Redirekt Virus Google und andere Bidvertiser ?!

iwoflo · 23.03.2012, 21:44

Hi Leute,

ich hoffe Ihr könnt mir helfen.

Ich habe seit einigen Tagen so ein Problem mit Suchseiten. Immer wenn ich etwas suche und den link anklicke werde ich umgeleitet auf ( oft) bidvertiser und dann irgendwie weiter.

Auch wenn ich bidvertiser bei z.b. google. eingebe kommt ein schwarzer browser.

Nach meinem Kasperskycheck habe was gefunden und löschen lassen.

Aber das Problem besteht noch immer.

Bei anderen Foren habe ich bisher nur gelesen, dass die Lösung nur Benutzerspezifisch ist.
Deswegen der neue Tread.

Auch ist es so, dass wenn irgendwie ein Link Bidvertiser drin hat, kommt auch eine schwarze Seite.

Please Help ^^.

Vielen Dank im voraus.

PS:
Windows Vist
Notebook

So jetzt habe ich mal ein paar scans gemacht.

1x Malawarebytes
1x OTL

Hier die Logs ( alle die ich habe). Hoffe die helfen weiter.

Grüsse Flo

[code] Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Aktiviert

23.03.2012 22:59:35
mbam-log-2012-03-23 (22-59-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373756
Laufzeit: 1 Stunde(n), 22 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\aquaplay (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Iwona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende) [\code]

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Deaktiviert

24.03.2012 08:59:07
mbam-log-2012-03-24 (08-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372007
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

So und jetzt noch folgende protection logs ( benötigt ? keine Ahnung hoffentlich hilft es)

Code:

ATTFilter

2012/03/23 14:19:57 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/23 14:20:07 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/23 14:20:10 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/23 14:20:16 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/23 14:24:25 +0100	IWONA-PC	Iwona	MESSAGE	Starting database refresh
2012/03/23 14:24:25 +0100	IWONA-PC	Iwona	MESSAGE	Stopping IP protection
2012/03/23 14:24:27 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection stopped
2012/03/23 14:24:38 +0100	IWONA-PC	Iwona	MESSAGE	Database refreshed successfully
2012/03/23 14:24:38 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/23 14:30:10 +0100	IWONA-PC	Iwona	MESSAGE	Executing scheduled update:  Daily
2012/03/23 14:31:06 +0100	IWONA-PC	Iwona	ERROR	Scheduled update failed:  No address found failed with error code 11004
2012/03/23 19:01:52 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 53606, Process: avp.exe)
2012/03/23 19:01:52 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 53610, Process: avp.exe)
2012/03/23 20:30:27 +0100	IWONA-PC	Iwona	IP-BLOCK	78.46.103.44 (Type: outgoing, Port: 55079, Process: avp.exe)
2012/03/23 21:29:56 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/23 21:30:33 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/23 21:30:36 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/23 21:30:55 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/23 21:31:33 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49195, Process: avp.exe)
2012/03/23 22:01:46 +0100	IWONA-PC	Iwona	IP-BLOCK	195.88.209.15 (Type: outgoing, Port: 49499, Process: avp.exe)

jetzt noch mal der 2te scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Iwona :: IWONA-PC [Administrator]

Schutz: Deaktiviert

24.03.2012 08:59:07
mbam-log-2012-03-24 (08-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372007
Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und der protection log

Code:

ATTFilter

2012/03/24 00:30:27 +0100	IWONA-PC	Iwona	MESSAGE	Stopping IP protection
2012/03/24 00:30:29 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection stopped
2012/03/24 06:45:37 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 06:45:47 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 06:45:50 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 06:45:55 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/24 07:07:51 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 07:07:57 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 07:08:00 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 07:08:05 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/24 07:20:53 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 07:21:00 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 07:21:03 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 07:21:08 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully
2012/03/24 10:32:39 +0100	IWONA-PC	Iwona	MESSAGE	Starting protection
2012/03/24 10:32:42 +0100	IWONA-PC	Iwona	MESSAGE	Protection started successfully
2012/03/24 10:32:45 +0100	IWONA-PC	Iwona	MESSAGE	Starting IP protection
2012/03/24 10:32:50 +0100	IWONA-PC	Iwona	MESSAGE	IP Protection started successfully

Hier noch die OTL logs

Code:

ATTFilter

OTL logfile created on: 24.03.2012 10:20:34 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 75,32% Memory free
6,00 Gb Paging File | 5,52 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 30,77 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 7,46 Gb Total Space | 2,28 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.24 10:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.14 19:53:14 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.04 00:30:49 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.17 13:56:26 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.14 19:53:13 | 000,488,024 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.01.13 10:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008.10.01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.02.01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.27 22:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.04.09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006.10.30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKLM\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes,DefaultScope = {6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..\SearchScopes\{6EBE9A74-5C0E-4D71-A06C-442BB8E2908C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 23:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 11:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.23 13:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.08.22 23:23:01 | 000,000,000 | ---D | M]
 
[2012.03.20 11:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions
[2010.09.05 18:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.21 23:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions
[2012.03.21 23:41:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.03.21 23:12:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.21 23:17:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.03.21 23:23:45 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\Iwona\AppData\Roaming\mozilla\Firefox\Profiles\yy17j1wo.default\extensions\ext@sprng.me
[2012.03.21 23:12:26 | 000,002,112 | ---- | M] () -- C:\Users\Iwona\AppData\Roaming\Mozilla\Firefox\Profiles\yy17j1wo.default\searchplugins\wot-safe-search.xml
[2012.03.21 23:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 08:32:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.22 23:24:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.08.22 23:24:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\DENDZONES@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\IWONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY17J1WO.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
[2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.30 12:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.12.03 01:00:29 | 000,438,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15094 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe ()
O4 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3125051204-1273186943-367269672-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://powersoccer.minigry.pl/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7C41E0-BE10-4C6C-983C-A5A12539B3B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A99EA8-11FE-4AD3-AD01-86F632F9298B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 10:19:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.23 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Roaming\Malwarebytes
[2012.03.23 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.23 14:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.23 14:15:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.23 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.22 17:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.22 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Kraftgeräte Isotonik
[2012.03.21 23:34:48 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\PackageAware
[2012.03.21 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.16 20:39:37 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.16 20:39:36 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.16 20:38:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.16 20:38:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.16 20:38:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.16 20:38:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.16 20:38:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.15 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\Bilder Privat
[2012.03.10 22:43:25 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\ministry
[2012.03.10 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Iwona\Desktop\german
[2012.03.06 19:27:29 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\ISL
[2012.03.06 19:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 3.1 SE
[2012.03.06 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\ISL
[2012.03.03 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Iwona\AppData\Local\SCE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 10:19:49 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.24 10:19:49 | 000,600,080 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.24 10:19:49 | 000,130,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.24 10:19:49 | 000,107,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.24 10:10:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Iwona\Desktop\OTL.exe
[2012.03.24 08:45:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 07:18:36 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.24 07:18:26 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.24 07:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 07:18:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 14:15:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 16:07:52 | 002,629,120 | ---- | M] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 14:53:03 | 000,006,488 | ---- | M] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 12:34:52 | 000,050,692 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.21 23:05:31 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 17:38:57 | 000,036,214 | -H-- | M] () -- C:\Users\Iwona\Desktop\mxfilerelatedcache.mxc2
[2012.03.19 15:44:27 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 14:52:32 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 14:52:14 | 000,052,413 | ---- | M] () -- C:\Users\Iwona\Desktop\templ1.html
[2012.03.19 11:11:06 | 000,007,084 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.18 23:15:26 | 000,126,976 | RHS- | M] () -- C:\Windows\System32\stdole2A.dll
[2012.03.17 08:48:25 | 000,289,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.15 19:03:54 | 000,011,199 | ---- | M] () -- C:\Users\Iwona\Desktop\Inventarliste Geräte.ods
[2012.03.14 18:43:10 | 000,027,032 | ---- | M] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 11:49:48 | 000,008,343 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 18:34:11 | 001,953,279 | ---- | M] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 16:55:08 | 000,006,678 | ---- | M] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 16:25:49 | 000,010,192 | ---- | M] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.12 04:03:04 | 000,000,963 | ---- | M] () -- C:\Users\Iwona\Desktop\config.dat
[2012.03.11 17:17:41 | 000,201,728 | ---- | M] () -- C:\Users\Iwona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 17:03:42 | 000,124,416 | ---- | M] (www.sft-loader.de) -- C:\Users\Iwona\Desktop\dsconn.dll
[2012.03.06 19:29:38 | 012,735,995 | ---- | M] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 19:26:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.23 14:15:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 16:11:50 | 002,629,120 | ---- | C] () -- C:\Users\Iwona\Desktop\P1010201.JPG
[2012.03.22 14:52:58 | 000,006,488 | ---- | C] () -- C:\Users\Iwona\Desktop\Angebot Viva 22.03.2012.pdf
[2012.03.22 12:34:49 | 000,050,692 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Leichlingen abgeholt.pdf
[2012.03.21 23:05:31 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.21 23:05:30 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 17:38:30 | 000,036,214 | -H-- | C] () -- C:\Users\Iwona\Desktop\mxfilerelatedcache.mxc2
[2012.03.19 15:44:27 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage%20Kraftger%E4te%20Isotonicline.html
[2012.03.19 14:52:32 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\Auktionsvorlage Kraftgeräte Isotonicline.html
[2012.03.19 13:13:04 | 000,052,413 | ---- | C] () -- C:\Users\Iwona\Desktop\templ1.html
[2012.03.18 23:15:26 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\stdole2A.dll
[2012.03.18 23:15:26 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\swxsiwun.job
[2012.03.14 18:43:08 | 000,027,032 | ---- | C] () -- C:\Users\Iwona\Desktop\Geräteliste Signum.odt
[2012.03.14 14:37:49 | 000,007,084 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Henninger 14.03.2012.pdf
[2012.03.14 11:49:46 | 000,008,343 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlungsbestätigung Lexco.pdf
[2012.03.13 18:34:05 | 001,953,279 | ---- | C] () -- C:\Users\Iwona\Desktop\Zahlbeleg Fistilla.odt
[2012.03.12 16:55:06 | 000,006,678 | ---- | C] () -- C:\Users\Iwona\Desktop\Rechnung Kathrin Frehse 12.03.2012.pdf
[2012.03.12 16:25:47 | 000,010,192 | ---- | C] () -- C:\Users\Iwona\Desktop\Auftragsvordruck.ods
[2012.03.06 19:29:35 | 012,735,995 | ---- | C] () -- C:\Users\Iwona\Desktop\P1000915.jpg
[2012.03.06 19:26:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SILKYPIX Developer Studio 3.1 SE.lnk
[2012.01.23 16:33:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.03 01:34:14 | 000,000,098 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.14 21:57:48 | 000,004,915 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.03.01 19:13:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.01 19:13:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.01 19:13:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.01 19:13:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.01 19:13:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.01 19:13:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.01 19:13:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.01 19:13:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.01 19:13:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.01 19:13:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.01 19:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.01 19:13:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.01 19:13:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.01 19:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.01 19:13:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.01 19:13:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.01 19:13:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.01 19:13:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.01 19:13:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.12.19 14:16:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.22 23:23:56 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.22 23:23:56 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.16 00:49:27 | 000,000,036 | ---- | C] () -- C:\Users\Iwona\AppData\Local\housecall.guid.cache
[2010.05.10 21:10:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

< End of report >

UND

Code:

ATTFilter

OTL Extras logfile created on: 24.03.2012 10:20:34 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Iwona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 75,32% Memory free
6,00 Gb Paging File | 5,52 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 30,77 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 7,46 Gb Total Space | 2,28 Gb Free Space | 30,58% Space Free | Partition Type: FAT32
Drive E: | 113,88 Gb Total Space | 92,03 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: IWONA-PC | User Name: Iwona | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E1741-EDF1-4412-8C7C-B2209AE0C7BE}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{04006F6F-5E42-4B57-B49D-6BADCB61B5AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{06603ADA-EC2D-4701-8480-44D2DB684FC9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0BB19C23-F746-4A9D-A4A3-94054DB8811E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0FC70A64-EFC5-4BF9-A424-B863782FFC15}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{0FF08B6A-A1E0-4CF3-A52B-27A1AE30909C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{12C65E58-CF49-4749-8D5C-A599BE16DC40}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{13BD0673-B180-403E-8AF5-07D3CB0662E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{17555DE7-F56A-4AA8-AC05-DBDC02596764}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{2A8F8773-7E9D-45D2-8090-D208B96634D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{351A76FD-D34A-483B-9E80-E859F2DDF12D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{363CB5D1-69FC-4296-A19D-5CFC47ACE527}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{36BD9966-D043-4D6D-97DE-E6319C71E10D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{38A7BA71-6A9A-483A-B34C-F1D9A6D1FFA2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{45770112-5781-4063-BB51-62E6B4697852}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4C44897D-F96A-46FC-BD4E-0119C9EB1777}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{4C687C51-9106-4ABC-BD25-9D958BA62CF2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{56C9D4D2-CA15-4D2A-B74D-72646BCCBC08}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{570CD276-07ED-4968-A15D-8375360A1C45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5F934B1B-CAF6-469C-BA23-035AFF317443}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | 
"{6979AB44-F56B-4F01-97F8-891F421E0924}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C3E613F-B747-41F4-9612-3D880B25BF30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6C4B527E-44E1-427F-BB1B-9FA0AE4FD652}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7432D018-1AAF-4B6E-90ED-CC5043B06484}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{7A7162ED-97B3-4F24-9933-24D2F147AFD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B6B04AD-FECB-4F75-AA8B-E5C56595D145}" = lport=29137 | protocol=6 | dir=in | name=windows core service | 
"{7E77A793-3165-4894-BBBE-D59FB1FF75DB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{848CA032-0F99-4B7F-86E9-903BEF95AA7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{859D3BAD-FD1E-4C5A-B37B-E3B24ABA6ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{99DE5FB7-5A43-4030-B554-606C8FB61FF8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9CB02DA1-C1BA-4CD3-BBBD-79E390590F6C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A121367A-5B27-4D33-91C2-06CEDEE80323}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{A57F1A31-9A35-470B-A303-74DC15468B64}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A5F994B9-B030-4D8E-AB51-71392C6C148F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A88CED61-A0D5-4A2A-B862-E2404999EC5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8B41856-0201-4761-9A79-BAAC8C1FDD12}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AB5F8174-A8A6-4EF1-8C91-1E30E5A553BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B395CC63-A144-46F2-8965-7FC666AF76CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B3BD5126-6F3D-4E6B-BB32-7F98D1BEF89E}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | 
"{B94F755C-DA20-44F1-B298-251D1A5154F9}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{C1292AEE-C4DB-4A1C-A7C3-8DEEF499DBDC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C22C6B9D-B916-4C6B-9496-D9DB21A5AEBC}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{D142356C-CAAB-424F-8432-912BDBB4EFC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D79B984B-03BA-4B79-BCCE-68774C488797}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E65082B2-89B8-4DC1-B6B4-6BDE3A5DEF27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9AEBF31-729F-4604-B5E4-E915860966DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA2330ED-22BC-4593-9978-AA16E89D1397}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB47F7BA-C331-4DCC-B869-D89802E22A7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B0662-B026-4D43-8F2C-A4F8CDB02B8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A69EDE7-66A3-4453-8081-9EB5F5E4830B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{1055A628-764C-44C5-A82D-02181D813770}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{161F7AB2-676C-4C51-82CE-45E9B463A606}" = protocol=6 | dir=out | app=system | 
"{16DBBF04-6800-47F6-AB62-361B3478BF88}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{18FA9C7B-4513-4108-B30F-1BD704A8D18D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1A796952-901D-4525-878B-BBEBC5564A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F4D63FD-16A0-4F16-8193-4F88D7E6CE60}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{232FE57E-C882-4F86-A4E1-D9D7BC3CC6A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2ABE9053-16C1-4A88-8D1F-B91C60C090F0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{31D1B9D3-573E-4FF7-956B-1817D2099F69}" = protocol=6 | dir=in | app=c:\program files\buhl\business\buero plus next\bpnext.exe | 
"{3F921A19-4C85-4883-8AA2-9BCD891E47D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{41FBEF40-3AD5-4717-A72E-8D0957373E45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{451C356E-1BDC-4C8D-BD27-B0DA1BB3E02C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{4B365FCA-5023-4D2C-A950-00DF65409BD7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5724FB13-4437-49FD-AC94-6548F618160D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{583F09D2-F99D-4266-A6BC-FA2C616EACEA}" = protocol=17 | dir=in | app=c:\users\iwona\downloads\pdf_creator_setup.exe | 
"{6A0B0BA6-48BB-4604-B598-74E212BDA513}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{6F842B4D-B6AE-4ED0-877C-FE1DE4970F6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8271CCDF-6575-46DA-81EC-805B38C8A396}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{85773256-B5DB-4899-9820-26153FF6F973}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{866110BA-8516-4F4A-8F87-10CF587C78AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{88018CF0-3A47-46CF-A040-0F7DC52EB918}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CE24D4D-101D-4E08-B910-1CBC28D64D8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9DB6780D-D823-444B-AF12-54FA73CD1F7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A03A97F6-33AE-4B25-A572-B0AEDEB0B543}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A17B1335-6DD7-482A-93DF-2B6138B286E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{A9DBEE33-B80F-4D9A-8061-937ACE7F501D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6A1A581-275B-46A0-BDF4-CFD977F1FF0A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B7756F95-91CD-4CD6-BD01-F9051B56C799}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C1F5D673-DAB4-443C-AF3F-2F99791162E3}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{CC4EBA22-0622-49F9-BD0A-194EA571C859}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{D14D57D8-8C50-4410-A89F-121413AA517E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DAD100AE-8050-4E93-9119-8482F677E4F0}" = protocol=17 | dir=in | app=c:\program files\buhl\business\buero plus next\bpnext.exe | 
"{E0EC9C10-AA45-40F9-A7E9-072EF1FD7840}" = protocol=6 | dir=in | app=c:\users\iwona\downloads\pdf_creator_setup.exe | 
"TCP Query User{4082258C-731B-4555-92CE-2E35CB7B254D}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"TCP Query User{4F152418-D3BD-4A6B-824B-4841A4BB7CC6}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{5D9F5AA9-9458-41CC-AFFA-2907E6218BE0}C:\users\iwona\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\iwona\desktop\leecher.exe | 
"TCP Query User{71855612-1E2F-41DB-92F5-4DC0D39B0861}C:\program files\pokeroffice\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"TCP Query User{B96B2416-BE3E-4C3C-B207-978463F28C6B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{CB60BBE0-AA6F-4252-A764-B8EDAB9C9E33}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe | 
"TCP Query User{D10141D0-6F1C-49C4-A658-7157BC2438F7}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{05CE9062-0C39-44A5-9E5B-3FFB9A191D8A}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"UDP Query User{46822B7A-B21A-4204-AA62-E80007713B58}C:\program files\pokeroffice\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\pokeroffice\bin\javaw.exe | 
"UDP Query User{6F41738E-71BE-4451-AEBB-DF06FCE92646}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{AAA52008-717D-4983-B57F-7EDD33DDB3E6}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe | 
"UDP Query User{AF6D8815-2D89-458D-A4EA-1D426FE6A9D1}C:\users\iwona\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\iwona\desktop\leecher.exe | 
"UDP Query User{B075C078-53DE-4B72-BC18-79C52318D96E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{B3D3D7D6-0676-4F86-8E39-1D42579B4FBC}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{02DD09E1-3365-75C2-BFD0-43412EEFB45E}" = CCC Help Finnish
"{033649DD-2651-D029-5663-29E61094E7E8}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0A084990-69FE-6D33-4BD0-AD6FD8AE57E8}" = CCC Help Japanese
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11E2CEB4-09B4-1392-392D-4FAA23B88AF8}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1365D613-47EA-38F7-BD83-0F1A8E6AFAAE}" = CCC Help Polish
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2012
"{160D6F45-15AF-10A2-DC61-FB4FE5CBE9BA}" = Skins
"{18796D6B-60D7-2771-D145-90A366A9A78D}" = CCC Help German
"{1ABBBBA0-A790-3C9D-F806-A14140BCDFBF}" = ccc-utility
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F26C039-E655-91CB-E3AD-82A272BCD8B6}" = CCC Help English
"{2015087B-31D9-8661-5A9C-B1EA6D3C22C0}" = CCC Help Turkish
"{202B6750-A01B-A7BD-7D0B-ADE001239C04}" = CCC Help Hungarian
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2547290E-8DDF-7479-4E73-9CFE99989F08}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{28E9B542-E70C-8C81-D5A9-D4410FDDA1D8}" = Catalyst Control Center Localization Korean
"{2B95D414-26A8-8DD6-567E-E58B2C0CAF69}" = CCC Help Czech
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3347DE17-A1EE-16C6-A7B0-F474FB3B985A}" = Catalyst Control Center Localization Dutch
"{353A838E-85B5-F8E7-FABA-EA2055DD4418}" = ccc-core-static
"{35691D1C-EBA1-D1BF-53D0-00BD59713DF5}" = Catalyst Control Center Localization Finnish
"{36F7B270-B9EF-E9AB-87AE-67FE6EBD232B}" = CCC Help Danish
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38767763-328D-7529-7E25-909C15ED2A87}" = Catalyst Control Center Localization Russian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA3B438-18DB-97BE-FB52-AEF329CF85E5}" = Catalyst Control Center Localization Hungarian
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{46516ED6-47E6-31C1-F3A7-1D280FBA6438}" = Catalyst Control Center Localization Portuguese
"{46EB4EC8-F43A-D6D9-97EB-A23B625BD8C9}" = CCC Help Korean
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F3D958A-ADBF-98D0-5F7C-25B61B9FC941}" = Catalyst Control Center Graphics Previews Vista
"{60D1F96A-1858-6EFC-1303-425BA95DB80E}" = Catalyst Control Center Localization Japanese
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61CA53F0-C162-DD83-64CA-3746A5ECA94A}" = Catalyst Control Center Localization Danish
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6717AD52-855E-BA83-C733-151C5D9EAFF5}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7613C81D-378E-BECD-0FFC-8C4345FAD40C}" = ATI Catalyst Install Manager
"{76F0B78F-8E7F-1FD5-5A16-4D7DE94871B1}" = Catalyst Control Center Localization Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B5F16F1-6929-74B3-6265-62DBD5AC997F}" = Catalyst Control Center Localization Turkish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC30050-DAEC-8076-8DC9-30012A0B5EC9}" = CCC Help Greek
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE70EF8-F70C-E35C-CC76-AD0B85827C08}" = Catalyst Control Center Graphics Full Existing
"{8CF50625-4147-9026-6BF2-8AB7CE8ABE93}" = Catalyst Control Center Localization Polish
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{949D54CF-E476-30C5-42A8-69C75C51A875}" = CCC Help Swedish
"{97E9C12B-1319-B6AF-39E4-E8204C887564}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A58DF0E3-4A0C-2BCE-0761-A04A38302E61}" = CCC Help Thai
"{A8432E22-FDAD-02FE-6FD5-E1395C186FBB}" = Catalyst Control Center Localization Italian
"{A871F719-F328-8A59-951E-C57E165DA65A}" = Catalyst Control Center Localization French
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AD8178D1-B2E2-43E7-63E4-1320DD2E0F27}" = Catalyst Control Center Localization Chinese Standard
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B063AFC7-F4E1-8164-6FA9-DC72C7A5DC22}" = Catalyst Control Center Localization Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6A7D977-9617-6175-8B4C-F365B1C0E75E}" = Catalyst Control Center Graphics Full New
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}" = EASY Office
"{BDD9AC08-2895-DE6A-2539-F026FC3A7905}" = CCC Help Portuguese
"{C606A7D5-6F16-8D93-CB93-3CD545F0FD90}" = Catalyst Control Center Localization Spanish
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CBA24065-7561-3A01-B624-620C4B5532E7}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D79B4F31-E69A-04C3-C5C9-9CB8DD0F2331}" = CCC Help Russian
"{D819A5E4-30CB-0D5E-2034-B16A9342F0DB}" = Catalyst Control Center Localization Greek
"{D915CDB9-E57D-FF82-251B-83776E954615}" = Catalyst Control Center Localization Thai
"{D962B2EA-1848-3A51-CB4A-45C82D4FF543}" = Catalyst Control Center Localization German
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC91AE54-9AA2-2CB2-180A-36B16069FB47}" = Catalyst Control Center Localization Czech
"{DED6CDFB-5C63-DA19-8CD1-1EE016717139}" = CCC Help Chinese Traditional
"{E1266AC2-A3B5-1FBC-4776-16AF83C22E26}" = CCC Help Dutch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E56E2DFF-9B53-E03A-4913-57F35764C659}" = Catalyst Control Center Localization Norwegian
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E6B5F5E7-51B6-D334-D953-35B847A81AC7}" = CCC Help Spanish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Catan" = Catan - Die erste Insel
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LetsTrade" = LetsTrade Komponenten
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"myphotobook" = myphotobook 3.5
"Online Poststelle_is1" = Online Poststelle - Druckertreiber 2.1.102
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.2
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"xp-AntiSpy" = xp-AntiSpy 3.96-8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3125051204-1273186943-367269672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
"PokerOffice5" = PokerOffice (remove only)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Greetz Flo

Redirekt Virus Google und andere Bidvertiser ?!

Plagegeister aller Art und deren Bekämpfung: Redirekt Virus Google und andere Bidvertiser ?!

Redirekt Virus Google und andere Bidvertiser ?!

Ähnliche Themen: Redirekt Virus Google und andere Bidvertiser ?!