = Catalyst Control Center Localization Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6A7D977-9617-6175-8B4C-F365B1C0E75E}" = Catalyst Control Center Graphics Full New
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}" = EASY Office
"{BDD9AC08-2895-DE6A-2539-F026FC3A7905}" = CCC Help Portuguese
"{C606A7D5-6F16-8D93-CB93-3CD545F0FD90}" = Catalyst Control Center Localization Spanish
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CBA24065-7561-3A01-B624-620C4B5532E7}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D79B4F31-E69A-04C3-C5C9-9CB8DD0F2331}" = CCC Help Russian
"{D819A5E4-30CB-0D5E-2034-B16A9342F0DB}" = Catalyst Control Center Localization Greek
"{D915CDB9-E57D-FF82-251B-83776E954615}" = Catalyst Control Center Localization Thai
"{D962B2EA-1848-3A51-CB4A-45C82D4FF543}" = Catalyst Control Center Localization German
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC91AE54-9AA2-2CB2-180A-36B16069FB47}" = Catalyst Control Center Localization Czech
"{DED6CDFB-5C63-DA19-8CD1-1EE016717139}" = CCC Help Chinese Traditional
"{E1266AC2-A3B5-1FBC-4776-16AF83C22E26}" = CCC Help Dutch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E56E2DFF-9B53-E03A-4913-57F35764C659}" = Catalyst Control Center Localization Norwegian
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E6B5F5E7-51B6-D334-D953-35B847A81AC7}" = CCC Help Spanish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Catan" = Catan - Die erste Insel
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LetsTrade" = LetsTrade Komponenten
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"myphotobook" = myphotobook 3.5
"Online Poststelle_is1" = Online Poststelle - Druckertreiber 2.1.102
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.2
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"xp-AntiSpy" = xp-AntiSpy 3.96-8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
"PokerOffice5" = PokerOffice (remove only)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Greetz Flo:dankeschoen:

cosinus 25.03.2012 16:13
Zitat:
Nach meinem Kasperskycheck habe was gefunden und löschen lassen.
Und was? Das Log bzw die Infos darüber musst du auch alle posten

iwoflo 25.03.2012 17:07
Hi Cosinus,

hier der Log vom Kaspersky.

Alles was ich da habe:

Code:
Gelöscht (5)       
20.03.2012 14:25:21        Gelöscht        trojanisches Programm Exploit.JS.Pdfka.fps        C:\Documents and Settings\Iwona\AppData\Local\Temp\plugtmp\plugin-ap2.php        Hoch       
20.03.2012 23:28:34        Gelöscht        trojanisches Programm Trojan-PSW.Win32.Fareit.om        C:\Windows\Temp\6313a1.exe        Hoch       
20.03.2012 11:31:58        Gelöscht        trojanisches Programm Trojan.Win32.Inject.dhxb        c:\users\iwona\appdata\local\temp\mor.exe//PE_Patch.PECompact        Hoch       
20.03.2012 11:31:58        Gelöscht        trojanisches Programm Trojan.Win32.Inject.dhxb        c:\users\iwona\appdata\local\temp\mor.exe//PE_Patch.PECompact//PecBundle        Hoch       
20.03.2012 11:31:58        Gelöscht        trojanisches Programm Trojan.Win32.Inject.dhxb        c:\users\iwona\appdata\local\temp\mor.exe//PE_Patch.PECompact//PecBundle//PECompact        Hoch


Eben nochmals ESET laufen lassen als Admin:

7 Treads

Nur weiß ich bei dem Onlinescanner nicht, wie ich die Log bekomme.

Gruss

cosinus 25.03.2012 18:07
Zitat:
Nur weiß ich bei dem Onlinescanner nicht, wie ich die Log bekomme.
Dazu müsste man die Anleitung mal richtig lesen :D
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

iwoflo 25.03.2012 18:16
Ja jetzt kommt mir die Anleitung bekannt vor :daumenhoc

Aber das alles ist neu für mich. Sorry. Ich tue mein bestes :heilig:

Hier der Eset log

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=74ed6b4bbe75f743884d9b0743f7e7d9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 02:15:13
# local_time=2012-03-25 04:15:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 50160459 50160459 0 0
# compatibility_mode=5892 16776574 100 100 0 170208925 0 0
# compatibility_mode=8192 67108863 100 0 314560 314560 0 0
# scanned=226603
# found=7
# cleaned=7
# scan_time=8715
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\Launcher.exe        a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rbmonitor.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rbnotifier.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rb_move_serial.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\rb_ubm.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Iwona\AppData\Local\Temp\mia407A.tmp\data\OFFLINE\3A53B68B\DB750381\registrybooster.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Iwona\Desktop\test\registrybooster.exe        a variant of Win32/RegistryBooster application (deleted - quarantined)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
Greetz Flo

cosinus 25.03.2012 18:18
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

iwoflo 25.03.2012 18:52
Habe während des Suchlaufes den Wlan schalter aus gemacht.

Ich hoffe, dass dies i.O. ist oder muss ich das nochmal machen?

Hier der Log:

Code:
OTL logfile created on: 25.03.2012 19:28:57 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 63,63% Memory free
5,96 Gb Paging File | 4,99 Gb Available in Paging File | 83,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 26,33 Gb Free Space | 22,40% Space Free | Partition Type: NTFS
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.24 11:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009.12.03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.22 14:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.02.12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007.12.14 21:28:38 | 004,726,784 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\BlackPng.dll
MOD - [2007.07.27 23:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\Toshiba\TBS\NotifyTBS.dll
MOD - [2006.10.10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.14 20:53:14 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.04 01:30:49 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.17 14:56:26 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.14 20:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.01.13 11:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.10.01 17:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.02.01 12:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.15 11:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.26 11:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.16 15:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 15:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKLM\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 00:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 12:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.23 14:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.23 00:23:01 | 000,000,000 | ---D | M]
 
[2012.03.20 12:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions
[2010.09.05 19:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.22 00:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions
[2012.03.22 00:41:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.03.22 00:12:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.22 00:17:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.22 00:23:45 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\ext@sprng.me
[2012.03.22 00:12:26 | 000,002,112 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\searchplugins\wot-safe-search.xml
[2012.03.22 00:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 09:32:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.23 00:24:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.08.23 00:24:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\DENDZONES@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.30 13:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.12.03 02:00:29 | 000,438,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 15094 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe ()
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7C41E0-BE10-4C6C-983C-A5A12539B3B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A99EA8-11FE-4AD3-AD01-86F632F9298B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Foldery w sieci Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 11:19:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2012.03.23 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.23 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.23 15:15:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.23 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 18:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.22 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Kraftgeräte Isotonik
[2012.03.22 00:34:48 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\PackageAware
[2012.03.21 23:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.15 16:48:59 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Bilder Privat
[2012.03.10 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\german
[2012.03.06 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\ISL
[2012.03.06 20:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.03.06 20:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\ISL
[2012.03.03 17:22:30 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\SCE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 19:00:02 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.25 18:03:36 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.25 18:03:36 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.25 18:03:36 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.25 18:03:36 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.25 18:02:32 | 000,201,728 | ---- | M] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.25 17:49:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 17:49:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 17:48:59 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.25 17:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 17:48:49 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.24 11:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 15:15:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 17:07:52 | 002,629,120 | ---- | M] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 15:53:03 | 000,006,488 | ---- | M] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 13:34:52 | 000,050,692 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.22 00:05:31 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 16:44:27 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 15:52:32 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 12:11:06 | 000,007,084 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.19 00:15:26 | 000,126,976 | RHS- | M] () -- C:\Windows\System32\stdole2A.dll
[2012.03.17 09:48:25 | 000,289,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.15 20:03:54 | 000,011,199 | ---- | M] () -- C:\Users\Iwona\Desktop\Inventarliste Geräte.ods
[2012.03.14 19:43:10 | 000,027,032 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 12:49:48 | 000,008,343 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 19:34:11 | 001,953,279 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 17:55:08 | 000,006,678 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 17:25:49 | 000,010,192 | ---- | M] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.12 05:03:04 | 000,000,963 | ---- | M] () -- C:\Users\Iwona\Desktop\config.dat
[2012.03.11 18:03:42 | 000,124,416 | ---- | M] (www.sft-loader.de) -- C:\Users\Iwona\Desktop\dsconn.dll
[2012.03.06 20:29:38 | 012,735,995 | ---- | M] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 20:26:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 11:30:02 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.23 15:15:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 17:11:50 | 002,629,120 | ---- | C] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 15:52:58 | 000,006,488 | ---- | C] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 13:34:49 | 000,050,692 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.22 00:05:31 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.22 00:05:30 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 16:44:27 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 15:52:32 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 00:15:26 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\stdole2A.dll
[2012.03.19 00:15:26 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.14 19:43:08 | 000,027,032 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 15:37:49 | 000,007,084 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.14 12:49:46 | 000,008,343 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 19:34:05 | 001,953,279 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 17:55:06 | 000,006,678 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 17:25:47 | 000,010,192 | ---- | C] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.06 20:29:35 | 012,735,995 | ---- | C] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 20:26:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.01.23 17:33:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.03 02:34:14 | 000,000,098 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.14 22:57:48 | 000,004,915 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.03.01 20:13:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.01 20:13:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.01 20:13:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.01 20:13:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.01 20:13:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.01 20:13:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.01 20:13:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.01 20:13:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.01 20:13:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.01 20:13:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.01 20:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.01 20:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.01 20:13:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.01 20:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.01 20:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.01 20:13:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.01 20:13:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.01 20:13:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.01 20:13:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.19 15:16:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.23 00:23:56 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.23 00:23:56 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.16 01:49:27 | 000,000,036 | ---- | C] () -- C:\Users\Iwona\AppData\Local\housecall.guid.cache
[2010.05.10 22:10:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
 
========== LOP Check ==========
 
[2009.08.12 00:43:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service
[2010.01.27 00:46:30 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service GmbH
[2012.03.17 06:12:26 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ComCenter
[2011.07.23 12:56:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\EPSON
[2012.01.29 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\FileZilla
[2009.11.12 09:45:46 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\GHISLER
[2011.11.28 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\gtk-2.0
[2011.05.14 01:26:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\HEM Data
[2011.01.15 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\LolClient
[2011.11.27 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia
[2010.10.02 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia Ovi Suite
[2011.05.02 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nvu
[2008.10.13 22:43:33 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\OpenOffice.org
[2011.06.11 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\PC Suite
[2011.05.15 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\postgresql
[2009.12.26 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\QuickScan
[2011.08.19 02:10:13 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Research In Motion
[2010.09.05 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Thunderbird
[2008.09.18 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Toshiba
[2008.09.04 01:29:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\TuneUp Software
[2010.08.23 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\XnView
[2008.12.17 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2012.03.25 19:00:02 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.03.24 20:53:36 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.25 17:48:59 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\swxsiwun.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.14 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Adobe
[2011.04.24 02:22:36 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Apple Computer
[2008.09.01 17:55:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ATI
[2009.08.12 00:43:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service
[2010.01.27 00:46:30 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Buhl Data Service GmbH
[2012.03.17 06:12:26 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\ComCenter
[2008.10.02 00:01:16 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\DivX
[2011.07.23 12:56:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\EPSON
[2010.08.22 23:59:11 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\FastStone
[2012.01.29 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\FileZilla
[2009.11.12 09:45:46 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\GHISLER
[2008.11.20 22:36:56 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Google
[2011.11.28 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\gtk-2.0
[2011.05.14 01:26:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\HEM Data
[2008.09.01 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Identities
[2008.09.01 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\InstallShield
[2011.01.15 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\LolClient
[2008.09.02 01:55:17 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Macromedia
[2012.03.23 15:16:24 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Media Center Programs
[2010.09.02 17:56:21 | 000,000,000 | --SD | M] -- C:\Users\Iwona\AppData\Roaming\Microsoft
[2012.03.22 00:06:27 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Mozilla
[2010.10.12 00:08:10 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nero
[2011.11.27 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia
[2010.10.02 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nokia Ovi Suite
[2011.05.02 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Nvu
[2008.10.13 22:43:33 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\OpenOffice.org
[2011.06.11 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\PC Suite
[2011.05.15 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\postgresql
[2009.12.26 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\QuickScan
[2011.08.19 02:10:13 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Research In Motion
[2012.03.15 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Skype
[2011.12.29 16:19:50 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\skypePM
[2010.09.05 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Thunderbird
[2008.09.18 09:52:36 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Toshiba
[2008.09.04 01:29:38 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\TuneUp Software
[2011.04.25 06:19:56 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\vlc
[2010.08.23 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\XnView
[2008.12.17 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Iwona\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
 
< %APPDATA%\*.exe /s >
[2008.12.17 01:42:42 | 000,038,200 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.19 02:09:42 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
[2010.09.02 17:56:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}\ARPPRODUCTICON.exe
[2010.09.02 17:56:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}\NewShortcut11_8B5959CC74474B2CBAA72EAA9FF0E4D7.exe
[2010.09.02 17:56:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Iwona\AppData\Roaming\Microsoft\Installer\{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}\NewShortcut1_8B5959CC74474B2CBAA72EAA9FF0E4D7.exe
[2012.03.22 00:32:27 | 000,158,000 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2010.09.14 20:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.07.01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[2012.03.19 00:15:26 | 000,126,976 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\stdole2A.dll

< End of report >

Gruss Flo

cosinus 26.03.2012 12:09
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Windows\Tasks\swxsiwun.job
C:\Users\Iwona\Desktop\test\registrybooster.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

iwoflo 26.03.2012 19:00
Hallo Arne,

danke für den Fix.

Der PC läuft irgendwie besser. Fährt schneller hoch.

Leider kann ich erst jetzt wieder antworten, da dies nur über einen 2t PC geht, da ich mit dem Infizierten nicht auf den Tread komme :kloppen:

Naja hab jetzt mal alles geschrieben, was mir einfällt. Hoffe es ist hilfreich.

Hier der LOG:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Windows\Tasks\swxsiwun.job moved successfully.
File\Folder C:\Users\Iwona\Desktop\test\registrybooster.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Iwona
->Temp folder emptied: 31798969 bytes
->Temporary Internet Files folder emptied: 568103101 bytes
->Java cache emptied: 11574702 bytes
->FireFox cache emptied: 46218224 bytes
->Google Chrome cache emptied: 26844440 bytes
->Flash cache emptied: 502735 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8447066 bytes
RecycleBin emptied: 100953423 bytes
 
Total Files Cleaned = 758,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03262012_132441

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Folgende Situationen bestehen noch:

1. Nachdem ich den Computer gestartet habe kommt folgendes:

DOS-MODUS:

Code:
Phoenix TrustedCore(tm) NB
Copyright 1985-2006 Phonix Technologies Ltd.
All Rights Reserved

ATI Herring (DDR2 + RS690M/T/SB600)
CPU = AMD Turion(tm) 64 X2 Mobile Technology TL-62
CPU Speed = 2100 Mhz

639 System Ram Passed
2942M Extended Ram Passed
1024 KB L2 Cache
System BIOS shadowed
Video BIOS shadowed
ATAPI CD-ROM: TSSTcorp CDDVDW TS-L632H
Fixed Disk 0: TOSHIBA MK2546GSK
Mouse initialized
ERROR
System Configuration Data Read Error

Press <F1> to resume, <F2> to Setup

Hat das etwas mit dem Virus zu tuen? Habe ich bestimmt schon 1/2 Jahr.


2. Bei Browserbentutzung: (hier Firefox) und z.B. Klick des Themenlinks in eurem Forum ( um z.B. zu lesen)



Bei Nutzung und Eingabe von Bidvertiser bei Google kommt kommt ein Schwarzes ( gräuliches ) Bild
Oben im Reiter steht search ( GIF-Grafik,1x1 Pixel )

Adresszeile: www.google.de/search?hl=de&output=search/sclient=psy-ab&q=bidvertiser&oq...aaq0QWS4oi1Bg.1332784119924.3&emsg=NCSR&noj=1&ei=-KtwT_nhCaaq0QWS4oi1Bg

3. Googlesuche:
bei Suchergebnissen werde ich auf folgende Seite geleitet:
www.thealltimes.com
Während des Umleitens kommt im Browserfenster ein ca. 11 Zeiliger Code ( Html?)

4.Malawarebytes blockt immer noch eine Verbindung zu einer unsicheren Seite.


Vielen Dank so weit!

Flo

cosinus 26.03.2012 20:02
Zitat:
1. Nachdem ich den Computer gestartet habe kommt folgendes:

DOS-MODUS:
Das ist kein DOS, das sind POST-Meldungen!

Zitat:
ERROR
System Configuration Data Read Error
Was das genau heißen mag, kann man vllt mal ergooglen evtl lässt sich auch im Handbuch was dazu finden

Zitat:
Hat das etwas mit dem Virus zu tuen? Habe ich bestimmt schon 1/2 Jahr.
Nein, da diese Meldungen vom POST/BIOS sind ist noch garnicht das Betriebssystem geladen was du üblicherweise benutzt.

Zitat:
4.Malawarebytes blockt immer noch eine Verbindung zu einer unsicheren Seite.
Wenn du schon sowas mitteilen musst, warum postest du denn nicht gleich das Log? Wäre sinnvoll oder nicht? :confused:

iwoflo 26.03.2012 20:25
Danke für die Infos.

Wie man sieht ist dies nicht so mein Bereich :confused:


Hier die letzte Protection LOG Datei:

Code:
2012/03/26 12:42:52 +0200        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/26 12:42:58 +0200        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/26 12:43:01 +0200        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/26 12:43:06 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/26 12:50:53 +0200        IWONA-PC        Iwona        MESSAGE        Executing scheduled update:  Daily
2012/03/26 12:51:35 +0200        IWONA-PC        Iwona        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.25.01 to version v2012.03.26.02
2012/03/26 12:51:35 +0200        IWONA-PC        Iwona        MESSAGE        Starting database refresh
2012/03/26 12:51:35 +0200        IWONA-PC        Iwona        MESSAGE        Stopping IP protection
2012/03/26 12:51:36 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection stopped
2012/03/26 12:51:41 +0200        IWONA-PC        Iwona        MESSAGE        Database refreshed successfully
2012/03/26 12:51:41 +0200        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/26 12:51:46 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/26 12:52:37 +0200        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 49289, Process: avp.exe)
2012/03/26 13:24:21 +0200        IWONA-PC        Iwona        MESSAGE        Stopping IP protection
2012/03/26 13:24:23 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection stopped
2012/03/26 13:31:13 +0200        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/26 13:31:20 +0200        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/26 13:31:23 +0200        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/26 13:31:28 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/26 19:20:04 +0200        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/26 19:20:13 +0200        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/26 19:20:16 +0200        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/26 19:20:22 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/26 19:43:34 +0200        IWONA-PC        Iwona        MESSAGE        Starting protection
2012/03/26 19:43:40 +0200        IWONA-PC        Iwona        MESSAGE        Protection started successfully
2012/03/26 19:43:43 +0200        IWONA-PC        Iwona        MESSAGE        Starting IP protection
2012/03/26 19:43:48 +0200        IWONA-PC        Iwona        MESSAGE        IP Protection started successfully
2012/03/26 19:53:30 +0200        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 49262, Process: avp.exe)
2012/03/26 20:23:42 +0200        IWONA-PC        Iwona        IP-BLOCK        195.88.209.15 (Type: outgoing, Port: 49379, Process: avp.exe)
Gruss Flo

cosinus 26.03.2012 21:42
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

iwoflo 26.03.2012 22:24
Code:
23:18:07.0974 3212        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:18:08.0042 3212        ============================================================
23:18:08.0042 3212        Current date / time: 2012/03/26 23:18:08.0042
23:18:08.0042 3212        SystemInfo:
23:18:08.0042 3212       
23:18:08.0042 3212        OS Version: 6.0.6002 ServicePack: 2.0
23:18:08.0042 3212        Product type: Workstation
23:18:08.0042 3212        ComputerName: IWONA-PC
23:18:08.0042 3212        UserName: Iwona
23:18:08.0042 3212        Windows directory: C:\Windows
23:18:08.0042 3212        System windows directory: C:\Windows
23:18:08.0042 3212        Processor architecture: Intel x86
23:18:08.0042 3212        Number of processors: 2
23:18:08.0042 3212        Page size: 0x1000
23:18:08.0043 3212        Boot type: Normal boot
23:18:08.0043 3212        ============================================================
23:18:09.0444 3212        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:18:09.0448 3212        Drive \Device\Harddisk1\DR2 - Size: 0x1DE800000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:18:09.0450 3212        \Device\Harddisk0\DR0:
23:18:09.0457 3212        MBR used
23:18:09.0457 3212        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xEB14000
23:18:09.0457 3212        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEE02800, BlocksNum 0xE3C3000
23:18:09.0457 3212        \Device\Harddisk1\DR2:
23:18:09.0458 3212        MBR used
23:18:09.0458 3212        \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEF3FE0
23:18:09.0554 3212        Initialize success
23:18:09.0554 3212        ============================================================
23:18:20.0041 6116        ============================================================
23:18:20.0041 6116        Scan started
23:18:20.0041 6116        Mode: Manual; SigCheck; TDLFS;
23:18:20.0041 6116        ============================================================
23:18:21.0357 6116        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:18:21.0491 6116        ACPI - ok
23:18:21.0916 6116        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:18:21.0940 6116        adp94xx - ok
23:18:22.0083 6116        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:18:22.0101 6116        adpahci - ok
23:18:22.0131 6116        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:18:22.0145 6116        adpu160m - ok
23:18:22.0192 6116        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:18:22.0208 6116        adpu320 - ok
23:18:22.0314 6116        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:18:22.0341 6116        AeLookupSvc - ok
23:18:22.0433 6116        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:18:22.0454 6116        AFD - ok
23:18:22.0564 6116        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:18:22.0577 6116        agp440 - ok
23:18:22.0675 6116        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:18:22.0693 6116        aic78xx - ok
23:18:22.0810 6116        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:18:22.0842 6116        ALG - ok
23:18:22.0875 6116        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:18:22.0888 6116        aliide - ok
23:18:22.0977 6116        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:18:22.0991 6116        amdagp - ok
23:18:23.0012 6116        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:18:23.0025 6116        amdide - ok
23:18:23.0083 6116        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:18:23.0113 6116        AmdK7 - ok
23:18:23.0134 6116        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:18:23.0165 6116        AmdK8 - ok
23:18:23.0250 6116        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:18:23.0271 6116        Appinfo - ok
23:18:23.0313 6116        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:18:23.0328 6116        arc - ok
23:18:23.0386 6116        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:18:23.0399 6116        arcsas - ok
23:18:23.0478 6116        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:23.0510 6116        AsyncMac - ok
23:18:23.0556 6116        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:18:23.0569 6116        atapi - ok
23:18:23.0643 6116        Ati External Event Utility (581b9be9e92a0f3856cc85ec011edc6f) C:\Windows\system32\Ati2evxx.exe
23:18:23.0691 6116        Ati External Event Utility - ok
23:18:23.0911 6116        atikmdag        (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
23:18:23.0989 6116        atikmdag - ok
23:18:24.0143 6116        AtiPcie        (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:18:24.0158 6116        AtiPcie - ok
23:18:24.0229 6116        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:18:24.0259 6116        AudioEndpointBuilder - ok
23:18:24.0273 6116        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:18:24.0313 6116        Audiosrv - ok
23:18:24.0430 6116        AVP            (946d70667b0119f2beeae0849e1d46a2) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
23:18:24.0483 6116        AVP - ok
23:18:24.0587 6116        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:18:24.0618 6116        Beep - ok
23:18:24.0683 6116        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:18:24.0714 6116        BFE - ok
23:18:24.0876 6116        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
23:18:24.0917 6116        BITS - ok
23:18:24.0978 6116        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:18:25.0008 6116        blbdrive - ok
23:18:25.0114 6116        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:18:25.0131 6116        bowser - ok
23:18:25.0171 6116        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:18:25.0196 6116        BrFiltLo - ok
23:18:25.0245 6116        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:18:25.0270 6116        BrFiltUp - ok
23:18:25.0315 6116        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:18:25.0347 6116        Browser - ok
23:18:25.0514 6116        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:18:25.0570 6116        Brserid - ok
23:18:25.0678 6116        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:18:25.0731 6116        BrSerWdm - ok
23:18:25.0999 6116        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:18:26.0051 6116        BrUsbMdm - ok
23:18:26.0174 6116        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:18:26.0227 6116        BrUsbSer - ok
23:18:26.0375 6116        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:18:26.0428 6116        BTHMODEM - ok
23:18:26.0494 6116        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:18:26.0525 6116        cdfs - ok
23:18:26.0696 6116        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:18:26.0720 6116        cdrom - ok
23:18:26.0794 6116        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:18:26.0820 6116        CertPropSvc - ok
23:18:27.0050 6116        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:18:27.0082 6116        circlass - ok
23:18:27.0323 6116        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:18:27.0342 6116        CLFS - ok
23:18:27.0483 6116        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:18:27.0498 6116        clr_optimization_v2.0.50727_32 - ok
23:18:27.0630 6116        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:18:27.0646 6116        clr_optimization_v4.0.30319_32 - ok
23:18:27.0763 6116        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:18:27.0795 6116        CmBatt - ok
23:18:27.0827 6116        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:18:27.0841 6116        cmdide - ok
23:18:27.0885 6116        CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
23:18:27.0903 6116        CnxtHdAudAddService - ok
23:18:28.0027 6116        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:18:28.0041 6116        Compbatt - ok
23:18:28.0093 6116        COMSysApp - ok
23:18:28.0195 6116        ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:18:28.0202 6116        ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
23:18:28.0202 6116        ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
23:18:28.0395 6116        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:18:28.0407 6116        crcdisk - ok
23:18:28.0555 6116        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:18:28.0587 6116        Crusoe - ok
23:18:28.0652 6116        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:18:28.0679 6116        CryptSvc - ok
23:18:28.0900 6116        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:18:28.0938 6116        DcomLaunch - ok
23:18:29.0119 6116        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:18:29.0136 6116        DfsC - ok
23:18:29.0391 6116        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:18:29.0646 6116        DFSR - ok
23:18:29.0849 6116        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:18:29.0877 6116        Dhcp - ok
23:18:29.0998 6116        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:18:30.0012 6116        disk - ok
23:18:30.0136 6116        DNIMp50        (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
23:18:30.0143 6116        DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
23:18:30.0143 6116        DNIMp50 - detected UnsignedFile.Multi.Generic (1)
23:18:30.0207 6116        DNISp50        (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
23:18:30.0213 6116        DNISp50 ( UnsignedFile.Multi.Generic ) - warning
23:18:30.0213 6116        DNISp50 - detected UnsignedFile.Multi.Generic (1)
23:18:30.0287 6116        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:18:30.0304 6116        Dnscache - ok
23:18:30.0426 6116        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:18:30.0453 6116        dot3svc - ok
23:18:30.0535 6116        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:18:30.0569 6116        DPS - ok
23:18:30.0691 6116        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:18:30.0715 6116        drmkaud - ok
23:18:30.0887 6116        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:18:30.0922 6116        DXGKrnl - ok
23:18:31.0139 6116        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:18:31.0173 6116        E1G60 - ok
23:18:31.0291 6116        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:18:31.0319 6116        EapHost - ok
23:18:31.0405 6116        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:18:31.0421 6116        Ecache - ok
23:18:31.0597 6116        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:18:31.0617 6116        ehRecvr - ok
23:18:31.0634 6116        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:18:31.0652 6116        ehSched - ok
23:18:31.0777 6116        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:18:31.0795 6116        ehstart - ok
23:18:31.0960 6116        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:18:31.0990 6116        elxstor - ok
23:18:32.0209 6116        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:18:32.0240 6116        EMDMgmt - ok
23:18:32.0437 6116        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:18:32.0468 6116        ErrDev - ok
23:18:32.0627 6116        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:18:32.0659 6116        EventSystem - ok
23:18:32.0775 6116        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:18:32.0794 6116        exfat - ok
23:18:32.0980 6116        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:18:33.0006 6116        fastfat - ok
23:18:33.0085 6116        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:18:33.0116 6116        fdc - ok
23:18:33.0316 6116        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:18:33.0348 6116        fdPHost - ok
23:18:33.0380 6116        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:18:33.0434 6116        FDResPub - ok
23:18:33.0484 6116        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:18:33.0498 6116        FileInfo - ok
23:18:33.0543 6116        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:18:33.0573 6116        Filetrace - ok
23:18:33.0718 6116        FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
23:18:33.0761 6116        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
23:18:33.0761 6116        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
23:18:33.0903 6116        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:18:33.0933 6116        flpydisk - ok
23:18:33.0977 6116        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:18:33.0993 6116        FltMgr - ok
23:18:34.0081 6116        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:18:34.0116 6116        FontCache - ok
23:18:34.0215 6116        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:18:34.0228 6116        FontCache3.0.0.0 - ok
23:18:34.0300 6116        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:18:34.0326 6116        Fs_Rec - ok
23:18:34.0354 6116        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:18:34.0368 6116        gagp30kx - ok
23:18:34.0498 6116        GoogleDesktopManager (4edbba45ba5662945c7ac2c4cc80911f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:18:34.0548 6116        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
23:18:34.0548 6116        GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
23:18:34.0704 6116        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:18:34.0739 6116        gpsvc - ok
23:18:34.0810 6116        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:18:34.0830 6116        HdAudAddService - ok
23:18:34.0941 6116        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:18:34.0999 6116        HDAudBus - ok
23:18:35.0062 6116        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:18:35.0115 6116        HidBth - ok
23:18:35.0148 6116        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:18:35.0199 6116        HidIr - ok
23:18:35.0287 6116        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
23:18:35.0306 6116        hidserv - ok
23:18:35.0350 6116        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:18:35.0377 6116        HidUsb - ok
23:18:35.0406 6116        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:18:35.0439 6116        hkmsvc - ok
23:18:35.0496 6116        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:18:35.0510 6116        HpCISSs - ok
23:18:35.0623 6116        HSF_DPV        (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:18:35.0657 6116        HSF_DPV - ok
23:18:35.0756 6116        HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:18:35.0773 6116        HSXHWAZL - ok
23:18:35.0867 6116        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:18:35.0891 6116        HTTP - ok
23:18:35.0941 6116        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:18:35.0954 6116        i2omp - ok
23:18:36.0052 6116        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:36.0077 6116        i8042prt - ok
23:18:36.0160 6116        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:18:36.0177 6116        iaStorV - ok
23:18:36.0287 6116        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:18:36.0295 6116        IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:18:36.0295 6116        IDriverT - detected UnsignedFile.Multi.Generic (1)
23:18:36.0393 6116        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:18:36.0427 6116        idsvc - ok
23:18:36.0525 6116        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:18:36.0539 6116        iirsp - ok
23:18:36.0620 6116        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:18:36.0653 6116        IKEEXT - ok
23:18:36.0679 6116        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:18:36.0692 6116        intelide - ok
23:18:36.0773 6116        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:18:36.0805 6116        intelppm - ok
23:18:36.0874 6116        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:18:36.0908 6116        IPBusEnum - ok
23:18:36.0954 6116        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:36.0986 6116        IpFilterDriver - ok
23:18:37.0061 6116        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:18:37.0081 6116        iphlpsvc - ok
23:18:37.0174 6116        IpInIp - ok
23:18:37.0298 6116        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:18:37.0330 6116        IPMIDRV - ok
23:18:37.0628 6116        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:18:37.0660 6116        IPNAT - ok
23:18:37.0829 6116        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:18:37.0861 6116        IRENUM - ok
23:18:38.0037 6116        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:18:38.0050 6116        isapnp - ok
23:18:38.0350 6116        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:18:38.0367 6116        iScsiPrt - ok
23:18:38.0426 6116        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:18:38.0439 6116        iteatapi - ok
23:18:38.0526 6116        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:18:38.0538 6116        iteraid - ok
23:18:38.0621 6116        jswpsapi - ok
23:18:38.0835 6116        jswpslwf        (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:18:38.0853 6116        jswpslwf - ok
23:18:38.0993 6116        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:39.0006 6116        kbdclass - ok
23:18:39.0064 6116        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:18:39.0095 6116        kbdhid - ok
23:18:39.0251 6116        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:39.0274 6116        KeyIso - ok
23:18:39.0413 6116        KL1            (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
23:18:39.0429 6116        KL1 - ok
23:18:39.0692 6116        kl2            (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
23:18:39.0705 6116        kl2 - ok
23:18:40.0088 6116        KLIF            (2b7064ff5681b8dde96b98709bb78884) C:\Windows\system32\DRIVERS\klif.sys
23:18:40.0127 6116        KLIF - ok
23:18:40.0347 6116        KLIM6          (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
23:18:40.0361 6116        KLIM6 - ok
23:18:40.0653 6116        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
23:18:40.0667 6116        klmouflt - ok
23:18:41.0052 6116        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:18:41.0085 6116        KSecDD - ok
23:18:41.0250 6116        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:18:41.0317 6116        KtmRm - ok
23:18:41.0447 6116        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
23:18:41.0467 6116        LanmanServer - ok
23:18:41.0660 6116        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:18:41.0682 6116        LanmanWorkstation - ok
23:18:41.0878 6116        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:18:41.0910 6116        lltdio - ok
23:18:41.0993 6116        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:18:42.0028 6116        lltdsvc - ok
23:18:42.0114 6116        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:18:42.0177 6116        lmhosts - ok
23:18:42.0242 6116        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:18:42.0258 6116        LSI_FC - ok
23:18:42.0284 6116        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:18:42.0301 6116        LSI_SAS - ok
23:18:42.0356 6116        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:18:42.0370 6116        LSI_SCSI - ok
23:18:42.0428 6116        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:18:42.0460 6116        luafv - ok
23:18:42.0620 6116        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:18:42.0634 6116        MBAMProtector - ok
23:18:42.0691 6116        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:18:42.0720 6116        MBAMService - ok
23:18:42.0774 6116        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:18:42.0793 6116        Mcx2Svc - ok
23:18:42.0907 6116        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:18:42.0921 6116        mdmxsdk - ok
23:18:42.0965 6116        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:18:42.0979 6116        megasas - ok
23:18:43.0025 6116        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:18:43.0047 6116        MegaSR - ok
23:18:43.0150 6116        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:18:43.0183 6116        MMCSS - ok
23:18:43.0245 6116        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:18:43.0280 6116        Modem - ok
23:18:43.0313 6116        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:18:43.0345 6116        monitor - ok
23:18:43.0431 6116        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:18:43.0445 6116        mouclass - ok
23:18:43.0462 6116        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:18:43.0494 6116        mouhid - ok
23:18:43.0562 6116        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:18:43.0576 6116        MountMgr - ok
23:18:43.0636 6116        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:18:43.0653 6116        mpio - ok
23:18:43.0713 6116        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:18:43.0739 6116        mpsdrv - ok
23:18:43.0792 6116        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:18:43.0825 6116        MpsSvc - ok
23:18:43.0919 6116        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:18:43.0933 6116        Mraid35x - ok
23:18:44.0020 6116        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:18:44.0040 6116        MRxDAV - ok
23:18:44.0084 6116        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:44.0103 6116        mrxsmb - ok
23:18:44.0174 6116        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:44.0193 6116        mrxsmb10 - ok
23:18:44.0257 6116        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:44.0277 6116        mrxsmb20 - ok
23:18:44.0318 6116        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:18:44.0332 6116        msahci - ok
23:18:44.0357 6116        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:18:44.0371 6116        msdsm - ok
23:18:44.0428 6116        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:18:44.0463 6116        MSDTC - ok
23:18:44.0559 6116        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:18:44.0590 6116        Msfs - ok
23:18:44.0637 6116        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:18:44.0650 6116        msisadrv - ok
23:18:44.0708 6116        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:18:44.0741 6116        MSiSCSI - ok
23:18:44.0752 6116        msiserver - ok
23:18:44.0857 6116        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:18:44.0890 6116        MSKSSRV - ok
23:18:44.0949 6116        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:18:44.0980 6116        MSPCLOCK - ok
23:18:45.0039 6116        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:18:45.0070 6116        MSPQM - ok
23:18:45.0169 6116        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:18:45.0185 6116        MsRPC - ok
23:18:45.0231 6116        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:18:45.0244 6116        mssmbios - ok
23:18:45.0295 6116        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:18:45.0327 6116        MSTEE - ok
23:18:45.0409 6116        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:18:45.0424 6116        Mup - ok
23:18:45.0481 6116        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:18:45.0515 6116        napagent - ok
23:18:45.0580 6116        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:18:45.0600 6116        NativeWifiP - ok
23:18:45.0690 6116        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:18:45.0738 6116        NDIS - ok
23:18:45.0814 6116        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:18:45.0839 6116        NdisTapi - ok
23:18:45.0899 6116        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:18:45.0932 6116        Ndisuio - ok
23:18:45.0976 6116        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:18:46.0002 6116        NdisWan - ok
23:18:46.0020 6116        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:18:46.0045 6116        NDProxy - ok
23:18:46.0110 6116        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:18:46.0142 6116        NetBIOS - ok
23:18:46.0227 6116        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:18:46.0254 6116        netbt - ok
23:18:46.0296 6116        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:46.0315 6116        Netlogon - ok
23:18:46.0375 6116        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:18:46.0413 6116        Netman - ok
23:18:46.0453 6116        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:18:46.0489 6116        netprofm - ok
23:18:46.0566 6116        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:18:46.0580 6116        NetTcpPortSharing - ok
23:18:46.0642 6116        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:18:46.0655 6116        nfrd960 - ok
23:18:46.0709 6116        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:18:46.0744 6116        NlaSvc - ok
23:18:46.0779 6116        nmwcd - ok
23:18:46.0797 6116        nmwcdc - ok
23:18:46.0863 6116        nmwcdnsu - ok
23:18:46.0898 6116        nmwcdnsuc - ok
23:18:46.0972 6116        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:18:46.0997 6116        Npfs - ok
23:18:47.0034 6116        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:18:47.0067 6116        nsi - ok
23:18:47.0113 6116        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:18:47.0145 6116        nsiproxy - ok
23:18:47.0220 6116        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:18:47.0275 6116        Ntfs - ok
23:18:47.0368 6116        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:18:47.0421 6116        ntrigdigi - ok
23:18:47.0455 6116        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:18:47.0485 6116        Null - ok
23:18:47.0512 6116        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:18:47.0527 6116        nvraid - ok
23:18:47.0555 6116        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:18:47.0568 6116        nvstor - ok
23:18:47.0594 6116        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:18:47.0609 6116        nv_agp - ok
23:18:47.0686 6116        NwlnkFlt - ok
23:18:47.0702 6116        NwlnkFwd - ok
23:18:47.0799 6116        o2flash        (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
23:18:47.0806 6116        o2flash ( UnsignedFile.Multi.Generic ) - warning
23:18:47.0806 6116        o2flash - detected UnsignedFile.Multi.Generic (1)
23:18:47.0857 6116        O2MDRDR        (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
23:18:47.0870 6116        O2MDRDR - ok
23:18:47.0932 6116        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:18:47.0958 6116        ohci1394 - ok
23:18:47.0999 6116        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:48.0030 6116        p2pimsvc - ok
23:18:48.0047 6116        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:48.0079 6116        p2psvc - ok
23:18:48.0146 6116        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:18:48.0202 6116        Parport - ok
23:18:48.0285 6116        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:18:48.0299 6116        partmgr - ok
23:18:48.0326 6116        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:18:48.0378 6116        Parvdm - ok
23:18:48.0409 6116        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:18:48.0432 6116        PcaSvc - ok
23:18:48.0586 6116        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:18:48.0601 6116        pci - ok
23:18:48.0678 6116        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:18:48.0692 6116        pciide - ok
23:18:48.0728 6116        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:18:48.0745 6116        pcmcia - ok
23:18:48.0830 6116        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:18:48.0901 6116        PEAUTH - ok
23:18:49.0029 6116        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:18:49.0086 6116        pla - ok
23:18:49.0183 6116        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:18:49.0213 6116        PlugPlay - ok
23:18:49.0299 6116        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:49.0347 6116        PNRPAutoReg - ok
23:18:49.0366 6116        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:18:49.0414 6116        PNRPsvc - ok
23:18:49.0511 6116        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:18:49.0543 6116        PolicyAgent - ok
23:18:49.0652 6116        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:18:49.0685 6116        PptpMiniport - ok
23:18:49.0704 6116        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:18:49.0736 6116        Processor - ok
23:18:49.0802 6116        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:18:49.0830 6116        ProfSvc - ok
23:18:49.0874 6116        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:49.0892 6116        ProtectedStorage - ok
23:18:49.0976 6116        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:18:50.0001 6116        PSched - ok
23:18:50.0055 6116        QIOMem          (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
23:18:50.0070 6116        QIOMem - ok
23:18:50.0153 6116        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:18:50.0197 6116        ql2300 - ok
23:18:50.0303 6116        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:18:50.0320 6116        ql40xx - ok
23:18:50.0405 6116        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:18:50.0429 6116        QWAVE - ok
23:18:50.0456 6116        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:18:50.0474 6116        QWAVEdrv - ok
23:18:50.0553 6116        RapiMgr        (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
23:18:50.0586 6116        RapiMgr - ok
23:18:50.0639 6116        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:18:50.0671 6116        RasAcd - ok
23:18:50.0736 6116        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:18:50.0771 6116        RasAuto - ok
23:18:50.0809 6116        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:18:50.0842 6116        Rasl2tp - ok
23:18:50.0884 6116        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:18:50.0914 6116        RasMan - ok
23:18:50.0989 6116        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:18:51.0013 6116        RasPppoe - ok
23:18:51.0076 6116        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:18:51.0094 6116        RasSstp - ok
23:18:51.0129 6116        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:18:51.0156 6116        rdbss - ok
23:18:51.0197 6116        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:18:51.0227 6116        RDPCDD - ok
23:18:51.0291 6116        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:18:51.0326 6116        rdpdr - ok
23:18:51.0357 6116        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:18:51.0390 6116        RDPENCDD - ok
23:18:51.0448 6116        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:18:51.0467 6116        RDPWD - ok
23:18:51.0523 6116        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:18:51.0557 6116        RemoteAccess - ok
23:18:51.0627 6116        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:18:51.0656 6116        RemoteRegistry - ok
23:18:51.0719 6116        RimUsb - ok
23:18:51.0814 6116        RimVSerPort    (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
23:18:51.0830 6116        RimVSerPort - ok
23:18:51.0907 6116        ROOTMODEM      (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
23:18:51.0940 6116        ROOTMODEM - ok
23:18:51.0999 6116        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:18:52.0017 6116        RpcLocator - ok
23:18:52.0080 6116        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:18:52.0116 6116        RpcSs - ok
23:18:52.0174 6116        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:18:52.0207 6116        rspndr - ok
23:18:52.0319 6116        RTL8187B        (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
23:18:52.0337 6116        RTL8187B - ok
23:18:52.0419 6116        RtlProt        (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
23:18:52.0433 6116        RtlProt - ok
23:18:52.0474 6116        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:18:52.0492 6116        SamSs - ok
23:18:52.0558 6116        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:18:52.0572 6116        sbp2port - ok
23:18:52.0654 6116        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:18:52.0681 6116        SCardSvr - ok
23:18:52.0731 6116        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:18:52.0763 6116        Schedule - ok
23:18:52.0873 6116        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:18:52.0898 6116        SCPolicySvc - ok
23:18:52.0960 6116        sdbus          (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
23:18:52.0986 6116        sdbus - ok
23:18:53.0028 6116        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:18:53.0049 6116        SDRSVC - ok
23:18:53.0124 6116        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:18:53.0177 6116        secdrv - ok
23:18:53.0214 6116        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:18:53.0248 6116        seclogon - ok
23:18:53.0267 6116        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:18:53.0302 6116        SENS - ok
23:18:53.0329 6116        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:18:53.0383 6116        Serenum - ok
23:18:53.0466 6116        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:18:53.0520 6116        Serial - ok
23:18:53.0553 6116        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:18:53.0584 6116        sermouse - ok
23:18:53.0696 6116        ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:18:53.0717 6116        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
23:18:53.0717 6116        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
23:18:53.0855 6116        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:18:53.0888 6116        SessionEnv - ok
23:18:53.0927 6116        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:18:53.0952 6116        sffdisk - ok
23:18:53.0979 6116        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:18:54.0010 6116        sffp_mmc - ok
23:18:54.0024 6116        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:18:54.0056 6116        sffp_sd - ok
23:18:54.0092 6116        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:18:54.0144 6116        sfloppy - ok
23:18:54.0232 6116        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:18:54.0270 6116        SharedAccess - ok
23:18:54.0317 6116        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:18:54.0339 6116        ShellHWDetection - ok
23:18:54.0391 6116        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:18:54.0405 6116        sisagp - ok
23:18:54.0466 6116        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:18:54.0480 6116        SiSRaid2 - ok
23:18:54.0504 6116        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:18:54.0519 6116        SiSRaid4 - ok
23:18:54.0645 6116        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:18:54.0746 6116        slsvc - ok
23:18:54.0871 6116        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:18:54.0899 6116        SLUINotify - ok
23:18:54.0950 6116        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:18:54.0976 6116        Smb - ok
23:18:55.0013 6116        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:18:55.0031 6116        SNMPTRAP - ok
23:18:55.0077 6116        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:18:55.0089 6116        spldr - ok
23:18:55.0173 6116        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:18:55.0194 6116        Spooler - ok
23:18:55.0263 6116        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:18:55.0286 6116        srv - ok
23:18:55.0332 6116        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:18:55.0350 6116        srv2 - ok
23:18:55.0412 6116        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:18:55.0429 6116        srvnet - ok
23:18:55.0459 6116        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:18:55.0494 6116        SSDPSRV - ok
23:18:55.0555 6116        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:18:55.0576 6116        SstpSvc - ok
23:18:55.0687 6116        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:18:55.0731 6116        stisvc - ok
23:18:55.0790 6116        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:18:55.0804 6116        swenum - ok
23:18:55.0877 6116        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:18:55.0908 6116        swprv - ok
23:18:55.0973 6116        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:18:55.0987 6116        Symc8xx - ok
23:18:56.0010 6116        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:18:56.0024 6116        Sym_hi - ok
23:18:56.0066 6116        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:18:56.0079 6116        Sym_u3 - ok
23:18:56.0155 6116        SynTP          (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
23:18:56.0172 6116        SynTP - ok
23:18:56.0252 6116        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:18:56.0292 6116        SysMain - ok
23:18:56.0341 6116        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:18:56.0364 6116        TabletInputService - ok
23:18:56.0412 6116        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:18:56.0442 6116        TapiSrv - ok
23:18:56.0505 6116        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:18:56.0540 6116        TBS - ok
23:18:56.0624 6116        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:18:56.0661 6116        Tcpip - ok
23:18:56.0774 6116        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:18:56.0813 6116        Tcpip6 - ok
23:18:56.0875 6116        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:18:56.0894 6116        tcpipreg - ok
23:18:56.0965 6116        tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:18:56.0980 6116        tdcmdpst - ok
23:18:57.0026 6116        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:18:57.0057 6116        TDPIPE - ok
23:18:57.0137 6116        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:18:57.0167 6116        TDTCP - ok
23:18:57.0213 6116        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:18:57.0239 6116        tdx - ok
23:18:57.0299 6116        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:18:57.0315 6116        TermDD - ok
23:18:57.0363 6116        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:18:57.0398 6116        TermService - ok
23:18:57.0506 6116        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:18:57.0528 6116        Themes - ok
23:18:57.0572 6116        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:18:57.0605 6116        THREADORDER - ok
23:18:57.0695 6116        TNaviSrv        (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
23:18:57.0712 6116        TNaviSrv - ok
23:18:57.0796 6116        TODDSrv        (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
23:18:57.0815 6116        TODDSrv - ok
23:18:57.0869 6116        TosCoSrv        (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
23:18:57.0891 6116        TosCoSrv - ok
23:18:57.0962 6116        TOSHIBA Bluetooth Service - ok
23:18:57.0981 6116        TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
23:18:57.0989 6116        TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
23:18:57.0989 6116        TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
23:18:58.0064 6116        Tosrfcom - ok
23:18:58.0099 6116        tosrfec        (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
23:18:58.0115 6116        tosrfec - ok
23:18:58.0157 6116        tos_sps32      (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
23:18:58.0175 6116        tos_sps32 - ok
23:18:58.0208 6116        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:18:58.0242 6116        TrkWks - ok
23:18:58.0321 6116        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:18:58.0345 6116        TrustedInstaller - ok
23:18:58.0436 6116        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:58.0469 6116        tssecsrv - ok
23:18:58.0542 6116        TuneUp.Defrag  (0d630405311e1ae574bc2ec6681e485e) C:\Windows\System32\TuneUpDefragService.exe
23:18:58.0565 6116        TuneUp.Defrag - ok
23:18:58.0774 6116        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:18:58.0792 6116        tunmp - ok
23:18:58.0882 6116        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:18:58.0898 6116        tunnel - ok
23:18:58.0935 6116        TVALZ          (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:18:58.0949 6116        TVALZ - ok
23:18:58.0969 6116        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:18:58.0984 6116        uagp35 - ok
23:18:59.0104 6116        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:18:59.0131 6116        udfs - ok
23:18:59.0173 6116        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:18:59.0207 6116        UI0Detect - ok
23:18:59.0311 6116        UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:18:59.0317 6116        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
23:18:59.0317 6116        UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
23:18:59.0422 6116        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:18:59.0437 6116        uliagpkx - ok
23:18:59.0467 6116        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:18:59.0485 6116        uliahci - ok
23:18:59.0513 6116        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:18:59.0528 6116        UlSata - ok
23:18:59.0551 6116        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:18:59.0565 6116        ulsata2 - ok
23:18:59.0670 6116        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:18:59.0703 6116        umbus - ok
23:18:59.0751 6116        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:18:59.0788 6116        upnphost - ok
23:18:59.0819 6116        upperdev - ok
23:18:59.0868 6116        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:59.0892 6116        usbccgp - ok
23:18:59.0991 6116        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:19:00.0044 6116        usbcir - ok
23:19:00.0106 6116        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:00.0132 6116        usbehci - ok
23:19:00.0162 6116        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:00.0189 6116        usbhub - ok
23:19:00.0288 6116        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:00.0314 6116        usbohci - ok
23:19:00.0341 6116        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:00.0373 6116        usbprint - ok
23:19:00.0393 6116        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:19:00.0418 6116        usbscan - ok
23:19:00.0484 6116        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
23:19:00.0507 6116        usbser - ok
23:19:00.0586 6116        UsbserFilt - ok
23:19:00.0628 6116        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:00.0653 6116        USBSTOR - ok
23:19:00.0691 6116        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:19:00.0716 6116        usbuhci - ok
23:19:00.0777 6116        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:19:00.0811 6116        usbvideo - ok
23:19:00.0912 6116        usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
23:19:00.0936 6116        usb_rndisx - ok
23:19:00.0974 6116        UVCFTR          (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:19:00.0990 6116        UVCFTR - ok
23:19:01.0029 6116        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:19:01.0056 6116        UxSms - ok
23:19:01.0177 6116        UxTuneUp        (b759612a175a8318fb98d4823f56204d) C:\Windows\System32\uxtuneup.dll
23:19:01.0192 6116        UxTuneUp - ok
23:19:01.0243 6116        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:19:01.0280 6116        vds - ok
23:19:01.0366 6116        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:01.0396 6116        vga - ok
23:19:01.0483 6116        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:19:01.0514 6116        VgaSave - ok
23:19:01.0533 6116        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:19:01.0548 6116        viaagp - ok
23:19:01.0574 6116        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:19:01.0606 6116        ViaC7 - ok
23:19:01.0651 6116        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:19:01.0664 6116        viaide - ok
23:19:01.0750 6116        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:19:01.0763 6116        volmgr - ok
23:19:01.0819 6116        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:19:01.0838 6116        volmgrx - ok
23:19:01.0875 6116        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:19:01.0894 6116        volsnap - ok
23:19:02.0021 6116        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:19:02.0038 6116        vsmraid - ok
23:19:02.0104 6116        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:19:02.0164 6116        VSS - ok
23:19:02.0273 6116        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:19:02.0303 6116        W32Time - ok
23:19:02.0363 6116        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:19:02.0416 6116        WacomPen - ok
23:19:02.0442 6116        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0468 6116        Wanarp - ok
23:19:02.0476 6116        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0504 6116        Wanarpv6 - ok
23:19:02.0561 6116        WcesComm        (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
23:19:02.0599 6116        WcesComm - ok
23:19:02.0739 6116        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:19:02.0788 6116        wcncsvc - ok
23:19:02.0834 6116        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:19:02.0861 6116        WcsPlugInService - ok
23:19:02.0909 6116        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:19:02.0922 6116        Wd - ok
23:19:03.0029 6116        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:19:03.0077 6116        Wdf01000 - ok
23:19:03.0122 6116        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:19:03.0156 6116        WdiServiceHost - ok
23:19:03.0162 6116        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:19:03.0198 6116        WdiSystemHost - ok
23:19:03.0248 6116        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:19:03.0274 6116        WebClient - ok
23:19:03.0373 6116        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:19:03.0393 6116        Wecsvc - ok
23:19:03.0415 6116        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:19:03.0443 6116        wercplsupport - ok
23:19:03.0489 6116        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:19:03.0517 6116        WerSvc - ok
23:19:03.0590 6116        winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:19:03.0619 6116        winachsf - ok
23:19:03.0719 6116        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:19:03.0740 6116        WinDefend - ok
23:19:03.0750 6116        WinHttpAutoProxySvc - ok
23:19:03.0903 6116        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:19:03.0929 6116        Winmgmt - ok
23:19:03.0991 6116        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:19:04.0036 6116        WinRM - ok
23:19:04.0180 6116        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:19:04.0232 6116        Wlansvc - ok
23:19:04.0288 6116        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:04.0313 6116        WmiAcpi - ok
23:19:04.0419 6116        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:19:04.0446 6116        wmiApSrv - ok
23:19:04.0551 6116        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:19:04.0585 6116        WMPNetworkSvc - ok
23:19:04.0711 6116        WN111v2        (bdd5c936c2c3ebf4ad3cc61cefdc5806) C:\Windows\system32\DRIVERS\WN111v2v.sys
23:19:04.0752 6116        WN111v2 - ok
23:19:04.0814 6116        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:19:04.0837 6116        WPCSvc - ok
23:19:04.0928 6116        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:19:04.0948 6116        WPDBusEnum - ok
23:19:05.0031 6116        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:19:05.0048 6116        WpdUsb - ok
23:19:05.0231 6116        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:19:05.0263 6116        WPFFontCache_v0400 - ok
23:19:05.0348 6116        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:05.0379 6116        ws2ifsl - ok
23:19:05.0423 6116        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
23:19:05.0445 6116        wscsvc - ok
23:19:05.0457 6116        WSearch - ok
23:19:05.0556 6116        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:19:05.0623 6116        wuauserv - ok
23:19:05.0713 6116        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:19:05.0731 6116        WudfPf - ok
23:19:05.0794 6116        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:05.0813 6116        WUDFRd - ok
23:19:05.0842 6116        wudfsvc        (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
23:19:05.0863 6116        wudfsvc - ok
23:19:05.0948 6116        XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
23:19:05.0962 6116        XAudio - ok
23:19:05.0993 6116        XAudioService  (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
23:19:06.0035 6116        XAudioService - ok
23:19:06.0102 6116        yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
23:19:06.0127 6116        yukonwlh - ok
23:19:06.0181 6116        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:19:06.0375 6116        \Device\Harddisk0\DR0 - ok
23:19:06.0383 6116        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
23:19:09.0925 6116        \Device\Harddisk1\DR2 - ok
23:19:09.0960 6116        Boot (0x1200)  (674ee906655b29b875ba5d472718e5c7) \Device\Harddisk0\DR0\Partition0
23:19:09.0961 6116        \Device\Harddisk0\DR0\Partition0 - ok
23:19:09.0982 6116        Boot (0x1200)  (7a1eaa129a108b19812683df712398ac) \Device\Harddisk0\DR0\Partition1
23:19:09.0984 6116        \Device\Harddisk0\DR0\Partition1 - ok
23:19:09.0990 6116        Boot (0x1200)  (cd60bdecaa4f053c323f47c26754027a) \Device\Harddisk1\DR2\Partition0
23:19:09.0993 6116        \Device\Harddisk1\DR2\Partition0 - ok
23:19:09.0994 6116        ============================================================
23:19:09.0994 6116        Scan finished
23:19:09.0994 6116        ============================================================
23:19:10.0014 6032        Detected object count: 10
23:19:10.0014 6032        Actual detected object count: 10
23:19:30.0322 6032        ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0322 6032        ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0322 6032        DNIMp50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0322 6032        DNIMp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0325 6032        DNISp50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0326 6032        DNISp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0330 6032        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0330 6032        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0335 6032        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0335 6032        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0338 6032        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0338 6032        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0342 6032        o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0342 6032        o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0346 6032        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0347 6032        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0351 6032        TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0351 6032        TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:30.0354 6032        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:30.0354 6032        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
greez Flo

cosinus 27.03.2012 11:20
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

iwoflo 27.03.2012 19:41
Hab den Combofix gemacht.

Hier der Log

Code:
ComboFix 12-03-27.03 - Iwona 27.03.2012  20:24:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2942.1913 [GMT 2:00]
ausgeführt von:: c:\users\Iwona\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\users\Iwona\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Iwona\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
E:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 18:33 . 2012-03-27 18:34        --------        d-----w-        c:\users\Iwona\AppData\Local\temp
2012-03-26 11:24 . 2012-03-26 11:24        --------        d-----w-        C:\_OTL
2012-03-23 13:16 . 2012-03-23 13:16        --------        d-----w-        c:\users\Iwona\AppData\Roaming\Malwarebytes
2012-03-23 13:15 . 2012-03-23 13:15        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-23 13:15 . 2012-03-23 13:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-23 13:15 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-22 16:02 . 2012-03-22 16:02        --------        d-----w-        c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-21 22:34 . 2012-03-21 22:34        --------        d-----w-        c:\users\Iwona\AppData\Local\PackageAware
2012-03-21 21:27 . 2012-03-21 21:27        --------        d-----w-        c:\program files\ESET
2012-03-18 22:15 . 2012-03-18 22:15        126976        --sha-r-        c:\windows\system32\stdole2A.dll
2012-03-16 19:40 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A64E3FB5-6B57-4D15-955B-D619ADF2BA7C}\mpengine.dll
2012-03-16 19:39 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-03-16 19:39 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll
2012-03-16 19:39 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-16 19:38 . 2012-02-14 15:45        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-03-16 19:38 . 2012-02-14 15:45        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-16 19:38 . 2012-02-13 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-03-16 19:38 . 2012-02-13 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll
2012-03-16 19:38 . 2012-02-13 13:44        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-16 19:38 . 2012-01-31 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-03-06 18:27 . 2012-03-19 16:38        --------        d-----w-        c:\users\Iwona\AppData\Local\ISL
2012-03-06 18:26 . 2012-03-06 18:26        --------        d-----w-        c:\program files\ISL
2012-03-03 15:22 . 2012-03-19 16:38        --------        d-----w-        c:\users\Iwona\AppData\Local\SCE
2012-03-03 15:22 . 2012-03-03 15:22        --------        d-----w-        c:\users\Public\Sony Online Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-12 09:10        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-12 07:45 . 2009-08-11 22:50        182264        ----a-w-        c:\windows\system32\BpShellEx.dll
2012-03-13 04:38 . 2012-03-21 22:04        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Comcenter Easy"="c:\program files\FAX.de\ComCenter\ComCenterEasy.exe" [2010-06-17 3174400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-14 352976]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"EPSON BX305 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE /FU "c:\windows\TEMP\E_S7001.tmp" /EF "HKCU"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"NDSTray.exe"=NDSTray.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"RIMBBLaunchAgent.exe"=c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab
FF - ProfilePath - c:\users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 20:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-27  20:37:25
ComboFix-quarantined-files.txt  2012-03-27 18:37
.
Vor Suchlauf: 14 Verzeichnis(se), 27.974.602.752 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 27.774.251.008 Bytes frei
.
- - End Of File - - D57EE4504B961F27159333EA8983E20F
Greetz Flo


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:09 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27