Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Trojaner mit shell = explorer.exe

Bundespolizei Trojaner mit shell = explorer.exe


Log-Analyse und Auswertung: Bundespolizei Trojaner mit shell = explorer.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 25.03.2012, 13:59   #1
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Hi ich schlage mich seit Kurzem auch mit diesem Trojaner rum, unter ausführen_ regedit steht bei shell bereits explorer.exe starte ich msconfig und schaue unter systemstart steht dort ein Pfad mit der Endung privacy.exe will ich jedoch diesen Pfad manuell aufsuchen gelingt das nicht... ich verwende im moment einen gast account reicht es die OTL-Logfiles vom Gast-Account zu machen...
hoffe auf diesem Weg das Problem lösen zu können

Anbei wäre die Extras.txt

Die OTL.txt sähe so aus:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/25/2012 2:35:09 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Gast\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 62.19% Memory free
7.82 Gb Paging File | 5.86 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 163.59 Gb Free Space | 70.25% Space Free | Partition Type: NTFS
Drive D: | 134.83 Gb Total Space | 123.48 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive G: | 232.83 Gb Total Space | 119.38 Gb Free Space | 51.28% Space Free | Partition Type: FAT32
Drive N: | 97.65 Gb Total Space | 97.31 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: NOEL-TOSH | User Name: Noel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/25 14:33:07 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Downloads\OTL.exe
PRC - [2012/03/23 12:58:34 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/30 17:08:16 | 000,018,432 | ---- | M] () -- C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe
PRC - [2011/08/17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011/07/11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/06/29 10:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 15:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 14:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/08/16 10:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/03/23 12:58:34 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/19 23:54:27 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/10/06 16:44:20 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/06 16:37:44 | 000,208,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/06 16:37:32 | 000,199,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/10/20 21:33:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/30 17:08:16 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe -- (FileZillaUpdater)
SRV - [2011/08/17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 14:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/01/28 12:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe -- (McAWFwk)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/11/15 00:34:06 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\70239933.sys -- (38537161)
DRV:64bit: - [2011/10/20 20:54:21 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/30 13:17:39 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/15 10:00:06 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/08/15 10:00:06 | 000,481,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/08/15 10:00:06 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/08/15 10:00:06 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/08/15 10:00:06 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/08/15 10:00:06 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/08/15 10:00:06 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/08/15 10:00:06 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/01 13:23:26 | 000,160,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/04/28 14:57:43 | 000,128,072 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/04/28 14:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 14:57:42 | 000,149,576 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/04/28 14:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/04 20:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 20:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ACBDDA41-175A-4C66-870B-01BDC26C8023}
IE:64bit: - HKLM\..\SearchScopes\{ACBDDA41-175A-4C66-870B-01BDC26C8023}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ACBDDA41-175A-4C66-870B-01BDC26C8023}
IE - HKLM\..\SearchScopes\{ACBDDA41-175A-4C66-870B-01BDC26C8023}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{BCECB9C4-4FE0-4F6A-B75A-50B4B15725BF}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{F23DD6A7-94F5-4501-B807-842076DB3226}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/10/20 19:02:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/24 20:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/23 12:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 21:14:32 | 000,000,000 | ---D | M]
 
[2011/10/19 19:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noel\AppData\Roaming\mozilla\Extensions
[2012/01/26 15:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions
[2012/01/05 17:25:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/11/15 01:45:29 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/10/22 02:04:03 | 000,000,000 | ---D | M] (FileZilla) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\client@filezilla.org
[2011/10/20 20:46:26 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\welcome@toolmin.com
[2011/11/15 01:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/15 01:45:29 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/03/20 10:06:36 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-1.xml
[2011/11/15 01:50:48 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-2.xml
[2011/12/30 11:39:51 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-3.xml
[2012/02/02 00:59:03 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-4.xml
[2011/11/04 09:54:12 | 000,001,056 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin.xml
[2011/11/09 16:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/23 12:58:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/20 20:49:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/09 16:26:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/09 16:26:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 16:26:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/09 16:26:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/20 20:46:26 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011/11/09 16:26:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111020183035.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (FileZilla) - {7AAB1838-349A-4AAE-A039-8023951AF399} - C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZilla.dll (Tim Kosse)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111020183035.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Noel\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ACEEB1E-3EC1-4182-B037-7EED67F47B7C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/25 14:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/03/15 22:57:06 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 22:57:05 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 22:57:05 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/15 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\Noel\Desktop\Auto CD
[2012/03/15 10:54:20 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 10:59:52 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 10:59:50 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 10:59:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 10:59:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 10:59:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/08 13:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/03/08 11:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noel\VirtualBox VMs
[2012/03/08 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\Noel\.VirtualBox
[2012/03/08 11:07:06 | 000,000,000 | R--D | C] -- C:\Users\Noel\Virtual Machines
[2012/03/08 10:50:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012/03/08 10:47:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2012/03/08 10:47:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2012/03/08 10:47:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2012/03/08 10:47:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2012/03/08 10:47:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2012/03/08 10:47:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2012/03/08 10:47:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2012/03/08 10:47:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2012/03/08 10:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcvmm.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcusb.sys.mui
[2012/03/08 10:47:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2012/03/08 10:47:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2012/03/08 10:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2012/03/08 10:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2012/03/08 10:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2012/03/08 10:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2012/03/08 10:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2012/03/08 10:47:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2012/03/08 10:47:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2012/03/08 10:47:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2012/03/08 10:47:18 | 002,262,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2012/03/08 10:47:18 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2012/03/08 10:47:18 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2012/03/08 10:47:18 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2012/03/08 10:47:18 | 000,359,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2012/03/08 10:47:18 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2012/03/08 10:47:18 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2012/03/08 10:47:18 | 000,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2012/03/08 10:47:17 | 004,513,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2012/03/08 10:47:17 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2012/03/08 10:47:17 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2012/03/02 13:35:29 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysWow64\avmadd32.dll
[2012/03/01 19:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2012/03/01 19:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!Box
[2012/02/29 12:29:50 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\Synsopos.exe
[2012/02/29 12:29:49 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2012/02/29 12:29:48 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\SYNSOACC.dll
[2012/02/29 12:29:48 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\SynsoLChk.dll
[2012/02/29 12:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
[2012/02/28 12:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012/02/28 12:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/25 14:36:46 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 14:36:46 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 14:33:45 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/25 14:33:45 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/25 14:33:45 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/25 14:33:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/25 14:33:44 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/25 14:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 14:29:02 | 3148,685,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 13:24:02 | 000,002,046 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/03/25 13:09:41 | 000,001,060 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.339226024417962.exe.lnk
[2012/03/25 13:02:06 | 000,000,636 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2011.job
[2012/03/21 22:23:20 | 000,393,316 | ---- | M] () -- C:\Users\Noel\Desktop\LUCA.ndw
[2012/03/21 13:59:22 | 000,028,569 | ---- | M] () -- C:\Users\Noel\Desktop\laptop_skin_bubbles_blue.jpg
[2012/03/21 12:39:52 | 000,102,670 | ---- | M] () -- C:\Users\Noel\Desktop\abschluss-42-3163411156517-31-10193103-84118-106-13-51.pdf
[2012/03/20 19:03:59 | 000,136,036 | ---- | M] () -- C:\Users\Noel\Desktop\TERMINE-Prfg_SS-2012_2012-03-20_Vers-01_BA-Arch.pdf
[2012/03/19 22:24:33 | 007,096,881 | ---- | M] () -- C:\Users\Noel\Desktop\Aura Dione Friends.mp3
[2012/03/19 21:30:30 | 000,772,271 | ---- | M] () -- C:\Users\Noel\Desktop\P1000131.jpg
[2012/03/16 12:54:25 | 011,376,784 | ---- | M] () -- C:\Users\Noel\Desktop\COMEX (Original Mix) - Markus Gardeweg.mp3
[2012/03/16 12:45:51 | 004,193,530 | ---- | M] () -- C:\Users\Noel\Desktop\Chris Brown - 2 Complicated.mp3
[2012/03/16 11:11:33 | 002,222,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/15 14:46:57 | 008,024,500 | ---- | M] () -- C:\Users\Noel\Desktop\Mark Ronson feat. Katy B - Anywhere in the World.mp3
[2012/03/15 14:33:19 | 004,881,700 | ---- | M] () -- C:\Users\Noel\Desktop\Tove Styrke - Call My Name.mp3
[2012/03/15 11:04:12 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011-1.job
[2012/03/12 11:15:00 | 000,353,870 | ---- | M] () -- C:\Users\Noel\Desktop\download.pdf
[2012/03/10 15:08:03 | 000,005,408 | ---- | M] () -- C:\Users\Noel\Desktop\Plan1.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/25 13:09:41 | 000,001,060 | ---- | C] () -- C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.339226024417962.exe.lnk
[2012/03/21 16:40:55 | 004,881,700 | ---- | C] () -- C:\Users\Noel\Desktop\Tove Styrke - Call My Name.mp3
[2012/03/21 13:59:21 | 000,028,569 | ---- | C] () -- C:\Users\Noel\Desktop\laptop_skin_bubbles_blue.jpg
[2012/03/21 12:39:52 | 000,102,670 | ---- | C] () -- C:\Users\Noel\Desktop\abschluss-42-3163411156517-31-10193103-84118-106-13-51.pdf
[2012/03/20 19:03:59 | 000,136,036 | ---- | C] () -- C:\Users\Noel\Desktop\TERMINE-Prfg_SS-2012_2012-03-20_Vers-01_BA-Arch.pdf
[2012/03/19 22:45:22 | 005,683,292 | ---- | C] () -- C:\Users\Noel\Desktop\01-kings_of_leon-closer.mp3
[2012/03/19 21:30:30 | 000,772,271 | ---- | C] () -- C:\Users\Noel\Desktop\P1000131.jpg
[2012/03/19 21:29:50 | 007,096,881 | ---- | C] () -- C:\Users\Noel\Desktop\Aura Dione Friends.mp3
[2012/03/16 12:53:52 | 011,376,784 | ---- | C] () -- C:\Users\Noel\Desktop\COMEX (Original Mix) - Markus Gardeweg.mp3
[2012/03/15 15:18:25 | 004,193,530 | ---- | C] () -- C:\Users\Noel\Desktop\Chris Brown - 2 Complicated.mp3
[2012/03/15 14:46:30 | 008,024,500 | ---- | C] () -- C:\Users\Noel\Desktop\Mark Ronson feat. Katy B - Anywhere in the World.mp3
[2012/03/12 11:15:00 | 000,353,870 | ---- | C] () -- C:\Users\Noel\Desktop\download.pdf
[2012/03/10 15:07:56 | 000,005,408 | ---- | C] () -- C:\Users\Noel\Desktop\Plan1.pdf
[2012/03/10 14:44:40 | 000,393,316 | ---- | C] () -- C:\Users\Noel\Desktop\LUCA.ndw
[2012/02/29 12:29:55 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2012/02/29 12:29:55 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2012/02/29 12:29:55 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2011/11/24 12:02:52 | 000,000,246 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/11/02 13:14:29 | 000,024,920 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2011/10/26 23:07:47 | 000,004,608 | ---- | C] () -- C:\Users\Noel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/19 20:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/08/30 13:40:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/08/30 13:26:24 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 20:07:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/04 20:06:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/04 20:06:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 12:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >
--- --- ---

Update: Die privacy.exe datei bezog sich auf ein älteres Problem was aber gelöst wurde...zudem lässt sich mein rechner auch wieder im richtigen Account normal benutzen..also das Bundespolizei-Fenster wird nicht geöffnet, jedoch möchte ich sicher gehen das der Trojaner sicher entfernt wird und würde mich über eine Analyse der Logfiles freuen

Alt 26.03.2012, 19:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 27.03.2012, 14:34   #3
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Code:
ATTFilter
 
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Noel :: NOEL-TOSH [Administrator]

Schutz: Aktiviert

27.03.2012 10:22:53
mbam-log-2012-03-27 (10-22-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214626
Laufzeit: 2 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Noel\AppData\Roaming\Qeqo\pounqa.exe (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.339226024417962.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Noel\Downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb31ba84f392b944bd279890016ffa73
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-27 01:11:24
# local_time=2012-03-27 03:11:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1538 16774142 20 3 140707 161387094 0 0
# compatibility_mode=5893 16776573 100 94 0 84471054 0 0
# compatibility_mode=8192 67108863 100 0 276 276 0 0
# scanned=225575
# found=21
# cleaned=0
# scan_time=12679
C:\Users\Noel\AppData\Local\Temp\Main.class	a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5035c311-10d819ef	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5035c311-2327c0a7	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5035c311-2893e3f0	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5035c311-488c4346	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5035c311-7f14ad34	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7af1ff93-36a05501	a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\8118455-667b77c2	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\29223c1e-53c17b4b	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53572621-604067cd	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\478781e4-122a0c06	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\478781e4-3019bfd1	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\478781e4-35b4e382	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\478781e4-38a1669d	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\478781e4-38beff8d	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\478781e4-5a925f4b	a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3d52c96a-6665de0d	Java/Exploit.CVE-2011-3544.BG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\Roaming\Ogep\hysiyl.exe	Win32/Spy.Zbot.YW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\AppData\Roaming\toolplugin\toolbar.dll	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\Downloads\installer_kaspersky_tdsskiller.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Noel\Downloads\OOo_3.3.0_Win_x86_install-wJRE_de.exe	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Noel :: NOEL-TOSH [Administrator]

Schutz: Aktiviert

27.03.2012 10:30:46
mbam-log-2012-03-27 (10-30-46).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 453169
Laufzeit: 1 Stunde(n), 1 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________
Alt 27.03.2012, 15:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2012, 16:03   #5
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/27/2012 4:50:01 PM - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Noel\Desktop\Sonstiges\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.17% Memory free
7.82 Gb Paging File | 5.96 Gb Available in Paging File | 76.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 163.00 Gb Free Space | 69.99% Space Free | Partition Type: NTFS
Drive D: | 134.83 Gb Total Space | 123.48 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive G: | 232.83 Gb Total Space | 119.38 Gb Free Space | 51.28% Space Free | Partition Type: FAT32
Drive N: | 97.65 Gb Total Space | 97.31 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
 
Computer Name: NOEL-TOSH | User Name: Noel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/25 14:33:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Noel\Desktop\Sonstiges\OTL\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/30 17:08:16 | 000,018,432 | ---- | M] () -- C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe
PRC - [2011/08/17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/29 10:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 15:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 14:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/16 10:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/20 20:50:49 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/20 21:33:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/30 17:08:16 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe -- (FileZillaUpdater)
SRV - [2011/08/17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 14:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/01/14 11:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/05 14:10:11 | 000,161,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/30 19:37:29 | 000,128,264 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/11/23 10:59:45 | 000,149,768 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/11/15 00:34:06 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\70239933.sys -- (38537161)
DRV:64bit: - [2011/10/20 20:54:21 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/30 13:17:39 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/04/28 14:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 14:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/04 20:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 20:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/07/20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/09/23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ACBDDA41-175A-4C66-870B-01BDC26C8023}
IE:64bit: - HKLM\..\SearchScopes\{ACBDDA41-175A-4C66-870B-01BDC26C8023}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ACBDDA41-175A-4C66-870B-01BDC26C8023}
IE - HKLM\..\SearchScopes\{ACBDDA41-175A-4C66-870B-01BDC26C8023}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes,DefaultScope = {CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{BCECB9C4-4FE0-4F6A-B75A-50B4B15725BF}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{F23DD6A7-94F5-4501-B807-842076DB3226}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/25 15:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 21:14:32 | 000,000,000 | ---D | M]
 
[2011/10/19 19:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noel\AppData\Roaming\mozilla\Extensions
[2012/01/26 15:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions
[2012/03/25 15:36:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/25 15:36:32 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/03/25 15:36:34 | 000,000,000 | ---D | M] (FileZilla) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\client@filezilla.org
[2012/03/25 15:36:33 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\welcome@toolmin.com
[2011/11/15 01:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/15 01:45:29 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/03/27 10:18:48 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-1.xml
[2011/11/15 01:50:48 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-2.xml
[2011/12/30 11:39:51 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-3.xml
[2012/02/02 00:59:03 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-4.xml
[2011/11/04 09:54:12 | 000,001,056 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin.xml
[2011/11/09 16:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/23 12:58:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/20 20:49:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/09 16:26:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/09 16:26:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 16:26:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/09 16:26:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/20 20:46:26 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011/11/09 16:26:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (FileZilla) - {7AAB1838-349A-4AAE-A039-8023951AF399} - C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZilla.dll (Tim Kosse)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Noel\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ACEEB1E-3EC1-4182-B037-7EED67F47B7C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Privacy Protection - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: {36A95F95-765D-DDB9-5672-6259E1F1E741} - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{10704284-6773-4685-AF3B-A250CC8DF260} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {135C6A23-6A89-D9CD-A9BA-D2F96FDBE200} - Microsoft Windows Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/27 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/27 10:21:05 | 000,000,000 | ---D | C] -- C:\Users\Noel\AppData\Roaming\Malwarebytes
[2012/03/27 10:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/27 10:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/27 10:20:56 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/27 10:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/15 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\Noel\Desktop\Auto CD
[2012/03/08 13:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/03/08 11:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noel\VirtualBox VMs
[2012/03/08 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\Noel\.VirtualBox
[2012/03/08 11:07:06 | 000,000,000 | R--D | C] -- C:\Users\Noel\Virtual Machines
[2012/03/08 10:50:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2012/03/08 10:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012/03/02 13:35:29 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysWow64\avmadd32.dll
[2012/03/01 19:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2012/03/01 19:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!Box
[2012/02/29 12:29:50 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\Synsopos.exe
[2012/02/29 12:29:48 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\SYNSOACC.dll
[2012/02/29 12:29:48 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\SynsoLChk.dll
[2012/02/29 12:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
[2012/02/28 12:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012/02/28 12:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/27 16:43:49 | 001,937,425 | ---- | M] () -- C:\Users\Noel\Desktop\JONA shirt.jpg
[2012/03/27 16:40:53 | 002,117,945 | ---- | M] () -- C:\Users\Noel\Desktop\LUCA shirt.psd
[2012/03/27 16:32:45 | 000,000,636 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2011.job
[2012/03/27 16:03:31 | 000,130,194 | ---- | M] () -- C:\Users\Noel\Desktop\LUCA shirt.jpg
[2012/03/27 15:58:21 | 000,049,864 | ---- | M] () -- C:\Users\Noel\Desktop\CODE-1911_000.jpg
[2012/03/27 15:57:15 | 000,052,869 | ---- | M] () -- C:\Users\Noel\Desktop\t-shirt-eng.gif
[2012/03/27 15:52:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/27 15:52:33 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/27 15:52:33 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/27 15:52:33 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/27 15:52:33 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/27 11:33:05 | 000,001,546 | ---- | M] () -- C:\Users\Noel\Desktop\mbam-log-2012-03-27 (10-30-46) alle Datenträger.lnk
[2012/03/27 10:39:15 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 10:39:15 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 10:29:58 | 000,002,046 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/03/27 10:29:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/27 10:28:33 | 3148,685,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/27 10:20:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/25 20:33:03 | 001,308,431 | ---- | M] () -- C:\Users\Noel\Desktop\Untitled-1.psd
[2012/03/25 19:52:57 | 000,505,623 | ---- | M] () -- C:\Users\Noel\Desktop\Untitled-1.jpg
[2012/03/25 17:54:28 | 000,005,209 | ---- | M] () -- C:\Users\Noel\Desktop\Plan1.pdf
[2012/03/25 17:53:41 | 000,393,316 | ---- | M] () -- C:\Users\Noel\Desktop\LUCA.ndw
[2012/03/25 17:13:32 | 001,053,167 | ---- | M] () -- C:\Users\Noel\Desktop\Plan12.jpg
[2012/03/21 13:59:22 | 000,028,569 | ---- | M] () -- C:\Users\Noel\Desktop\laptop_skin_bubbles_blue.jpg
[2012/03/21 12:39:52 | 000,102,670 | ---- | M] () -- C:\Users\Noel\Desktop\abschluss-42-3163411156517-31-10193103-84118-106-13-51.pdf
[2012/03/20 19:03:59 | 000,136,036 | ---- | M] () -- C:\Users\Noel\Desktop\TERMINE-Prfg_SS-2012_2012-03-20_Vers-01_BA-Arch.pdf
[2012/03/19 21:30:30 | 000,772,271 | ---- | M] () -- C:\Users\Noel\Desktop\P1000131.jpg
[2012/03/16 11:11:33 | 002,222,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/15 11:04:12 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\Allplan AutoUpdate 2011-1.job
[2012/03/12 11:15:00 | 000,353,870 | ---- | M] () -- C:\Users\Noel\Desktop\download.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/27 16:40:52 | 002,117,945 | ---- | C] () -- C:\Users\Noel\Desktop\LUCA shirt.psd
[2012/03/27 16:04:58 | 001,937,425 | ---- | C] () -- C:\Users\Noel\Desktop\JONA shirt.jpg
[2012/03/27 16:03:30 | 000,130,194 | ---- | C] () -- C:\Users\Noel\Desktop\LUCA shirt.jpg
[2012/03/27 15:58:20 | 000,049,864 | ---- | C] () -- C:\Users\Noel\Desktop\CODE-1911_000.jpg
[2012/03/27 15:57:14 | 000,052,869 | ---- | C] () -- C:\Users\Noel\Desktop\t-shirt-eng.gif
[2012/03/27 11:33:05 | 000,001,546 | ---- | C] () -- C:\Users\Noel\Desktop\mbam-log-2012-03-27 (10-30-46) alle Datenträger.lnk
[2012/03/27 10:20:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/25 20:33:01 | 001,308,431 | ---- | C] () -- C:\Users\Noel\Desktop\Untitled-1.psd
[2012/03/25 17:29:51 | 000,505,623 | ---- | C] () -- C:\Users\Noel\Desktop\Untitled-1.jpg
[2012/03/25 17:13:26 | 001,053,167 | ---- | C] () -- C:\Users\Noel\Desktop\Plan12.jpg
[2012/03/21 13:59:21 | 000,028,569 | ---- | C] () -- C:\Users\Noel\Desktop\laptop_skin_bubbles_blue.jpg
[2012/03/21 12:39:52 | 000,102,670 | ---- | C] () -- C:\Users\Noel\Desktop\abschluss-42-3163411156517-31-10193103-84118-106-13-51.pdf
[2012/03/20 19:03:59 | 000,136,036 | ---- | C] () -- C:\Users\Noel\Desktop\TERMINE-Prfg_SS-2012_2012-03-20_Vers-01_BA-Arch.pdf
[2012/03/19 21:30:30 | 000,772,271 | ---- | C] () -- C:\Users\Noel\Desktop\P1000131.jpg
[2012/03/12 11:15:00 | 000,353,870 | ---- | C] () -- C:\Users\Noel\Desktop\download.pdf
[2012/03/10 15:07:56 | 000,005,209 | ---- | C] () -- C:\Users\Noel\Desktop\Plan1.pdf
[2012/03/10 14:44:40 | 000,393,316 | ---- | C] () -- C:\Users\Noel\Desktop\LUCA.ndw
[2012/02/29 12:29:55 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2012/02/29 12:29:55 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2012/02/29 12:29:55 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2011/11/24 12:02:52 | 000,000,246 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/11/02 13:14:29 | 000,024,920 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2011/10/26 23:07:47 | 000,004,608 | ---- | C] () -- C:\Users\Noel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/19 20:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/08/30 13:40:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/08/30 13:26:24 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 20:07:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/04 20:06:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/04 20:06:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 12:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2012/03/02 16:06:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Toshiba
[2011/10/29 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Canneverbe Limited
[2011/10/20 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\DAEMON Tools Lite
[2011/10/20 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Graphisoft
[2012/03/27 16:49:44 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\ICQ
[2011/10/20 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Install.GS
[2011/10/19 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\IrfanView
[2011/11/03 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\MAXON
[2011/11/22 20:38:07 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Nemetschek
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Ogep
[2011/10/20 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\OpenOffice.org
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Panda Security
[2012/03/27 10:26:43 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Qeqo
[2012/03/27 16:49:33 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\streamWriter
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\toolplugin
[2011/11/21 11:52:07 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Toshiba
[2011/10/22 09:52:33 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\TOSHIBA Online Product Information
[2012/02/05 12:38:47 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\WinBatch
[2011/11/15 01:51:05 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Yca
[2011/11/08 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Zecoi
[2012/03/15 11:04:12 | 000,000,490 | ---- | M] () -- C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job
[2009/07/14 07:08:49 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/27 16:32:45 | 000,000,636 | ---- | M] () -- C:\Windows\Tasks\WebContent AutoUpdate 2011.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/27 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Adobe
[2011/10/29 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Canneverbe Limited
[2011/10/20 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\DAEMON Tools Lite
[2011/10/20 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Graphisoft
[2012/03/27 16:49:44 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\ICQ
[2011/10/19 19:43:01 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Identities
[2011/10/20 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Install.GS
[2011/10/19 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\IrfanView
[2011/05/02 15:31:45 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Macromedia
[2012/03/27 10:21:05 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Malwarebytes
[2011/11/03 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\MAXON
[2010/11/21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Media Center Programs
[2012/03/25 15:36:38 | 000,000,000 | --SD | M] -- C:\Users\Noel\AppData\Roaming\Microsoft
[2011/10/19 19:59:57 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Mozilla
[2011/11/22 20:38:07 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Nemetschek
[2011/10/19 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Nero
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Ogep
[2011/10/20 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\OpenOffice.org
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Panda Security
[2012/03/27 10:26:43 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Qeqo
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Skype
[2011/10/19 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\skypePM
[2012/03/27 16:49:33 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\streamWriter
[2012/03/25 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\toolplugin
[2011/11/21 11:52:07 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Toshiba
[2011/10/22 09:52:33 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\TOSHIBA Online Product Information
[2012/03/25 15:36:29 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\vlc
[2012/03/26 22:00:21 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Winamp
[2012/02/05 12:38:47 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\WinBatch
[2011/10/20 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\WinRAR
[2011/11/15 01:51:05 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Yca
[2011/11/08 21:53:59 | 000,000,000 | ---D | M] -- C:\Users\Noel\AppData\Roaming\Zecoi
 
< %APPDATA%\*.exe /s >
[2010/09/20 16:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Noel\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/11/27 03:00:25 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Noel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011/11/27 03:00:25 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Noel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011/11/27 03:00:25 | 000,008,854 | R--- | M] () -- C:\Users\Noel\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2011/10/29 10:19:39 | 000,135,680 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Ogep\hysiyl.exe
[2011/12/15 17:18:06 | 010,498,992 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\Noel\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\Setup.exe
[2011/12/15 17:21:06 | 001,315,576 | ---- | M] (TOSHIBA) -- C:\Users\Noel\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\tinstallwb.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---
Alt 27.03.2012, 19:03   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes,DefaultScope = {CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{BCECB9C4-4FE0-4F6A-B75A-50B4B15725BF}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\..\SearchScopes\{F23DD6A7-94F5-4501-B807-842076DB3226}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
[2012/03/25 15:36:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/25 15:36:32 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/03/27 10:18:48 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-1.xml
[2011/11/15 01:50:48 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-2.xml
[2011/12/30 11:39:51 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-3.xml
[2012/02/02 00:59:03 | 000,000,950 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-4.xml
[2011/11/04 09:54:12 | 000,001,056 | ---- | M] () -- C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin.xml
[2011/10/20 20:46:26 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Noel\AppData\Roaming\toolplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Users\Noel\AppData\Roaming\Yca
C:\Users\Noel\AppData\Roaming\Zecoi
C:\Users\Noel\AppData\Roaming\Ogep
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Bundespolizei Trojaner mit shell = explorer.exe

Alt 27.03.2012, 19:24   #7
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1519629227-1934259846-1358753116-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BCECB9C4-4FE0-4F6A-B75A-50B4B15725BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCECB9C4-4FE0-4F6A-B75A-50B4B15725BF}\ not found.
Registry key HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8213C0-A48A-4E67-86E7-6BBE34A8F3E3}\ not found.
Registry key HKEY_USERS\S-1-5-21-1519629227-1934259846-1358753116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F23DD6A7-94F5-4501-B807-842076DB3226}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F23DD6A7-94F5-4501-B807-842076DB3226}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from browser.search.defaulturl
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" removed from keyword.URL
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$_OUTDIR\Setup\ADA folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$_OUTDIR\Setup folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$_OUTDIR folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56] folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[34] folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9 folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\ADA folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\searchbar\engines folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\searchbar folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\options folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin\lib folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\skin folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\locale\toolbar folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\locale\lib folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\locale folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\data\search folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\data folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets\net.vmn.www.ToolbarCleaner folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets\keypad folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\widgets folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\modules folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content\lib folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome\content folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\chrome folder moved successfully.
C:\Users\Noel\AppData\Roaming\mozilla\Firefox\Profiles\r7za05v7.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} folder moved successfully.
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
C:\Program Files (x86)\icq\Internet Explorer\icq.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ deleted successfully.
C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ deleted successfully.
C:\Users\Noel\AppData\Roaming\toolplugin\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
G:\autorun.inf moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Users\Noel\AppData\Roaming\Yca folder moved successfully.
C:\Users\Noel\AppData\Roaming\Zecoi folder moved successfully.
C:\Users\Noel\AppData\Roaming\Ogep folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 128575 bytes
->Temporary Internet Files folder emptied: 578151 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83182483 bytes
->Flash cache emptied: 57294 bytes
 
User: Noel
->Temp folder emptied: 49345117 bytes
->Temporary Internet Files folder emptied: 975778 bytes
->Java cache emptied: 200127 bytes
->FireFox cache emptied: 57442042 bytes
->Flash cache emptied: 57009 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72328 bytes
RecycleBin emptied: 69493592 bytes
 
Total Files Cleaned = 249.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_201904

Files\Folders moved on Reboot...
C:\Users\Noel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 27.03.2012, 19:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Zitat:
C:\Users\Noel\Downloads\installer_kaspersky_tdsskiller.exe
Was hast du da schon mit dem TDSS-Killer gemacht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2012, 20:07   #9
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Hi vor kurzem plagte mich schon einmal so ein ähnliches Problem ("Privacy Protection") und beim googlen stieß ich auf einen Artikel der mir riet dieses tool zu verwenden oder war das ein Fehler?

Gruß

Alt 27.03.2012, 20:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Wo ist das Log dazu?! Mit dem TDSS-Killer sollte man nicht einfach alles löschen was der beanstandet!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2012, 20:30   #11
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


soweit ich mich erinnere hatte er in diesem fall nix gefunden

Alt 27.03.2012, 21:05   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Mach bitte ein neues Log mit dem TDSS-Killer => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2012, 22:04   #13
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Code:
ATTFilter
22:59:44.0178 2232	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:59:44.0311 2232	============================================================
22:59:44.0311 2232	Current date / time: 2012/03/27 22:59:44.0311
22:59:44.0311 2232	SystemInfo:
22:59:44.0311 2232	
22:59:44.0311 2232	OS Version: 6.1.7601 ServicePack: 1.0
22:59:44.0311 2232	Product type: Workstation
22:59:44.0311 2232	ComputerName: NOEL-TOSH
22:59:44.0311 2232	UserName: Noel
22:59:44.0311 2232	Windows directory: C:\Windows
22:59:44.0311 2232	System windows directory: C:\Windows
22:59:44.0311 2232	Running under WOW64
22:59:44.0311 2232	Processor architecture: Intel x64
22:59:44.0311 2232	Number of processors: 4
22:59:44.0311 2232	Page size: 0x1000
22:59:44.0311 2232	Boot type: Normal boot
22:59:44.0311 2232	============================================================
22:59:44.0763 2232	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:44.0767 2232	Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:59:50.0952 2232	\Device\Harddisk0\DR0:
22:59:50.0987 2232	MBR used
22:59:50.0987 2232	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
22:59:50.0987 2232	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x10DAA800
22:59:51.0012 2232	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2E036800, BlocksNum 0xC34F000
22:59:51.0012 2232	\Device\Harddisk1\DR1:
22:59:51.0013 2232	MBR used
22:59:51.0013 2232	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:59:51.0126 2232	Initialize success
22:59:51.0126 2232	============================================================
23:00:48.0887 0804	============================================================
23:00:48.0887 0804	Scan started
23:00:48.0887 0804	Mode: Manual; SigCheck; TDLFS; 
23:00:48.0887 0804	============================================================
23:00:49.0177 0804	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:00:49.0298 0804	1394ohci - ok
23:00:49.0445 0804	38537161        (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\70239933.sys
23:00:49.0474 0804	38537161 - ok
23:00:49.0599 0804	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:00:49.0616 0804	ACPI - ok
23:00:49.0728 0804	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:00:49.0782 0804	AcpiPmi - ok
23:00:49.0854 0804	Adobe LM Service (f3463e6967c3c396921551c0cdc633c1) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:00:49.0873 0804	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:00:49.0873 0804	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:00:49.0958 0804	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:00:49.0965 0804	AdobeARMservice - ok
23:00:50.0076 0804	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:00:50.0095 0804	adp94xx - ok
23:00:50.0218 0804	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:00:50.0234 0804	adpahci - ok
23:00:50.0346 0804	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:00:50.0358 0804	adpu320 - ok
23:00:50.0437 0804	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:00:50.0495 0804	AeLookupSvc - ok
23:00:50.0617 0804	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:00:50.0671 0804	AFD - ok
23:00:50.0771 0804	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:00:50.0781 0804	agp440 - ok
23:00:50.0853 0804	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:00:50.0895 0804	ALG - ok
23:00:51.0005 0804	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:00:51.0013 0804	aliide - ok
23:00:51.0127 0804	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:00:51.0136 0804	amdide - ok
23:00:51.0251 0804	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:00:51.0275 0804	AmdK8 - ok
23:00:51.0375 0804	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:00:51.0405 0804	AmdPPM - ok
23:00:51.0519 0804	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:00:51.0529 0804	amdsata - ok
23:00:51.0629 0804	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:00:51.0642 0804	amdsbs - ok
23:00:51.0755 0804	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:00:51.0763 0804	amdxata - ok
23:00:51.0874 0804	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:00:51.0931 0804	AppID - ok
23:00:52.0003 0804	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:00:52.0048 0804	AppIDSvc - ok
23:00:52.0124 0804	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:00:52.0179 0804	Appinfo - ok
23:00:52.0265 0804	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:00:52.0275 0804	arc - ok
23:00:52.0368 0804	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:00:52.0378 0804	arcsas - ok
23:00:52.0479 0804	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:52.0532 0804	AsyncMac - ok
23:00:52.0638 0804	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:00:52.0647 0804	atapi - ok
23:00:52.0773 0804	athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
23:00:52.0821 0804	athr - ok
23:00:52.0907 0804	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:00:52.0966 0804	AudioEndpointBuilder - ok
23:00:52.0995 0804	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:00:53.0037 0804	AudioSrv - ok
23:00:53.0124 0804	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:00:53.0165 0804	AxInstSV - ok
23:00:53.0282 0804	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:00:53.0337 0804	b06bdrv - ok
23:00:53.0518 0804	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:00:53.0554 0804	b57nd60a - ok
23:00:53.0648 0804	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:00:53.0660 0804	BBSvc - ok
23:00:53.0742 0804	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:00:53.0777 0804	BDESVC - ok
23:00:53.0890 0804	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:00:53.0943 0804	Beep - ok
23:00:54.0043 0804	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:00:54.0120 0804	BFE - ok
23:00:54.0198 0804	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:00:54.0269 0804	BITS - ok
23:00:54.0370 0804	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:00:54.0400 0804	blbdrive - ok
23:00:54.0457 0804	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:00:54.0475 0804	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
23:00:54.0475 0804	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
23:00:54.0575 0804	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:00:54.0603 0804	bowser - ok
23:00:54.0698 0804	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:00:54.0731 0804	BrFiltLo - ok
23:00:54.0820 0804	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:00:54.0845 0804	BrFiltUp - ok
23:00:54.0913 0804	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:00:54.0962 0804	Browser - ok
23:00:55.0065 0804	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:00:55.0117 0804	Brserid - ok
23:00:55.0209 0804	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:00:55.0241 0804	BrSerWdm - ok
23:00:55.0332 0804	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:00:55.0355 0804	BrUsbMdm - ok
23:00:55.0443 0804	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:00:55.0466 0804	BrUsbSer - ok
23:00:55.0558 0804	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:00:55.0584 0804	BTHMODEM - ok
23:00:55.0667 0804	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:00:55.0720 0804	bthserv - ok
23:00:55.0811 0804	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:00:55.0860 0804	cdfs - ok
23:00:55.0969 0804	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:00:55.0995 0804	cdrom - ok
23:00:56.0132 0804	CeKbFilter      (a965b206921c55f2d1481789d609b711) C:\Windows\system32\DRIVERS\CeKbFilter.sys
23:00:56.0138 0804	CeKbFilter - ok
23:00:56.0231 0804	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:00:56.0287 0804	CertPropSvc - ok
23:00:56.0426 0804	cfWiMAXService  (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:00:56.0440 0804	cfWiMAXService - ok
23:00:56.0544 0804	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:00:56.0576 0804	circlass - ok
23:00:56.0686 0804	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:00:56.0702 0804	CLFS - ok
23:00:56.0784 0804	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:56.0793 0804	clr_optimization_v2.0.50727_32 - ok
23:00:56.0888 0804	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:00:56.0898 0804	clr_optimization_v2.0.50727_64 - ok
23:00:57.0014 0804	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:57.0023 0804	clr_optimization_v4.0.30319_32 - ok
23:00:57.0142 0804	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:00:57.0152 0804	clr_optimization_v4.0.30319_64 - ok
23:00:57.0243 0804	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:00:57.0271 0804	CmBatt - ok
23:00:57.0369 0804	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:00:57.0377 0804	cmdide - ok
23:00:57.0473 0804	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:00:57.0497 0804	CNG - ok
23:00:57.0598 0804	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:00:57.0606 0804	Compbatt - ok
23:00:57.0711 0804	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:00:57.0750 0804	CompositeBus - ok
23:00:57.0810 0804	COMSysApp - ok
23:00:57.0906 0804	ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:00:57.0912 0804	ConfigFree Service - ok
23:00:58.0020 0804	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:00:58.0032 0804	crcdisk - ok
23:00:58.0114 0804	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:00:58.0161 0804	CryptSvc - ok
23:00:58.0242 0804	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:00:58.0323 0804	DcomLaunch - ok
23:00:58.0388 0804	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:00:58.0455 0804	defragsvc - ok
23:00:58.0559 0804	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:00:58.0615 0804	DfsC - ok
23:00:58.0699 0804	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:00:58.0765 0804	Dhcp - ok
23:00:58.0856 0804	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:00:58.0912 0804	discache - ok
23:00:59.0016 0804	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:00:59.0029 0804	Disk - ok
23:00:59.0097 0804	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:00:59.0157 0804	Dnscache - ok
23:00:59.0225 0804	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:00:59.0294 0804	dot3svc - ok
23:00:59.0364 0804	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:00:59.0429 0804	DPS - ok
23:00:59.0536 0804	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:00:59.0560 0804	drmkaud - ok
23:00:59.0676 0804	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:00:59.0693 0804	dtsoftbus01 - ok
23:00:59.0813 0804	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:00:59.0841 0804	DXGKrnl - ok
23:00:59.0910 0804	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:00:59.0976 0804	EapHost - ok
23:01:00.0125 0804	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:01:00.0224 0804	ebdrv - ok
23:01:00.0301 0804	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:01:00.0344 0804	EFS - ok
23:01:00.0410 0804	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:01:00.0452 0804	ehRecvr - ok
23:01:00.0523 0804	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:01:00.0616 0804	ehSched - ok
23:01:00.0714 0804	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:01:00.0740 0804	elxstor - ok
23:01:00.0833 0804	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:01:00.0858 0804	ErrDev - ok
23:01:00.0960 0804	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:01:01.0007 0804	EventSystem - ok
23:01:01.0106 0804	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:01:01.0163 0804	exfat - ok
23:01:01.0262 0804	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:01:01.0331 0804	fastfat - ok
23:01:01.0425 0804	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:01:01.0477 0804	Fax - ok
23:01:01.0564 0804	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:01:01.0613 0804	fdc - ok
23:01:01.0690 0804	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:01:01.0752 0804	fdPHost - ok
23:01:01.0822 0804	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:01:01.0884 0804	FDResPub - ok
23:01:01.0980 0804	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:01:01.0989 0804	FileInfo - ok
23:01:02.0085 0804	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:01:02.0144 0804	Filetrace - ok
23:01:02.0237 0804	FileZillaUpdater (a52fc41faa9a138ec24b0b2ee2117c5c) C:\Users\Noel\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe
23:01:02.0259 0804	FileZillaUpdater ( UnsignedFile.Multi.Generic ) - warning
23:01:02.0259 0804	FileZillaUpdater - detected UnsignedFile.Multi.Generic (1)
23:01:02.0352 0804	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:01:02.0372 0804	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:01:02.0372 0804	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:01:02.0467 0804	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:01:02.0478 0804	flpydisk - ok
23:01:02.0604 0804	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:01:02.0617 0804	FltMgr - ok
23:01:02.0725 0804	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:01:02.0770 0804	FontCache - ok
23:01:02.0854 0804	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:01:02.0861 0804	FontCache3.0.0.0 - ok
23:01:02.0954 0804	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:01:02.0963 0804	FsDepends - ok
23:01:03.0062 0804	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:01:03.0071 0804	Fs_Rec - ok
23:01:03.0168 0804	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:01:03.0184 0804	fvevol - ok
23:01:03.0285 0804	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:01:03.0295 0804	gagp30kx - ok
23:01:03.0365 0804	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:01:03.0374 0804	GamesAppService - ok
23:01:03.0465 0804	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:01:03.0510 0804	gpsvc - ok
23:01:03.0601 0804	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:01:03.0628 0804	hcw85cir - ok
23:01:03.0724 0804	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:01:03.0753 0804	HdAudAddService - ok
23:01:03.0860 0804	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:01:03.0891 0804	HDAudBus - ok
23:01:03.0978 0804	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:01:04.0005 0804	HidBatt - ok
23:01:04.0103 0804	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:01:04.0132 0804	HidBth - ok
23:01:04.0229 0804	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:01:04.0243 0804	HidIr - ok
23:01:04.0306 0804	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:01:04.0362 0804	hidserv - ok
23:01:04.0463 0804	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:01:04.0476 0804	HidUsb - ok
23:01:04.0546 0804	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:01:04.0600 0804	hkmsvc - ok
23:01:04.0671 0804	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:01:04.0729 0804	HomeGroupListener - ok
23:01:04.0798 0804	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:01:04.0842 0804	HomeGroupProvider - ok
23:01:04.0932 0804	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:01:04.0955 0804	HpSAMD - ok
23:01:05.0071 0804	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:01:05.0143 0804	HTTP - ok
23:01:05.0241 0804	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:01:05.0261 0804	hwpolicy - ok
23:01:05.0370 0804	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:01:05.0401 0804	i8042prt - ok
23:01:05.0514 0804	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
23:01:05.0546 0804	iaStor - ok
23:01:05.0661 0804	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:01:05.0697 0804	iaStorV - ok
23:01:05.0836 0804	IconMan_R       (dabfbe88774a3c1a8cea198348e02740) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
23:01:05.0876 0804	IconMan_R ( UnsignedFile.Multi.Generic ) - warning
23:01:05.0876 0804	IconMan_R - detected UnsignedFile.Multi.Generic (1)
23:01:05.0949 0804	ICQ Service     (58bd7551b0445f3673d96ca380f21822) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
23:01:05.0974 0804	ICQ Service - ok
23:01:06.0048 0804	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:01:06.0088 0804	IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:01:06.0088 0804	IDriverT - detected UnsignedFile.Multi.Generic (1)
23:01:06.0194 0804	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:01:06.0227 0804	idsvc - ok
23:01:06.0553 0804	igfx            (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:01:06.0899 0804	igfx - ok
23:01:07.0007 0804	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:01:07.0029 0804	iirsp - ok
23:01:07.0117 0804	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:01:07.0204 0804	IKEEXT - ok
23:01:07.0385 0804	IntcAzAudAddService (2cc2f7c5990bb76767038f4b16d17a56) C:\Windows\system32\drivers\RTKVHD64.sys
23:01:07.0446 0804	IntcAzAudAddService - ok
23:01:07.0540 0804	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:01:07.0561 0804	intelide - ok
23:01:07.0656 0804	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:01:07.0697 0804	intelppm - ok
23:01:07.0767 0804	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:01:07.0838 0804	IPBusEnum - ok
23:01:07.0944 0804	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:08.0002 0804	IpFilterDriver - ok
23:01:08.0077 0804	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:01:08.0150 0804	iphlpsvc - ok
23:01:08.0246 0804	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:01:08.0280 0804	IPMIDRV - ok
23:01:08.0381 0804	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:01:08.0449 0804	IPNAT - ok
23:01:08.0553 0804	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:01:08.0590 0804	IRENUM - ok
23:01:08.0937 0804	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:01:08.0959 0804	isapnp - ok
23:01:09.0058 0804	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:01:09.0090 0804	iScsiPrt - ok
23:01:09.0195 0804	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:09.0215 0804	kbdclass - ok
23:01:09.0311 0804	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:09.0357 0804	kbdhid - ok
23:01:09.0435 0804	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:09.0460 0804	KeyIso - ok
23:01:09.0561 0804	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:01:09.0581 0804	KSecDD - ok
23:01:09.0680 0804	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:01:09.0704 0804	KSecPkg - ok
23:01:09.0805 0804	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:01:09.0878 0804	ksthunk - ok
23:01:09.0949 0804	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:01:10.0013 0804	KtmRm - ok
23:01:10.0100 0804	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:01:10.0183 0804	LanmanServer - ok
23:01:10.0265 0804	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:01:10.0340 0804	LanmanWorkstation - ok
23:01:10.0448 0804	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:01:10.0509 0804	lltdio - ok
23:01:10.0653 0804	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:01:10.0804 0804	lltdsvc - ok
23:01:10.0873 0804	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:01:10.0943 0804	lmhosts - ok
23:01:11.0035 0804	LMS             (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:01:11.0054 0804	LMS - ok
23:01:11.0166 0804	LPCFilter       (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
23:01:11.0182 0804	LPCFilter - ok
23:01:11.0287 0804	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:01:11.0312 0804	LSI_FC - ok
23:01:11.0411 0804	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:01:11.0435 0804	LSI_SAS - ok
23:01:11.0534 0804	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:01:11.0557 0804	LSI_SAS2 - ok
23:01:11.0649 0804	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:01:11.0675 0804	LSI_SCSI - ok
23:01:11.0759 0804	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:01:11.0839 0804	luafv - ok
23:01:11.0933 0804	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:01:11.0949 0804	MBAMProtector - ok
23:01:12.0040 0804	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:01:12.0073 0804	MBAMService - ok
23:01:12.0144 0804	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
23:01:12.0167 0804	McComponentHostService - ok
23:01:12.0242 0804	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:01:12.0275 0804	Mcx2Svc - ok
23:01:12.0363 0804	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:01:12.0384 0804	megasas - ok
23:01:12.0504 0804	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:01:12.0538 0804	MegaSR - ok
23:01:12.0643 0804	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:01:12.0660 0804	MEIx64 - ok
23:01:12.0863 0804	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:01:12.0946 0804	MMCSS - ok
23:01:13.0024 0804	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:01:13.0082 0804	Modem - ok
23:01:13.0184 0804	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:01:13.0231 0804	monitor - ok
23:01:13.0326 0804	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:01:13.0348 0804	mouclass - ok
23:01:13.0450 0804	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:01:13.0488 0804	mouhid - ok
23:01:13.0573 0804	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:01:13.0595 0804	mountmgr - ok
23:01:13.0701 0804	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:01:13.0731 0804	mpio - ok
23:01:13.0816 0804	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:01:13.0873 0804	mpsdrv - ok
23:01:13.0963 0804	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:01:14.0048 0804	MpsSvc - ok
23:01:14.0148 0804	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:01:14.0203 0804	MRxDAV - ok
23:01:14.0310 0804	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:14.0380 0804	mrxsmb - ok
23:01:14.0480 0804	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:14.0508 0804	mrxsmb10 - ok
23:01:14.0623 0804	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:14.0649 0804	mrxsmb20 - ok
23:01:14.0975 0804	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
23:01:14.0996 0804	msahci - ok
23:01:15.0104 0804	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:01:15.0127 0804	msdsm - ok
23:01:15.0209 0804	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:01:15.0255 0804	MSDTC - ok
23:01:15.0364 0804	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:01:15.0440 0804	Msfs - ok
23:01:15.0538 0804	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:01:15.0619 0804	mshidkmdf - ok
23:01:15.0715 0804	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:01:15.0736 0804	msisadrv - ok
23:01:15.0825 0804	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:01:15.0913 0804	MSiSCSI - ok
23:01:15.0956 0804	msiserver - ok
23:01:16.0052 0804	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:01:16.0130 0804	MSKSSRV - ok
23:01:16.0240 0804	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:16.0310 0804	MSPCLOCK - ok
23:01:16.0409 0804	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:01:16.0488 0804	MSPQM - ok
23:01:16.0597 0804	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:01:16.0628 0804	MsRPC - ok
23:01:16.0730 0804	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:01:16.0748 0804	mssmbios - ok
23:01:16.0832 0804	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:01:16.0908 0804	MSTEE - ok
23:01:17.0008 0804	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:01:17.0037 0804	MTConfig - ok
23:01:17.0136 0804	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:01:17.0159 0804	Mup - ok
23:01:17.0248 0804	NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
23:01:17.0267 0804	NanoServiceMain - ok
23:01:17.0340 0804	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:01:17.0416 0804	napagent - ok
23:01:17.0526 0804	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:01:17.0574 0804	NativeWifiP - ok
23:01:17.0676 0804	NAUpdate        (2989174df02e0aef54bae90674fb445f) c:\Program Files (x86)\Nero\Update\NASvc.exe
23:01:17.0708 0804	NAUpdate - ok
23:01:17.0820 0804	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:01:17.0865 0804	NDIS - ok
23:01:17.0975 0804	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:18.0042 0804	NdisCap - ok
23:01:18.0153 0804	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:18.0213 0804	NdisTapi - ok
23:01:18.0315 0804	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:18.0379 0804	Ndisuio - ok
23:01:18.0479 0804	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:18.0535 0804	NdisWan - ok
23:01:18.0630 0804	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:01:18.0708 0804	NDProxy - ok
23:01:18.0815 0804	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:01:18.0877 0804	NetBIOS - ok
23:01:18.0983 0804	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:01:19.0066 0804	NetBT - ok
23:01:19.0136 0804	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:19.0164 0804	Netlogon - ok
23:01:19.0257 0804	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:01:19.0336 0804	Netman - ok
23:01:19.0411 0804	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:01:19.0485 0804	netprofm - ok
23:01:19.0574 0804	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:19.0595 0804	NetTcpPortSharing - ok
23:01:19.0686 0804	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:01:19.0708 0804	nfrd960 - ok
23:01:19.0803 0804	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:01:19.0875 0804	NlaSvc - ok
23:01:19.0996 0804	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:01:20.0075 0804	Npfs - ok
23:01:20.0147 0804	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:01:20.0202 0804	nsi - ok
23:01:20.0296 0804	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:01:20.0372 0804	nsiproxy - ok
23:01:20.0516 0804	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:01:20.0570 0804	Ntfs - ok
23:01:20.0662 0804	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:01:20.0722 0804	Null - ok
23:01:20.0839 0804	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:01:20.0860 0804	nvraid - ok
23:01:20.0971 0804	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:01:20.0999 0804	nvstor - ok
23:01:21.0098 0804	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:01:21.0123 0804	nv_agp - ok
23:01:21.0214 0804	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:01:21.0247 0804	ohci1394 - ok
23:01:21.0309 0804	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:01:21.0348 0804	p2pimsvc - ok
23:01:21.0428 0804	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:01:21.0477 0804	p2psvc - ok
23:01:21.0574 0804	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:01:21.0605 0804	Parport - ok
23:01:21.0701 0804	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:01:21.0724 0804	partmgr - ok
23:01:21.0793 0804	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:01:21.0851 0804	PcaSvc - ok
23:01:21.0947 0804	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:01:21.0975 0804	pci - ok
23:01:22.0058 0804	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:01:22.0079 0804	pciide - ok
23:01:22.0188 0804	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:01:22.0218 0804	pcmcia - ok
23:01:22.0304 0804	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:01:22.0326 0804	pcw - ok
23:01:22.0437 0804	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:01:22.0515 0804	PEAUTH - ok
23:01:22.0583 0804	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:01:22.0623 0804	PerfHost - ok
23:01:22.0712 0804	PGEffect        (91111cebbde8015e822c46120ed9537c) C:\Windows\system32\DRIVERS\pgeffect.sys
23:01:22.0729 0804	PGEffect - ok
23:01:22.0839 0804	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:01:22.0925 0804	pla - ok
23:01:23.0021 0804	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:01:23.0090 0804	PlugPlay - ok
23:01:23.0155 0804	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:01:23.0198 0804	PNRPAutoReg - ok
23:01:23.0266 0804	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:01:23.0304 0804	PNRPsvc - ok
23:01:23.0383 0804	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:01:23.0444 0804	PolicyAgent - ok
23:01:23.0520 0804	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:01:23.0599 0804	Power - ok
23:01:23.0710 0804	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:01:23.0779 0804	PptpMiniport - ok
23:01:23.0877 0804	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:01:23.0915 0804	Processor - ok
23:01:23.0995 0804	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:01:24.0082 0804	ProfSvc - ok
23:01:24.0158 0804	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:24.0185 0804	ProtectedStorage - ok
23:01:24.0292 0804	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:01:24.0354 0804	Psched - ok
23:01:24.0459 0804	PSINAflt        (bf6b640239be2c28a6bb43adc658fb7f) C:\Windows\system32\DRIVERS\PSINAflt.sys
23:01:24.0482 0804	PSINAflt - ok
23:01:24.0598 0804	PSINFile        (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
23:01:24.0617 0804	PSINFile - ok
23:01:24.0740 0804	PSINKNC         (a90f546b4f49122115768bc94bc81c04) C:\Windows\system32\DRIVERS\psinknc.sys
23:01:24.0776 0804	PSINKNC - ok
23:01:24.0895 0804	PSINProc        (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
23:01:24.0914 0804	PSINProc - ok
23:01:25.0000 0804	PSINProt        (076254556b4b03ade385619ff33e2f6b) C:\Windows\system32\DRIVERS\PSINProt.sys
23:01:25.0020 0804	PSINProt - ok
23:01:25.0162 0804	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:01:25.0211 0804	ql2300 - ok
23:01:25.0324 0804	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:01:25.0350 0804	ql40xx - ok
23:01:25.0421 0804	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:01:25.0457 0804	QWAVE - ok
23:01:25.0553 0804	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:01:25.0596 0804	QWAVEdrv - ok
23:01:25.0690 0804	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:01:25.0762 0804	RasAcd - ok
23:01:25.0871 0804	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:25.0934 0804	RasAgileVpn - ok
23:01:25.0998 0804	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:01:26.0076 0804	RasAuto - ok
23:01:26.0174 0804	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:26.0248 0804	Rasl2tp - ok
23:01:26.0337 0804	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:01:26.0419 0804	RasMan - ok
23:01:26.0522 0804	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:26.0586 0804	RasPppoe - ok
23:01:26.0690 0804	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:01:26.0757 0804	RasSstp - ok
23:01:26.0856 0804	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:01:26.0929 0804	rdbss - ok
23:01:27.0027 0804	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:01:27.0070 0804	rdpbus - ok
23:01:27.0172 0804	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:27.0244 0804	RDPCDD - ok
23:01:27.0353 0804	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:01:27.0412 0804	RDPENCDD - ok
23:01:27.0508 0804	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:01:27.0586 0804	RDPREFMP - ok
23:01:27.0700 0804	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:01:27.0757 0804	RDPWD - ok
23:01:27.0854 0804	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:01:27.0880 0804	rdyboost - ok
23:01:27.0952 0804	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:01:28.0024 0804	RemoteAccess - ok
23:01:28.0088 0804	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:01:28.0167 0804	RemoteRegistry - ok
23:01:28.0235 0804	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:01:28.0294 0804	RpcEptMapper - ok
23:01:28.0371 0804	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:01:28.0402 0804	RpcLocator - ok
23:01:28.0481 0804	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:01:28.0545 0804	RpcSs - ok
23:01:28.0639 0804	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:01:28.0694 0804	rspndr - ok
23:01:28.0817 0804	RSUSBSTOR       (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
23:01:28.0891 0804	RSUSBSTOR - ok
23:01:28.0996 0804	RTL8167         (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:01:29.0029 0804	RTL8167 - ok
23:01:29.0163 0804	RTL8192Ce       (64fdf4fe366ca42da2b7d9d424b6e39b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
23:01:29.0212 0804	RTL8192Ce - ok
23:01:29.0402 0804	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:29.0431 0804	SamSs - ok
23:01:29.0529 0804	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:01:29.0553 0804	sbp2port - ok
23:01:29.0621 0804	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:01:29.0706 0804	SCardSvr - ok
23:01:29.0791 0804	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:01:29.0867 0804	scfilter - ok
23:01:29.0955 0804	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:01:30.0067 0804	Schedule - ok
23:01:30.0145 0804	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:01:30.0195 0804	SCPolicySvc - ok
23:01:30.0270 0804	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:01:30.0313 0804	SDRSVC - ok
23:01:30.0398 0804	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:01:30.0425 0804	SeaPort - ok
23:01:30.0526 0804	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:01:30.0587 0804	secdrv - ok
23:01:30.0657 0804	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:01:30.0715 0804	seclogon - ok
23:01:30.0798 0804	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:01:30.0884 0804	SENS - ok
23:01:30.0961 0804	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:01:31.0013 0804	SensrSvc - ok
23:01:31.0111 0804	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:01:31.0150 0804	Serenum - ok
23:01:31.0248 0804	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:01:31.0288 0804	Serial - ok
23:01:31.0370 0804	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:01:31.0403 0804	sermouse - ok
23:01:31.0492 0804	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:01:31.0565 0804	SessionEnv - ok
23:01:31.0659 0804	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:01:31.0690 0804	sffdisk - ok
23:01:31.0781 0804	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:01:31.0824 0804	sffp_mmc - ok
23:01:31.0926 0804	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:01:31.0974 0804	sffp_sd - ok
23:01:32.0104 0804	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:01:32.0134 0804	sfloppy - ok
23:01:32.0227 0804	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:01:32.0303 0804	SharedAccess - ok
23:01:32.0402 0804	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:01:32.0476 0804	ShellHWDetection - ok
23:01:32.0572 0804	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:01:32.0589 0804	SiSRaid2 - ok
23:01:32.0707 0804	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:01:32.0717 0804	SiSRaid4 - ok
23:01:32.0820 0804	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:01:32.0872 0804	Smb - ok
23:01:33.0027 0804	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:01:33.0077 0804	SNMPTRAP - ok
23:01:33.0128 0804	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:01:33.0141 0804	spldr - ok
23:01:33.0222 0804	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:01:33.0287 0804	Spooler - ok
23:01:33.0433 0804	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:01:33.0567 0804	sppsvc - ok
23:01:33.0635 0804	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:01:33.0712 0804	sppuinotify - ok
23:01:33.0810 0804	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:01:33.0865 0804	srv - ok
23:01:33.0974 0804	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:01:34.0028 0804	srv2 - ok
23:01:34.0119 0804	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:01:34.0165 0804	srvnet - ok
23:01:34.0284 0804	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:01:34.0371 0804	SSDPSRV - ok
23:01:34.0447 0804	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:01:34.0509 0804	SstpSvc - ok
23:01:34.0631 0804	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:01:34.0653 0804	stexstor - ok
23:01:34.0821 0804	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:01:34.0866 0804	stisvc - ok
23:01:34.0958 0804	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:01:34.0978 0804	swenum - ok
23:01:35.0063 0804	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:01:35.0164 0804	swprv - ok
23:01:35.0306 0804	SynTP           (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
23:01:35.0350 0804	SynTP - ok
23:01:35.0465 0804	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:01:35.0522 0804	SysMain - ok
23:01:35.0590 0804	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:01:35.0625 0804	TabletInputService - ok
23:01:35.0704 0804	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:01:35.0782 0804	TapiSrv - ok
23:01:35.0848 0804	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:01:35.0912 0804	TBS - ok
23:01:36.0060 0804	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:01:36.0109 0804	Tcpip - ok
23:01:36.0271 0804	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:01:36.0312 0804	TCPIP6 - ok
23:01:36.0407 0804	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:01:36.0487 0804	tcpipreg - ok
23:01:36.0607 0804	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:01:36.0622 0804	tdcmdpst - ok
23:01:36.0720 0804	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:01:36.0752 0804	TDPIPE - ok
23:01:36.0851 0804	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:01:36.0876 0804	TDTCP - ok
23:01:36.0980 0804	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:01:37.0038 0804	tdx - ok
23:01:37.0103 0804	TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:01:37.0123 0804	TemproMonitoringService - ok
23:01:37.0224 0804	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:01:37.0245 0804	TermDD - ok
23:01:37.0335 0804	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:01:37.0414 0804	TermService - ok
23:01:37.0488 0804	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:01:37.0541 0804	Themes - ok
23:01:37.0610 0804	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:01:37.0665 0804	THREADORDER - ok
23:01:37.0751 0804	TMachInfo       (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:01:37.0767 0804	TMachInfo - ok
23:01:37.0851 0804	TODDSrv         (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
23:01:37.0871 0804	TODDSrv - ok
23:01:37.0949 0804	TosCoSrv        (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:01:37.0981 0804	TosCoSrv - ok
23:01:38.0071 0804	TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:01:38.0090 0804	TOSHIBA HDD SSD Alert Service - ok
23:01:38.0190 0804	tos_sps64       (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
23:01:38.0225 0804	tos_sps64 - ok
23:01:38.0294 0804	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:01:38.0371 0804	TrkWks - ok
23:01:38.0436 0804	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:01:38.0499 0804	TrustedInstaller - ok
23:01:38.0600 0804	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:38.0679 0804	tssecsrv - ok
23:01:38.0782 0804	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:01:38.0830 0804	TsUsbFlt - ok
23:01:38.0916 0804	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:01:38.0950 0804	TsUsbGD - ok
23:01:39.0055 0804	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:01:39.0136 0804	tunnel - ok
23:01:39.0243 0804	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:01:39.0260 0804	TVALZ - ok
23:01:39.0364 0804	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:01:39.0387 0804	uagp35 - ok
23:01:39.0495 0804	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:01:39.0585 0804	udfs - ok
23:01:39.0658 0804	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:01:39.0683 0804	UI0Detect - ok
23:01:39.0784 0804	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:01:39.0807 0804	uliagpkx - ok
23:01:39.0907 0804	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:01:39.0939 0804	umbus - ok
23:01:40.0040 0804	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:01:40.0076 0804	UmPass - ok
23:01:40.0213 0804	UNS             (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:01:40.0266 0804	UNS - ok
23:01:40.0346 0804	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:01:40.0407 0804	upnphost - ok
23:01:40.0509 0804	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:01:40.0547 0804	usbaudio - ok
23:01:40.0649 0804	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:40.0698 0804	usbccgp - ok
23:01:40.0801 0804	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:01:40.0849 0804	usbcir - ok
23:01:40.0938 0804	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:01:40.0976 0804	usbehci - ok
23:01:41.0082 0804	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:01:41.0117 0804	usbhub - ok
23:01:41.0207 0804	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:01:41.0230 0804	usbohci - ok
23:01:41.0342 0804	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:01:41.0391 0804	usbprint - ok
23:01:41.0499 0804	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:01:41.0546 0804	usbscan - ok
23:01:41.0649 0804	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:41.0707 0804	USBSTOR - ok
23:01:41.0798 0804	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:01:41.0833 0804	usbuhci - ok
23:01:41.0942 0804	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:01:41.0996 0804	usbvideo - ok
23:01:42.0069 0804	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:01:42.0145 0804	UxSms - ok
23:01:42.0215 0804	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:42.0243 0804	VaultSvc - ok
23:01:42.0346 0804	VBoxDrv         (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
23:01:42.0373 0804	VBoxDrv - ok
23:01:42.0471 0804	VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:01:42.0494 0804	VBoxNetAdp - ok
23:01:42.0598 0804	VBoxNetFlt      (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
23:01:42.0620 0804	VBoxNetFlt - ok
23:01:42.0737 0804	VBoxUSB         (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys
23:01:42.0757 0804	VBoxUSB - ok
23:01:42.0847 0804	VBoxUSBMon      (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
23:01:42.0869 0804	VBoxUSBMon - ok
23:01:42.0968 0804	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:01:42.0989 0804	vdrvroot - ok
23:01:43.0078 0804	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:01:43.0152 0804	vds - ok
23:01:43.0270 0804	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:43.0301 0804	vga - ok
23:01:43.0392 0804	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:01:43.0448 0804	VgaSave - ok
23:01:43.0545 0804	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:01:43.0570 0804	vhdmp - ok
23:01:43.0665 0804	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:01:43.0685 0804	viaide - ok
23:01:43.0784 0804	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:01:43.0806 0804	volmgr - ok
23:01:43.0902 0804	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:01:43.0933 0804	volmgrx - ok
23:01:44.0034 0804	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:01:44.0065 0804	volsnap - ok
23:01:44.0171 0804	vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
23:01:44.0206 0804	vpcbus - ok
23:01:44.0318 0804	vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:01:44.0342 0804	vpcnfltr - ok
23:01:44.0439 0804	vpcusb          (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
23:01:44.0467 0804	vpcusb - ok
23:01:44.0585 0804	vpcvmm          (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
23:01:44.0607 0804	vpcvmm - ok
23:01:44.0708 0804	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:01:44.0719 0804	vsmraid - ok
23:01:44.0824 0804	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:01:44.0899 0804	VSS - ok
23:01:44.0990 0804	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:01:45.0017 0804	vwifibus - ok
23:01:45.0118 0804	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:01:45.0144 0804	vwififlt - ok
23:01:45.0236 0804	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:01:45.0252 0804	vwifimp - ok
23:01:45.0351 0804	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:01:45.0408 0804	W32Time - ok
23:01:45.0520 0804	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:01:45.0551 0804	WacomPen - ok
23:01:45.0649 0804	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:45.0721 0804	WANARP - ok
23:01:45.0725 0804	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:45.0759 0804	Wanarpv6 - ok
23:01:45.0866 0804	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:01:45.0929 0804	wbengine - ok
23:01:46.0016 0804	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:01:46.0059 0804	WbioSrvc - ok
23:01:46.0132 0804	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:01:46.0186 0804	wcncsvc - ok
23:01:46.0262 0804	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:01:46.0316 0804	WcsPlugInService - ok
23:01:46.0414 0804	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:01:46.0435 0804	Wd - ok
23:01:46.0543 0804	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:01:46.0593 0804	Wdf01000 - ok
23:01:46.0662 0804	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:01:46.0763 0804	WdiServiceHost - ok
23:01:46.0783 0804	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:01:46.0805 0804	WdiSystemHost - ok
23:01:46.0870 0804	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:01:46.0937 0804	WebClient - ok
23:01:47.0020 0804	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:01:47.0131 0804	Wecsvc - ok
23:01:47.0194 0804	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:01:47.0255 0804	wercplsupport - ok
23:01:47.0326 0804	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:01:47.0388 0804	WerSvc - ok
23:01:47.0482 0804	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:47.0545 0804	WfpLwf - ok
23:01:47.0642 0804	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:01:47.0664 0804	WIMMount - ok
23:01:47.0709 0804	WinDefend - ok
23:01:47.0722 0804	WinHttpAutoProxySvc - ok
23:01:47.0836 0804	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:01:47.0895 0804	Winmgmt - ok
23:01:48.0015 0804	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:01:48.0088 0804	WinRM - ok
23:01:48.0181 0804	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:01:48.0242 0804	Wlansvc - ok
23:01:48.0306 0804	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:01:48.0325 0804	wlcrasvc - ok
23:01:48.0439 0804	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:01:48.0492 0804	wlidsvc - ok
23:01:48.0587 0804	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:01:48.0611 0804	WmiAcpi - ok
23:01:48.0711 0804	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:01:48.0759 0804	wmiApSrv - ok
23:01:48.0799 0804	WMPNetworkSvc - ok
23:01:48.0883 0804	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:01:48.0923 0804	WPCSvc - ok
23:01:48.0992 0804	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:01:49.0024 0804	WPDBusEnum - ok
23:01:49.0122 0804	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:01:49.0189 0804	ws2ifsl - ok
23:01:49.0263 0804	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:01:49.0301 0804	wscsvc - ok
23:01:49.0346 0804	WSearch - ok
23:01:49.0434 0804	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:01:49.0510 0804	wuauserv - ok
23:01:49.0616 0804	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:01:49.0675 0804	WudfPf - ok
23:01:49.0793 0804	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:49.0871 0804	WUDFRd - ok
23:01:49.0931 0804	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:01:49.0990 0804	wudfsvc - ok
23:01:50.0061 0804	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:01:50.0113 0804	WwanSvc - ok
23:01:50.0171 0804	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:01:50.0330 0804	\Device\Harddisk0\DR0 - ok
23:01:50.0337 0804	MBR (0x1B8)     (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR1
23:02:02.0630 0804	\Device\Harddisk1\DR1 - ok
23:02:02.0645 0804	Boot (0x1200)   (d6c57ccd7b2d0afb26d1dcac39e988db) \Device\Harddisk0\DR0\Partition0
23:02:02.0647 0804	\Device\Harddisk0\DR0\Partition0 - ok
23:02:02.0675 0804	Boot (0x1200)   (f8f61728928826339273622d4a41d9a4) \Device\Harddisk0\DR0\Partition1
23:02:02.0677 0804	\Device\Harddisk0\DR0\Partition1 - ok
23:02:02.0695 0804	Boot (0x1200)   (88d0627fd9287971d48ac719ae8e1df8) \Device\Harddisk0\DR0\Partition2
23:02:02.0697 0804	\Device\Harddisk0\DR0\Partition2 - ok
23:02:02.0702 0804	Boot (0x1200)   (f091c7caf29a9c689c675467d5025097) \Device\Harddisk1\DR1\Partition0
23:02:02.0705 0804	\Device\Harddisk1\DR1\Partition0 - ok
23:02:02.0706 0804	============================================================
23:02:02.0706 0804	Scan finished
23:02:02.0706 0804	============================================================
23:02:02.0721 3648	Detected object count: 6
23:02:02.0721 3648	Actual detected object count: 6
23:02:28.0924 3648	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:28.0924 3648	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:02:28.0924 3648	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:28.0924 3648	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:02:28.0926 3648	FileZillaUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:28.0926 3648	FileZillaUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:02:28.0927 3648	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:28.0927 3648	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:02:28.0929 3648	IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:28.0929 3648	IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:02:28.0930 3648	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:28.0930 3648	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 28.03.2012, 10:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.03.2012, 11:09   #15
S_u_n_n_y
 
Bundespolizei Trojaner mit shell = explorer.exe - Standard

Bundespolizei Trojaner mit shell = explorer.exe


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-28.01 - Noel 28.03.2012  11:47:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4004.2410 [GMT 2:00]
ausgeführt von:: c:\users\Noel\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-28  ))))))))))))))))))))))))))))))
.
.
2012-03-28 09:53 . 2012-03-28 09:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-27 18:19 . 2012-03-27 18:19	--------	d-----w-	C:\_OTL
2012-03-27 09:37 . 2012-03-20 01:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC646659-9BF8-4F0B-A528-2E346D48FC06}\mpengine.dll
2012-03-27 09:35 . 2012-03-27 09:35	--------	d-----w-	c:\program files (x86)\ESET
2012-03-27 08:21 . 2012-03-27 08:21	--------	d-----w-	c:\users\Noel\AppData\Roaming\Malwarebytes
2012-03-27 08:20 . 2012-03-27 08:20	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-27 08:20 . 2012-03-27 08:20	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 08:20 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-23 10:58 . 2012-03-23 10:58	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-23 10:58 . 2012-03-23 10:58	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 20:57 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-15 20:57 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 20:57 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-15 08:54 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-15 08:54 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-15 08:54 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 08:59 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 08:59 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:59 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:59 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:59 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:59 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 08:59 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-08 11:31 . 2011-12-19 12:45	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-03-08 11:30 . 2011-12-19 12:45	130864	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-08 09:33 . 2012-03-08 11:35	--------	d-----w-	c:\users\Noel\VirtualBox VMs
2012-03-08 09:33 . 2012-03-27 17:57	--------	d-----w-	c:\users\Noel\.VirtualBox
2012-03-08 09:07 . 2012-03-25 13:36	--------	d-----r-	c:\users\Noel\Virtual Machines
2012-03-08 08:47 . 2009-09-23 01:48	3584	----a-w-	c:\windows\system32\drivers\de-DE\vpchbus.sys.mui
2012-03-02 14:01 . 2012-03-25 13:37	--------	d-----w-	c:\users\Gast
2012-03-02 11:35 . 2006-12-14 11:42	69120	----a-r-	c:\windows\SysWow64\avmadd32.dll
2012-03-01 17:55 . 2012-03-02 11:35	--------	d-----w-	c:\program files (x86)\FRITZ!Box
2012-02-29 10:29 . 2002-11-25 07:36	45056	----a-w-	c:\windows\SysWow64\Synsopos.exe
2012-02-29 10:29 . 1999-12-01 00:40	401462	----a-w-	c:\windows\SysWow64\temp.005
2012-02-29 10:29 . 2005-10-17 08:35	704512	----a-w-	c:\windows\SysWow64\SYNSOACC.dll
2012-02-29 10:29 . 2004-05-10 14:58	147456	----a-w-	c:\windows\SysWow64\SynsoLChk.dll
2012-02-28 10:15 . 2012-02-28 10:18	--------	d-----w-	c:\program files (x86)\ICQ7.7
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-05 12:10 . 2012-01-05 12:10	161032	----a-w-	c:\windows\system32\drivers\PSINAflt.sys
2012-01-04 10:44 . 2012-02-15 23:50	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 23:50	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 23:50	515584	----a-w-	c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 23:50	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7AAB1838-349A-4AAE-A039-8023951AF399}]
2011-09-30 15:08	269824	----a-w-	c:\users\Noel\AppData\LocalLow\FileZilla\IE\FileZilla.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-02-18 845176]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-02-28 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-06-29 217256]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 38537161;38537161;c:\windows\system32\drivers\70239933.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 FileZillaUpdater;FileZilla Updater;c:\users\Noel\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe [2011-09-30 18432]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-15 c:\windows\Tasks\Allplan AutoUpdate 2011-1.job
- c:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2011-11-02 17:18]
.
2012-03-28 c:\windows\Tasks\WebContent AutoUpdate 2011.job
- c:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2011-11-02 17:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\r7za05v7.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28  12:02:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-28 10:02
.
Vor Suchlauf: 12 Verzeichnis(se), 178.387.623.936 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 178.013.257.728 Bytes frei
.
- - End Of File - - 313CD64F636B06114830C06815D197FC
--- --- ---
Antwort
Seite 1 von 2 1 2

Themen zu Bundespolizei Trojaner mit shell = explorer.exe
account, alternate, aufsuchen, ausführen, bereits, bingbar, bundespolizei, bundespolizei trojaner, cloud, endung, explorer.exe, gelingt, google earth, index, intranet, kurzem, lösen, manuell, msconfig, plug-in, privacy.exe, problem, regedit, reich, rum, search the web, searchscopes, security scan, shell, starte, systems, systemstart, troja, trojaner, usb 2.0, version=1.0, wildtangent games


« Windows gesperrt - 50 € zahlen! | BKA-National Cyber Crime Unite hat zugeschlagen - winXP Sp3 »


Ähnliche Themen: Bundespolizei Trojaner mit shell = explorer.exe


  1. Bundestrojaner Shell = explorer.exe
    Log-Analyse und Auswertung - 09.09.2013 (16)
  2. Bundespolizei-Trojaner in Explorer.exe?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (19)
  3. Bundestrojaner - steckt bei shell - explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (2)
  4. BKA Trojaner/keine shell-Datei?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  5. BKA virus un die shell zeigt nur explorer.exe
    Log-Analyse und Auswertung - 26.10.2012 (12)
  6. ukash trojaner nur in der shell ist ganz normal explorer.exe?
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (2)
  7. Trojaner Weißer Bildschirm - Mit Shell.txt
    Log-Analyse und Auswertung - 23.09.2012 (3)
  8. Bundespolizei Trojaner nach Entfernung mit Malware hängt PC Immernoch und Windows Explorer kaputt
    Log-Analyse und Auswertung - 21.07.2012 (6)
  9. bundespolizei verschlüsselungs-Trojaner explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (11)
  10. Bundespolizei Trojaner Shell ist explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  11. BKA-Trojaner (Shell = Explorer.exe)
    Log-Analyse und Auswertung - 18.06.2012 (1)
  12. Bundespolizei virus shell = explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (24)
  13. Bundespolizei Trojaner mit Shell = Explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (22)
  14. Bundespolizei-Trojaner - Shell Datei ist aber sauber!
    Log-Analyse und Auswertung - 12.12.2011 (24)
  15. Bundespolizei Trojaner mit shell = explorer.exe
    Log-Analyse und Auswertung - 12.12.2011 (2)
  16. Bundespolizei-Trojaner shell.txt
    Log-Analyse und Auswertung - 05.09.2011 (2)
  17. F2 - REG:system.ini: Shell=Explorer.exe C:\Windows\system32\scvhost.exe
    Log-Analyse und Auswertung - 12.02.2008 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Trojaner mit shell = explorer.exe - Hi ich schlage mich seit Kurzem auch mit diesem Trojaner rum, unter ausführen_ regedit steht bei shell bereits explorer.exe starte ich msconfig und schaue unter systemstart steht dort ein Pfad - Bundespolizei Trojaner mit shell = explorer.exe...
Archiv
Du betrachtest: Bundespolizei Trojaner mit shell = explorer.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54