Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner Ukash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.10.2012, 23:53   #1
Mantonio
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Hallo zusammen,

mich hat der BKA Trojaner auch erwischt.
Habe nach Anleitung die 3 Logfiles erstellt, s.u. bzw. im Anhang. Habe den Maleware scan noch nicht gemacht, wollte erstmal eure Antwort abwarten.

Ganz herzlichen Dank im Voraus.

Grüße Antonio

OTL logfile created on: 11.10.2012 22:44:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Inna\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 85,27% Memory free
5,74 Gb Paging File | 5,34 Gb Available in Paging File | 92,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 97,98 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 16,66 Gb Free Space | 11,28% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 260,45 Gb Free Space | 55,92% Space Free | Partition Type: NTFS

Computer Name: INNA-PC | User Name: Inna | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [1997.10.18 01:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL


========== Services (SafeList) ==========

SRV - [2012.09.08 21:56:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 15:14:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:14:32 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:14:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 15:14:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:14:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.14 14:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.09.08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 15:14:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 15:14:34 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 15:14:34 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 15:14:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009.07.21 15:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0003002
IE - HKLM\..\SearchScopes,DefaultScope = {E1E3A3AD-6BC1-4733-8617-75A2D9306109}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0003002
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{377C03AB-F363-4547-BCAC-CE0DCE5C3CE5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_deDE344&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B035B634-DB4B-40E6-9CFD-7EFA10D13F33}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9B86D809-FCB4-4DA5-BEB4-004606748A7F&apn_sauid=1BFA7993-F19E-49D3-AB4F-3FAD338ACF9A
IE - HKCU\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE344
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=4.0003002"
FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledAddons: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.1.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
FF - prefs.js..extensions.enabledItems: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.0.1
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=9B86D809-FCB4-4DA5-BEB4-004606748A7F&apn_ptnrs=&apn_sauid=1BFA7993-F19E-49D3-AB4F-3FAD338ACF9A&apn_dtid=OSJ000&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.07 00:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]

[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions
[2010.08.31 23:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.13 16:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Firefox\Profiles\xxpwgdpd.default\extensions
[2012.07.13 16:55:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Inna\AppData\Roaming\mozilla\Firefox\Profiles\xxpwgdpd.default\extensions\toolbar@ask.com
[2012.02.03 21:23:30 | 000,126,766 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}.xpi
[2012.03.24 01:10:56 | 000,162,686 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.07.13 16:55:14 | 000,002,299 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\askcom.xml
[2012.03.24 01:11:01 | 000,003,934 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\sweetim.xml
[2012.07.12 21:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 01:11:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.12 21:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.12.23 02:02:30 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.09.08 21:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.10 18:17:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 21:56:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 18:17:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 18:17:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 18:17:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 18:17:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?crg=4.0003002&barid={6DBCDDD8-753D-11E1-83C3-001E33F1BA5B}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [uxqbetchwjjmzcu] C:\ProgramData\uxqbetch.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Mister Wong - hxxp://www.mister-wong.de/_stuff/toolbar_ie/de/2.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2834B0E8-3989-4CDD-BCE4-E1F06CEA76A1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\Shell - "" = AutoRun
O33 - MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.11 22:41:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
[2012.10.11 22:26:57 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Roaming\Malwarebytes
[2012.10.11 22:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.11 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Mateo-Antivirus
[2012.10.10 22:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\paobssgtwycdmex
[2012.10.08 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Haus-Oma
[2012.09.30 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Fotki
[2012.09.29 14:28:18 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Local\Downloaded Installations
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.11 22:44:50 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.11 22:44:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.11 22:44:50 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.11 22:44:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.11 22:42:53 | 000,000,000 | ---- | M] () -- C:\Users\Inna\defogger_reenable
[2012.10.11 22:35:10 | 000,302,592 | ---- | M] () -- C:\Users\Inna\Desktop\mx572gjh.exe
[2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
[2012.10.11 22:30:56 | 000,050,477 | ---- | M] () -- C:\Users\Inna\Desktop\Defogger.exe
[2012.10.11 22:26:47 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 22:19:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 22:19:05 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 22:08:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc069ac8abd2d4.job
[2012.10.11 22:08:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 23:10:08 | 000,015,348 | ---- | M] () -- C:\Windows\Inna.acl
[2012.10.10 22:36:58 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 22:36:58 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 22:25:37 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.10.10 22:23:38 | 000,076,346 | ---- | M] () -- C:\ProgramData\qooejtoegnrwtlb
[2012.10.10 22:23:30 | 000,105,472 | ---- | M] () -- C:\ProgramData\uxqbetch.exe
[2012.10.10 22:23:30 | 000,105,472 | ---- | M] () -- C:\Users\Inna\ms.exe
[2012.10.10 22:12:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000UA.job
[2012.10.10 22:11:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc069acb52e0e6.job
[2012.10.09 22:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 14:12:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000Core.job
[2012.09.17 22:53:27 | 000,889,224 | ---- | M] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:53:13 | 000,825,285 | ---- | M] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:53:02 | 000,912,229 | ---- | M] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:52:57 | 000,816,157 | ---- | M] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:52:48 | 000,906,141 | ---- | M] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:52:47 | 000,893,625 | ---- | M] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:52:42 | 000,748,791 | ---- | M] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:52:22 | 000,793,845 | ---- | M] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:49:04 | 001,566,376 | ---- | M] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:48:57 | 000,938,695 | ---- | M] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:48:57 | 000,872,923 | ---- | M] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:48:54 | 000,808,528 | ---- | M] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:48:54 | 000,786,460 | ---- | M] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:48:51 | 000,792,810 | ---- | M] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:48:49 | 000,789,402 | ---- | M] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:48:46 | 000,724,196 | ---- | M] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:48:41 | 000,863,450 | ---- | M] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:48:40 | 000,816,485 | ---- | M] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:47:51 | 000,703,846 | ---- | M] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:47:46 | 000,660,239 | ---- | M] () -- C:\Users\Inna\IMG_0084.JPG
[2012.09.17 22:47:44 | 000,738,110 | ---- | M] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:47:26 | 000,683,518 | ---- | M] () -- C:\Users\Inna\IMG_0078.JPG
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.11 22:42:53 | 000,000,000 | ---- | C] () -- C:\Users\Inna\defogger_reenable
[2012.10.11 22:41:58 | 000,302,592 | ---- | C] () -- C:\Users\Inna\Desktop\mx572gjh.exe
[2012.10.11 22:41:58 | 000,050,477 | ---- | C] () -- C:\Users\Inna\Desktop\Defogger.exe
[2012.10.11 22:26:47 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 23:10:08 | 000,015,348 | ---- | C] () -- C:\Windows\Inna.acl
[2012.10.10 22:23:37 | 000,105,472 | ---- | C] () -- C:\ProgramData\uxqbetch.exe
[2012.10.10 22:23:33 | 000,076,346 | ---- | C] () -- C:\ProgramData\qooejtoegnrwtlb
[2012.10.10 22:23:30 | 000,105,472 | ---- | C] () -- C:\Users\Inna\ms.exe
[2012.09.17 22:51:10 | 000,889,224 | ---- | C] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:50:46 | 000,912,229 | ---- | C] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:50:46 | 000,906,141 | ---- | C] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:50:46 | 000,893,625 | ---- | C] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:50:46 | 000,816,157 | ---- | C] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:50:46 | 000,793,845 | ---- | C] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:50:46 | 000,748,791 | ---- | C] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:45:04 | 001,566,376 | ---- | C] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:45:04 | 000,938,695 | ---- | C] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:45:04 | 000,872,923 | ---- | C] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:45:04 | 000,863,450 | ---- | C] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:45:04 | 000,825,285 | ---- | C] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:45:04 | 000,816,485 | ---- | C] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:45:04 | 000,808,528 | ---- | C] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:45:04 | 000,792,810 | ---- | C] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:45:04 | 000,789,402 | ---- | C] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:45:04 | 000,786,460 | ---- | C] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:45:04 | 000,738,110 | ---- | C] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:45:04 | 000,724,196 | ---- | C] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:45:04 | 000,703,846 | ---- | C] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:45:04 | 000,683,518 | ---- | C] () -- C:\Users\Inna\IMG_0078.JPG
[2012.09.17 22:45:04 | 000,660,239 | ---- | C] () -- C:\Users\Inna\IMG_0084.JPG
[2011.11.14 19:15:27 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.07.03 19:27:40 | 000,000,033 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imwords.dat
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\im_markovian.dat
[2011.01.23 21:15:48 | 000,000,438 | ---- | C] () -- C:\Users\Inna\AppData\Roaming\wklnhst.dat
[2011.01.15 23:43:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.12.29 00:59:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.29 00:50:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.12.29 00:28:34 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.09.30 13:50:21 | 000,528,580 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.01.20 21:38:11 | 000,015,360 | ---- | C] () -- C:\Users\Inna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 02:01:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.15 01:59:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.11.04 22:40:29 | 000,000,868 | ---- | C] () -- C:\Users\Inna\.recently-used.xbel

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.02.16 23:24:20 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canneverbe Limited
[2010.11.12 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canon
[2012.10.06 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Dropbox
[2011.06.03 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\elsterformular
[2010.01.15 01:39:26 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Leadertech
[2010.01.15 01:39:35 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\OpenOffice.org
[2010.01.20 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Panasonic
[2010.01.15 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\PeaZip
[2011.04.16 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\phonostar GmbH
[2010.09.30 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\QuickScan
[2010.12.29 00:40:07 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\ScanSoft
[2011.01.23 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Template
[2010.08.31 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Thunderbird
[2011.04.07 21:51:39 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\TomTom
[2010.01.16 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\toshiba
[2011.02.20 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Ulead Systems
[2011.08.29 20:18:54 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Usability Studio
[2012.10.08 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\VSO
[2010.01.15 01:39:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\WinBatch
[2011.07.08 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\winxarj
[2010.12.29 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Zeon

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011.07.08 17:13:25 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011.01.31 01:03:58 | 004,602,044 | ---- | M] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\Изображение 062.jpg
[2011.01.31 00:59:38 | 004,602,044 | ---- | C] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\Изображение 062.jpg
[2010.09.30 14:24:06 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

Alt 12.10.2012, 08:37   #2
kira
/// Helfer-Team
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [uxqbetchwjjmzcu] C:\ProgramData\uxqbetch.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\Shell - "" = AutoRun
O33 - MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\Shell\AutoRun\command - "" = F:\pushinst.exe

:Files
C:\ProgramData\uxqbetch.exe
C:\ProgramData\paobssgtwycdmex
C:\Users\Inna\Desktop\mx572gjh.exe
C:\ProgramData\qooejtoegnrwtlb
C:\Users\Inna\ms.exe
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Zitat:
Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!
2.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:
Code:
ATTFilter
Ask Toolbar 
pdfforge Toolbar
SweetPacks
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
3.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
ATTFilter
Malwarebytes
(alle vorhandenen Protokolle!)
         
4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 13.10.2012, 16:46   #3
Mantonio
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Hallo Kira,

ganz herzlichen Dank für die schnelle Hilfe und die genaue Anleitung. Habe soweit alles fertig, s. Ergebnisse unten.
Hoffe, es hat alles geklappt.

Viele Grüße
Mantonio

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uxqbetchwjjmzcu deleted successfully.
C:\ProgramData\uxqbetch.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\ not found.
File F:\pushinst.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\uxqbetch.exe not found.
C:\ProgramData\paobssgtwycdmex folder moved successfully.
C:\Users\Inna\Desktop\mx572gjh.exe moved successfully.
C:\ProgramData\qooejtoegnrwtlb moved successfully.
C:\Users\Inna\ms.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Inna\Desktop\Mateo-Antivirus\cmd.bat deleted successfully.
C:\Users\Inna\Desktop\Mateo-Antivirus\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Inna
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 312129522 bytes
->Java cache emptied: 39270256 bytes
->FireFox cache emptied: 1140919884 bytes
->Google Chrome cache emptied: 49610470 bytes
->Flash cache emptied: 4290495 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2531328 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 249835291 bytes
RecycleBin emptied: 18610159307 bytes
 
Total Files Cleaned = 19.463,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_002246

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.13.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Inna :: INNA-PC [Administrator]

Schutz: Aktiviert

13.10.2012 10:36:27
mbam-log-2012-10-13 (12-20-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 472791
Laufzeit: 1 Stunde(n), 37 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> 1652 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio.TB) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio.TB) -> Daten: 1 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\10132012_002246\C_ProgramData\uxqbetch.exe (Trojan.ExploitDrop) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\10132012_002246\C_Users\Inna\ms.exe (Trojan.ExploitDrop) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
????????? WinRAR		05.02.2010		
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	15.01.2010		
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	07.07.2012	6,00MB	11.3.300.262
Adobe Flash Player ActiveX	Adobe Systems Incorporated	15.01.2010		9.0.47.0
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	11.08.2008	99,6MB	8.1.2
Adobe® Photoshop® Album Starter Edition 3.2	hxxp://www.adobe.de	20.01.2010		3.2.0
Apple Application Support	Apple Inc.	14.09.2009	32,2MB	1.0
Apple Software Update	Apple Inc.	14.09.2009	2,15MB	2.1.1.116
ArcSoft Software Suite	ArcSoft	19.01.2010		1.0
Atheros Driver Installation Program	Atheros	15.01.2010		5.0
Atheros Wi-Fi Protected Setup Library	Atheros	10.09.2009		
Avira Internet Security 2012	Avira	08.08.2012	107MB	12.0.0.1128
Brother MFL-Pro Suite DCP-375CW	Brother Industries, Ltd.	03.06.2011		1.0.1.0
Camera Assistant Software for Toshiba	Chicony Electronics Co.,Ltd.	10.09.2009		1.7.231.1126L
CCleaner	Piriform	24.09.2012		3.23
CD/DVD Drive Acoustic Silencer	TOSHIBA	11.08.2008		2.02.03
CDBurnerXP	CDBurnerXP	19.04.2012	17,2MB	4.4.0.3018
Compatibility Pack für 2007 Office System	Microsoft Corporation	11.08.2008	39,8MB	12.0.4518.1014
dradio-Recorder Version 3.02.0		16.04.2011		
Dropbox	Dropbox, Inc.	04.06.2012		1.4.7
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	15.01.2010		5.51
ElsterFormular für Privatanwender	Landesfinanzdirektion Thüringen	03.06.2011		12.2.1.6570p
GIMP 2.6.7		04.11.2009		
Google Chrome	Google Inc.	04.02.2012		22.0.1229.92
Google Toolbar for Internet Explorer	Google Inc.	22.09.2012		7.4.3230.2052
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	15.01.2010	54,2MB	8.15.10.1883
Intel® Matrix Storage Manager	Intel Corporation	15.01.2010		
Java(TM) 6 Update 22	Oracle	09.02.2012	97,0MB	6.0.220
Java(TM) 6 Update 33	Oracle	12.07.2012	95,6MB	6.0.330
Java(TM) 6 Update 6	Sun Microsystems, Inc.	11.08.2008	171MB	1.6.0.60
Logitech Vid	Logitech Inc.	15.01.2010	39,8MB	1.10.1009
Logitech Webcam Software	Logitech Inc.	15.01.2010	43,3MB	12.10.1113
Logitech Webcam Software-Treiberpaket	Logitech Inc.	15.01.2010		12.10.1110
LSI V92 MOH Application	LSI Corporation	15.01.2010		
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	13.10.2012	19,2MB	1.65.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	21.07.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	21.07.2010	2,93MB	4.0.30319
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	11.08.2008	36,9MB	12.0.4518.1014
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	10.09.2009	422KB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	22.08.2010	600KB	9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	03.06.2011	598KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	30.09.2010	590KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.07.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.10.2011	11,1MB	10.0.40219
Microsoft Word 97		31.01.2010		
Microsoft Works	Microsoft Corporation	11.08.2008	376MB	9.7.0621
Mister Wong Toolbar		10.10.2010		
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	08.09.2012	44,0MB	15.0.1
Mozilla Maintenance Service	Mozilla	08.09.2012	327KB	15.0.1
Mozilla Thunderbird (3.1.20)	Mozilla	07.04.2012		3.1.20 (de)
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	11.08.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.09.2009	1,29MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2009	1,34MB	4.20.9876.0
myphotobook 3.6	myphotobook	15.01.2010		3.6
Nokia Connectivity Cable Driver	Nokia	27.05.2010	2,91MB	7.0.2.0
OnlineFotoservice		15.01.2010		
OpenOffice.org 3.3	OpenOffice.org	09.02.2012	432MB	3.3.9567
PaperPort Image Printer	Nuance Communications, Inc.	28.12.2010	521KB	1.00.0000
PC Connectivity Solution	Nokia	27.05.2010	10,5MB	8.22.7.0
PCFriendly		10.03.2010		
PDFCreator	Frank Heindörfer, Philip Chinery	13.02.2010		0.9.9
Photo SlideShow Maker		24.03.2012		
PHOTOfunSTUDIO -viewer-	Panasonic	19.01.2010		2.01.000
Picasa 3	Google, Inc.	19.12.2010		3.8
QuickTime	Apple Inc.	14.09.2009	76,4MB	7.64.17.73
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	11.08.2008		1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.01.2010		6.0.1.5904
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	15.01.2010		6.1.7600.30101
ScanSoft PaperPort 11	Nuance Communications, Inc.	28.12.2010	146MB	11.2.0000
Skype Click to Call	Skype Technologies S.A.	18.03.2012	14,8MB	5.9.9216
Skype™ 5.10	Skype Technologies S.A.	23.07.2012	19,4MB	5.10.116
Synaptics Pointing Device Driver	Synaptics	15.01.2010		10.1.8.0
TomTom HOME	Ihr Firmenname	29.09.2012	48,2MB	2.9.2
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	07.04.2011	1,88MB	1.0.2
TOSHIBA Assist	TOSHIBA	11.08.2008		2.01.08
TOSHIBA Benutzerhandbücher	TOSHIBA	10.09.2009		7.40
TOSHIBA ConfigFree	TOSHIBA Corporation	15.01.2010	72,4MB	8.0.23
TOSHIBA Disc Creator	TOSHIBA Corporation	15.01.2010	9,73MB	2.1.0.1
TOSHIBA DVD PLAYER	TOSHIBA Corporation	15.01.2010		2.50.0.11-AU
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	11.08.2008	1,25MB	1.01.00
TOSHIBA Face Recognition	TOSHIBA Corporation	10.09.2009	51,4MB	2.0.17.32
TOSHIBA Hardware Setup	TOSHIBA Corporation	15.01.2010		2.00.11
Toshiba Online Product Information	TOSHIBA	11.08.2008		1.00.0012
TOSHIBA Recovery Disc Creator	TOSHIBA	11.08.2008	2,54MB	2.0.0.1b
TOSHIBA Software Modem	LSI Corporation	15.01.2010	16,0KB	2.2.97
TOSHIBA Supervisor Password	TOSHIBA Corporation	15.01.2010		2.00.10
TOSHIBA Value Added Package	TOSHIBA Corporation	15.01.2010	88,7MB	1.2.28
TRDCReminder	TOSHIBA	11.08.2008	372KB	1.00.0015
TRORDCLauncher	TOSHIBA	11.08.2008	728KB	1.0.0.1
Usability Studio 3.0	Rylstim	29.08.2011		3.0
VSO Image Resizer 2.2.2.1	VSO-Software	12.09.2009		2.2.2.1
Windows Media Encoder 9 Series		15.01.2010		
Windows Media Player Firefox Plugin	Microsoft Corp	24.11.2010	296KB	1.0.0.8
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	27.05.2010		08/22/2008 7.0.0.0
XviD Video Codec (remove only)		29.08.2011
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.10.2012 16:25:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Inna\Desktop\Mateo-Antivirus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 64,78% Memory free
5,74 Gb Paging File | 4,43 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 106,30 Gb Free Space | 71,40% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 26,06 Gb Free Space | 17,64% Space Free | Partition Type: NTFS
Drive F: | 1000,23 Mb Total Space | 227,48 Mb Free Space | 22,74% Space Free | Partition Type: FAT
 
Computer Name: INNA-PC | User Name: Inna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\Mateo-Antivirus\OTL.exe
PRC - [2012.09.24 20:49:00 | 003,129,184 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.08.28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.08.08 15:50:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 15:14:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 15:14:32 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 15:14:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 15:14:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 15:14:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 15:14:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.23 19:26:00 | 000,039,936 | ---- | M] () -- C:\Program Files\dradio-Recorder\phonostarTimer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009.08.21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009.08.13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009.08.05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.07.16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009.03.27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008.09.26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.05.27 20:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.03.16 12:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007.02.02 18:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\FRITZWLANMini.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [1997.10.18 01:00:00 | 000,111,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1997.10.18 01:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 00:52:26 | 000,035,840 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1031.dll
MOD - [2010.11.23 19:26:00 | 000,039,936 | ---- | M] () -- C:\Program Files\dradio-Recorder\phonostarTimer.exe
MOD - [2010.10.01 13:06:52 | 002,278,912 | ---- | M] () -- C:\Program Files\dradio-Recorder\QtCore4.dll
MOD - [2010.09.10 15:07:26 | 000,416,256 | ---- | M] () -- C:\Program Files\dradio-Recorder\plugins\sqldrivers\qsqlite4.dll
MOD - [2010.09.10 12:20:48 | 008,151,040 | ---- | M] () -- C:\Program Files\dradio-Recorder\QtGui4.dll
MOD - [2010.09.10 12:06:58 | 000,190,464 | ---- | M] () -- C:\Program Files\dradio-Recorder\QtSql4.dll
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 14:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009.07.29 16:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009.07.16 16:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.16 16:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009.07.16 16:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009.07.16 16:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009.07.16 16:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009.07.16 16:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009.07.16 16:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009.07.16 16:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009.07.16 16:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009.07.16 16:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009.07.16 16:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009.07.16 16:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009.07.16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009.07.16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009.03.12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.05.27 20:30:44 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp
MOD - [2006.10.07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [1997.10.18 01:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997.10.18 01:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
MOD - [1997.10.18 01:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.08 21:56:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 15:14:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:14:32 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:14:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 15:14:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:14:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.09.08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 15:14:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 15:14:34 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 15:14:34 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 15:14:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009.07.21 15:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {E1E3A3AD-6BC1-4733-8617-75A2D9306109}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{377C03AB-F363-4547-BCAC-CE0DCE5C3CE5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_deDE344&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B035B634-DB4B-40E6-9CFD-7EFA10D13F33}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9B86D809-FCB4-4DA5-BEB4-004606748A7F&apn_sauid=1BFA7993-F19E-49D3-AB4F-3FAD338ACF9A
IE - HKCU\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE344
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=4.0003002"
FF - prefs.js..extensions.enabledAddons: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.1.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
FF - prefs.js..extensions.enabledItems: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.0.1
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.07 00:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]
 
[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions
[2010.08.31 23:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.13 16:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Firefox\Profiles\xxpwgdpd.default\extensions
[2012.02.03 21:23:30 | 000,126,766 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}.xpi
[2012.03.24 01:10:56 | 000,162,686 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.07.13 16:55:14 | 000,002,299 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\askcom.xml
[2012.03.24 01:11:01 | 000,003,934 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\sweetim.xml
[2012.07.12 21:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 01:11:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.12 21:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 21:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.10 18:17:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 21:56:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 18:17:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 18:17:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 18:17:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 18:17:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?crg=4.0003002&barid={6DBCDDD8-753D-11E1-83C3-001E33F1BA5B}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Mister Wong - hxxp://www.mister-wong.de/_stuff/toolbar_ie/de/2.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 16:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.13 16:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.13 00:22:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.11 22:41:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
[2012.10.11 22:26:57 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Roaming\Malwarebytes
[2012.10.11 22:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.11 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Mateo-Antivirus
[2012.10.10 21:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 21:43:58 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 21:43:58 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.08 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Haus-Oma
[2012.09.30 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Fotki
[2012.09.29 14:28:18 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Local\Downloaded Installations
[2012.09.22 12:22:32 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 12:22:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 12:22:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 12:22:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 12:22:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.13 16:25:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.13 16:25:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.13 16:18:23 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000Core.job
[2012.10.13 16:12:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000UA.job
[2012.10.13 16:11:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc069acb52e0e6.job
[2012.10.13 16:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 12:30:42 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 12:30:42 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 12:27:24 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.13 12:27:24 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.13 12:27:24 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.13 12:27:24 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.13 12:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc069ac8abd2d4.job
[2012.10.13 12:22:39 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.13 00:43:27 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.10.13 00:15:48 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 22:42:53 | 000,000,000 | ---- | M] () -- C:\Users\Inna\defogger_reenable
[2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
[2012.10.11 22:30:56 | 000,050,477 | ---- | M] () -- C:\Users\Inna\Desktop\Defogger.exe
[2012.10.10 23:10:08 | 000,015,348 | ---- | M] () -- C:\Windows\Inna.acl
[2012.09.17 22:53:27 | 000,889,224 | ---- | M] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:53:13 | 000,825,285 | ---- | M] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:53:02 | 000,912,229 | ---- | M] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:52:57 | 000,816,157 | ---- | M] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:52:48 | 000,906,141 | ---- | M] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:52:47 | 000,893,625 | ---- | M] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:52:42 | 000,748,791 | ---- | M] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:52:22 | 000,793,845 | ---- | M] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:49:04 | 001,566,376 | ---- | M] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:48:57 | 000,938,695 | ---- | M] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:48:57 | 000,872,923 | ---- | M] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:48:54 | 000,808,528 | ---- | M] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:48:54 | 000,786,460 | ---- | M] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:48:51 | 000,792,810 | ---- | M] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:48:49 | 000,789,402 | ---- | M] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:48:46 | 000,724,196 | ---- | M] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:48:41 | 000,863,450 | ---- | M] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:48:40 | 000,816,485 | ---- | M] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:47:51 | 000,703,846 | ---- | M] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:47:46 | 000,660,239 | ---- | M] () -- C:\Users\Inna\IMG_0084.JPG
[2012.09.17 22:47:44 | 000,738,110 | ---- | M] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:47:26 | 000,683,518 | ---- | M] () -- C:\Users\Inna\IMG_0078.JPG
[2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.11 22:42:53 | 000,000,000 | ---- | C] () -- C:\Users\Inna\defogger_reenable
[2012.10.11 22:41:58 | 000,050,477 | ---- | C] () -- C:\Users\Inna\Desktop\Defogger.exe
[2012.10.11 22:26:47 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 23:10:08 | 000,015,348 | ---- | C] () -- C:\Windows\Inna.acl
[2012.09.17 22:51:10 | 000,889,224 | ---- | C] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:50:46 | 000,912,229 | ---- | C] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:50:46 | 000,906,141 | ---- | C] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:50:46 | 000,893,625 | ---- | C] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:50:46 | 000,816,157 | ---- | C] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:50:46 | 000,793,845 | ---- | C] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:50:46 | 000,748,791 | ---- | C] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:45:04 | 001,566,376 | ---- | C] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:45:04 | 000,938,695 | ---- | C] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:45:04 | 000,872,923 | ---- | C] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:45:04 | 000,863,450 | ---- | C] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:45:04 | 000,825,285 | ---- | C] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:45:04 | 000,816,485 | ---- | C] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:45:04 | 000,808,528 | ---- | C] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:45:04 | 000,792,810 | ---- | C] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:45:04 | 000,789,402 | ---- | C] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:45:04 | 000,786,460 | ---- | C] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:45:04 | 000,738,110 | ---- | C] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:45:04 | 000,724,196 | ---- | C] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:45:04 | 000,703,846 | ---- | C] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:45:04 | 000,683,518 | ---- | C] () -- C:\Users\Inna\IMG_0078.JPG
[2012.09.17 22:45:04 | 000,660,239 | ---- | C] () -- C:\Users\Inna\IMG_0084.JPG
[2011.11.14 19:15:27 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.07.03 19:27:40 | 000,000,033 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imwords.dat
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\im_markovian.dat
[2011.01.23 21:15:48 | 000,000,438 | ---- | C] () -- C:\Users\Inna\AppData\Roaming\wklnhst.dat
[2011.01.15 23:43:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.12.29 00:59:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.29 00:50:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.12.29 00:28:34 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.09.30 13:50:21 | 000,528,580 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.01.20 21:38:11 | 000,015,360 | ---- | C] () -- C:\Users\Inna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 02:01:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.15 01:59:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.11.04 22:40:29 | 000,000,868 | ---- | C] () -- C:\Users\Inna\.recently-used.xbel
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.16 23:24:20 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canneverbe Limited
[2010.11.12 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canon
[2012.10.06 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Dropbox
[2011.06.03 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\elsterformular
[2010.01.15 01:39:26 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Leadertech
[2010.01.15 01:39:35 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\OpenOffice.org
[2010.01.20 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Panasonic
[2010.01.15 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\PeaZip
[2011.04.16 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\phonostar GmbH
[2010.09.30 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\QuickScan
[2010.12.29 00:40:07 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\ScanSoft
[2011.01.23 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Template
[2010.08.31 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Thunderbird
[2011.04.07 21:51:39 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\TomTom
[2010.01.16 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\toshiba
[2011.02.20 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Ulead Systems
[2011.08.29 20:18:54 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Usability Studio
[2012.10.08 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\VSO
[2010.01.15 01:39:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\WinBatch
[2011.07.08 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\winxarj
[2010.12.29 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.07.08 17:13:25 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\?????
[2011.01.31 01:03:58 | 004,602,044 | ---- | M] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\??????????? 062.jpg
[2011.01.31 00:59:38 | 004,602,044 | ---- | C] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\??????????? 062.jpg
[2010.09.30 14:24:06 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\?????

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.10.2012 16:25:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Inna\Desktop\Mateo-Antivirus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 64,78% Memory free
5,74 Gb Paging File | 4,43 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 106,30 Gb Free Space | 71,40% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 26,06 Gb Free Space | 17,64% Space Free | Partition Type: NTFS
Drive F: | 1000,23 Mb Total Space | 227,48 Mb Free Space | 22,74% Space Free | Partition Type: FAT
 
Computer Name: INNA-PC | User Name: Inna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11EA66E0-FFA5-4C72-9682-778D006BD1B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{120C7D9E-9E59-44C5-BDEA-45604D602167}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{14545D99-0953-41B0-958E-594057ECB257}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{31FCE6DF-0ABB-4F98-83A2-69CD0E1824D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38A9CB47-F087-4E23-8456-50EFCC50E4E5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{452EBD33-9D16-4223-AF75-645E2A60753D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4E55904E-51A0-4F58-9E86-08D2B17E5903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53EB95D9-06D5-40E3-BCFA-AE0A35C8F527}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AD559D61-7CEE-4970-9E67-3AECFEB97F24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C426A4FC-CD19-428E-97D4-8D350959EAD7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D471BE04-A7BF-46C6-8F29-74FCB531B617}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E2657792-4322-4AE8-8535-AAAB5ABC9896}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6C63245-5301-4259-9701-F5788E8BFB8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E70FAADB-8CD3-4BB1-8A1C-C6215221572D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E8B9C904-B4AD-493F-A83E-0090F2A6890A}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15814E6A-441D-423F-8CC6-B12A9C70AF28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{201930A6-4022-48C3-AD8E-3555614F3E7E}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{2F9BE8CC-C2B7-4738-8095-078C3AD739F5}" = protocol=6 | dir=in | app=c:\users\inna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3D27A9DC-5081-4915-BD20-367A2DCAADC6}" = protocol=17 | dir=in | app=c:\users\inna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{50099F42-7D08-4199-8FB7-5FB1E99A643A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{77058771-82D7-48BE-B9B9-143ED764B7EA}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{97F86EB9-834E-46E7-A4EA-D958A829759E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AF6BDF2D-90DA-4D2D-9ED1-E3D0FBBE7F04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C42E93C3-F802-46AD-B3E7-F9BFB6CB86A7}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{E00DA011-10E2-4B61-B29C-A84364E720F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F2F88DB6-E9A7-416D-B61C-5A6AD08AEBAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{1915DFAD-7365-4424-922A-61D752F3FCB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{86FF4502-C9EF-4BE8-BDDE-4DACFBBAB3E7}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"TCP Query User{C1FD317C-BBB4-4576-89D7-3ED1DF826C61}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{EF356171-C68A-4D17-AFFA-57E720B90A6F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B16952A0-55D9-4814-95EE-0B65237BBB6B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{B4DE3874-BD73-40A6-BD9D-C347729E59E8}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
"UDP Query User{BEE3D1B0-DDA4-4A47-9209-6C8D5400501D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C269F7FE-403F-4BA8-AADF-EF3DBF4994D8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11607749-0F7E-4096-B930-D5DEBAE0E281}" = Mister Wong Toolbar
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.2.1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CCleaner" = CCleaner
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.6
"OnlineFotoservice" = OnlineFotoservice
"PCFriendly" = PCFriendly
"Photo SlideShow Maker" = Photo SlideShow Maker
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Usability Studio_is1" = Usability Studio 3.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = ????????? WinRAR
"Word8.0" = Microsoft Word 97
"XviD Video Codec" = XviD Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.10.2012 10:31:40 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:31:40.948]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:31:40 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:31:40.988]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:32:10 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:32:10.972]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:32:11 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:32:11.012]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:32:40 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:32:40.996]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:32:41 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:32:41.036]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:33:11 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:33:11.019]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:33:11 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:33:11.060]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:33:41 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:33:41.044]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 13.10.2012 10:33:41 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/13 16:33:41.103]: [00001852]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
[ Media Center Events ]
Error - 03.04.2012 12:32:26 | Computer Name = Inna-PC | Source = MCUpdate | ID = 0
Description = 18:32:25 - Fehler beim Herstellen der Internetverbindung.  18:32:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 12.10.2012 17:53:04 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.10.2012 17:53:04 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.10.2012 17:53:04 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.10.2012 18:43:40 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  jswpslwf
 
Error - 13.10.2012 04:23:43 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 13.10.2012 04:23:46 | Computer Name = Inna-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.10.2012 06:23:07 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  jswpslwf
 
Error - 13.10.2012 06:23:41 | Computer Name = Inna-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 13.10.2012 06:23:42 | Computer Name = Inna-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 13.10.2012 10:06:08 | Computer Name = Inna-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 14.10.2012, 06:17   #4
kira
/// Helfer-Team
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {E1E3A3AD-6BC1-4733-8617-75A2D9306109}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{377C03AB-F363-4547-BCAC-CE0DCE5C3CE5}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{B035B634-DB4B-40E6-9CFD-7EFA10D13F33}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9B86D809-FCB4-4DA5-BEB4-004606748A7F&apn_sauid=1BFA7993-F19E-49D3-AB4F-3FAD338ACF9A
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=4.0003002"
FF - prefs.js..extensions.enabledAddons: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.1.1
FF - prefs.js..extensions.enabledItems: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.0.1
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2012.02.03 21:23:30 | 000,126,766 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}.xpi
[2012.07.13 16:55:14 | 000,002,299 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\askcom.xml
[2012.03.24 01:11:01 | 000,003,934 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\sweetim.xml
CHR - homepage: hxxp://home.sweetim.com/?crg=4.0003002&barid={6DBCDDD8-753D-11E1-83C3-001E33F1BA5B}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
[2012.10.13 16:25:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.13 16:25:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.13 12:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc069ac8abd2d4.job

:Files
Mateo-Antivirus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Adobe Reader aktualisieren :
- Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
Tipp: -> Java-Updates konfigurieren

4.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:-> -> Firefox Kostenloser Download
Code:
ATTFilter
Mozilla Thunderbird
         
aber Achtung!:
bei Bedarf, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:-> Mozilla Firefox Backup erstellen
Info:-> Firefox auf die letzte Version aktualisieren

5.
Aktualisieren:
Code:
ATTFilter
OpenOffice.org
         
6.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

9.
Was ist das für ein Programm?:
Code:
ATTFilter
C:\Users\Inna\Desktop\Mateo-Antivirus
         
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 18.10.2012, 23:06   #5
Mantonio
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Hi,

der PC läuft wieder prima. keine auffälligkeiten. außer vielleicht der win prozess "acdaemon.exe" im task manager. kann sich dahinter was verstecken?
"mateo-antivirus" ist nur ein selbst angelegter ordner mit antiviren dateien.
besten dank nochmal für die unterstützung

viele grüße

hier das ergebnis der scans:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{377C03AB-F363-4547-BCAC-CE0DCE5C3CE5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C03AB-F363-4547-BCAC-CE0DCE5C3CE5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B035B634-DB4B-40E6-9CFD-7EFA10D13F33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B035B634-DB4B-40E6-9CFD-7EFA10D13F33}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://home.sweetim.com/?crg=4.0003002" removed from browser.startup.homepage
Prefs.js: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.1.1 removed from extensions.enabledAddons
Prefs.js: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.0.1 removed from extensions.enabledItems
Prefs.js: FFToolbar@bitdefender.com:2.0 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}.xpi moved successfully.
C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\askcom.xml moved successfully.
C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\sweetim.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc069ac8abd2d4.job moved successfully.
========== FILES ==========
File\Folder Mateo-Antivirus not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Inna\Desktop\Mateo-Antivirus\cmd.bat deleted successfully.
C:\Users\Inna\Desktop\Mateo-Antivirus\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Inna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2481140 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1129736869 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2667 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113266 bytes
RecycleBin emptied: 42734097 bytes
 
Total Files Cleaned = 1.121,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_205446

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
C:\Users\Inna\AppData\Roaming\winxarj\aview	Win32/Hoax.ArchSMS.FG.Gen application	cleaned by deleting - quarantined
C:\Users\Inna\AppData\Roaming\winxarj\rules.css	Win32/Hoax.ArchSMS.EP application	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10132012_002246\C_ProgramData\paobssgtwycdmex\main.html	HTML/Ransom.B trojan	cleaned by deleting - quarantined
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.10.2012 22:47:33 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Inna\Desktop\Mateo-Antivirus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 59,81% Memory free
5,74 Gb Paging File | 4,28 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 105,53 Gb Free Space | 70,88% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 26,06 Gb Free Space | 17,64% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 212,85 Gb Free Space | 45,70% Space Free | Partition Type: NTFS
 
Computer Name: INNA-PC | User Name: Inna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\Mateo-Antivirus\OTL.exe
PRC - [2012.10.11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.08 15:50:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 15:14:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 15:14:32 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 15:14:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 15:14:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 15:14:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 15:14:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009.08.21 10:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009.08.13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009.08.05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.07.16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009.03.27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008.09.26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.03.16 12:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007.02.02 18:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\FRITZWLANMini.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [1997.10.18 01:00:00 | 000,111,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 14:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009.07.29 16:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009.07.16 16:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.16 16:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009.07.16 16:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009.07.16 16:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009.07.16 16:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009.07.16 16:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009.07.16 16:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009.07.16 16:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009.07.16 16:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009.07.16 16:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009.07.16 16:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009.07.16 16:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009.07.16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009.07.16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009.03.12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2006.10.07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [1997.10.18 01:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997.10.18 01:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.13 22:05:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 15:14:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:14:32 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:14:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 15:14:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:14:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.09.08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 15:14:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 15:14:34 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 15:14:34 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 15:14:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009.07.21 15:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {E1E3A3AD-6BC1-4733-8617-75A2D9306109}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_deDE344&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE344
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.16 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.07 00:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions
[2010.08.31 23:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.16 20:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Firefox\Profiles\xxpwgdpd.default\extensions
[2012.03.24 01:10:56 | 000,162,686 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.10.16 22:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.16 22:46:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.12 21:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?crg=4.0003002&barid={6DBCDDD8-753D-11E1-83C3-001E33F1BA5B}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Mister Wong - hxxp://www.mister-wong.de/_stuff/toolbar_ie/de/2.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2834B0E8-3989-4CDD-BCE4-E1F06CEA76A1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 22:22:36 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.10.16 22:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.16 21:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.16 21:29:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.16 21:29:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.16 21:29:32 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.16 21:29:32 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.13 22:26:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.13 16:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.13 16:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.13 00:22:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.11 22:26:57 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Roaming\Malwarebytes
[2012.10.11 22:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.11 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Mateo-Antivirus
[2012.10.10 21:44:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 21:43:58 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 21:43:58 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.08 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Haus-Oma
[2012.09.30 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Fotki
[2012.09.29 14:28:18 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Local\Downloaded Installations
[2012.09.22 12:22:32 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 12:22:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 12:22:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 12:22:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 12:22:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 22:12:16 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000UA.job
[2012.10.18 22:11:17 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc069acb52e0e6.job
[2012.10.18 22:11:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 21:03:00 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.18 21:03:00 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.18 21:03:00 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.18 21:03:00 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.18 20:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.18 14:15:56 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 14:15:56 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 14:12:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000Core.job
[2012.10.18 14:08:33 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.10.18 14:08:16 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.16 22:33:31 | 000,394,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.16 22:24:15 | 000,001,165 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.10.16 21:35:13 | 000,070,101 | ---- | M] () -- C:\Users\Inna\Desktop\bookmarks.html
[2012.10.16 21:29:22 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.16 21:29:22 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.16 21:29:22 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.16 21:29:21 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.16 21:29:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.13 22:05:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.13 22:05:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.11 22:42:53 | 000,000,000 | ---- | M] () -- C:\Users\Inna\defogger_reenable
[2012.10.10 23:10:08 | 000,015,348 | ---- | M] () -- C:\Windows\Inna.acl
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.16 22:24:15 | 000,001,165 | ---- | C] () -- C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.10.16 22:00:35 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.16 21:35:12 | 000,070,101 | ---- | C] () -- C:\Users\Inna\Desktop\bookmarks.html
[2012.10.13 22:05:27 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 22:42:53 | 000,000,000 | ---- | C] () -- C:\Users\Inna\defogger_reenable
[2012.10.10 23:10:08 | 000,015,348 | ---- | C] () -- C:\Windows\Inna.acl
[2012.09.17 22:51:10 | 000,889,224 | ---- | C] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:50:46 | 000,912,229 | ---- | C] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:50:46 | 000,906,141 | ---- | C] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:50:46 | 000,893,625 | ---- | C] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:50:46 | 000,816,157 | ---- | C] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:50:46 | 000,793,845 | ---- | C] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:50:46 | 000,748,791 | ---- | C] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:45:04 | 001,566,376 | ---- | C] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:45:04 | 000,938,695 | ---- | C] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:45:04 | 000,872,923 | ---- | C] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:45:04 | 000,863,450 | ---- | C] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:45:04 | 000,825,285 | ---- | C] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:45:04 | 000,816,485 | ---- | C] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:45:04 | 000,808,528 | ---- | C] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:45:04 | 000,792,810 | ---- | C] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:45:04 | 000,789,402 | ---- | C] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:45:04 | 000,786,460 | ---- | C] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:45:04 | 000,738,110 | ---- | C] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:45:04 | 000,724,196 | ---- | C] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:45:04 | 000,703,846 | ---- | C] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:45:04 | 000,683,518 | ---- | C] () -- C:\Users\Inna\IMG_0078.JPG
[2012.09.17 22:45:04 | 000,660,239 | ---- | C] () -- C:\Users\Inna\IMG_0084.JPG
[2011.11.14 19:15:27 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.07.03 19:27:40 | 000,000,033 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imwords.dat
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\im_markovian.dat
[2011.01.23 21:15:48 | 000,000,438 | ---- | C] () -- C:\Users\Inna\AppData\Roaming\wklnhst.dat
[2011.01.15 23:43:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.12.29 00:59:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.29 00:50:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.12.29 00:28:34 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.09.30 13:50:21 | 000,528,580 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.01.20 21:38:11 | 000,015,360 | ---- | C] () -- C:\Users\Inna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 02:01:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.15 01:59:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.11.04 22:40:29 | 000,000,868 | ---- | C] () -- C:\Users\Inna\.recently-used.xbel
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.16 23:24:20 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canneverbe Limited
[2010.11.12 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canon
[2012.10.06 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Dropbox
[2011.06.03 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\elsterformular
[2010.01.15 01:39:26 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Leadertech
[2010.01.15 01:39:35 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\OpenOffice.org
[2010.01.20 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Panasonic
[2010.01.15 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\PeaZip
[2011.04.16 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\phonostar GmbH
[2010.09.30 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\QuickScan
[2010.12.29 00:40:07 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\ScanSoft
[2011.01.23 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Template
[2010.08.31 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Thunderbird
[2011.04.07 21:51:39 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\TomTom
[2010.01.16 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\toshiba
[2011.02.20 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Ulead Systems
[2011.08.29 20:18:54 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Usability Studio
[2012.10.17 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\VSO
[2010.01.15 01:39:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\WinBatch
[2012.10.18 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\winxarj
[2010.12.29 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.07.08 17:13:25 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011.01.31 01:03:58 | 004,602,044 | ---- | M] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\Изображение 062.jpg
[2011.01.31 00:59:38 | 004,602,044 | ---- | C] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\Изображение 062.jpg
[2010.09.30 14:24:06 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.10.2012 22:47:33 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Inna\Desktop\Mateo-Antivirus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 59,81% Memory free
5,74 Gb Paging File | 4,28 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 105,53 Gb Free Space | 70,88% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 26,06 Gb Free Space | 17,64% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 212,85 Gb Free Space | 45,70% Space Free | Partition Type: NTFS
 
Computer Name: INNA-PC | User Name: Inna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0 -- ()
"AntiSpywareOverride" = 0 -- ()
"FirewallOverride" = 0 -- ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0 -- ()
"EnableFirewall" = 0 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0 -- ()
"EnableFirewall" = 0 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0 -- ()
"EnableFirewall" = 0 -- ()
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11EA66E0-FFA5-4C72-9682-778D006BD1B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{120C7D9E-9E59-44C5-BDEA-45604D602167}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{14545D99-0953-41B0-958E-594057ECB257}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{31FCE6DF-0ABB-4F98-83A2-69CD0E1824D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38A9CB47-F087-4E23-8456-50EFCC50E4E5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{452EBD33-9D16-4223-AF75-645E2A60753D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4E55904E-51A0-4F58-9E86-08D2B17E5903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{53EB95D9-06D5-40E3-BCFA-AE0A35C8F527}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AD559D61-7CEE-4970-9E67-3AECFEB97F24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C426A4FC-CD19-428E-97D4-8D350959EAD7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D471BE04-A7BF-46C6-8F29-74FCB531B617}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E2657792-4322-4AE8-8535-AAAB5ABC9896}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6C63245-5301-4259-9701-F5788E8BFB8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E70FAADB-8CD3-4BB1-8A1C-C6215221572D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E8B9C904-B4AD-493F-A83E-0090F2A6890A}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15814E6A-441D-423F-8CC6-B12A9C70AF28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{201930A6-4022-48C3-AD8E-3555614F3E7E}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{2F9BE8CC-C2B7-4738-8095-078C3AD739F5}" = protocol=6 | dir=in | app=c:\users\inna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3D27A9DC-5081-4915-BD20-367A2DCAADC6}" = protocol=17 | dir=in | app=c:\users\inna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{77058771-82D7-48BE-B9B9-143ED764B7EA}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{97F86EB9-834E-46E7-A4EA-D958A829759E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AF6BDF2D-90DA-4D2D-9ED1-E3D0FBBE7F04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E00DA011-10E2-4B61-B29C-A84364E720F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F2F88DB6-E9A7-416D-B61C-5A6AD08AEBAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{86FF4502-C9EF-4BE8-BDDE-4DACFBBAB3E7}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"TCP Query User{C1FD317C-BBB4-4576-89D7-3ED1DF826C61}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{EF356171-C68A-4D17-AFFA-57E720B90A6F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B4DE3874-BD73-40A6-BD9D-C347729E59E8}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
"UDP Query User{BEE3D1B0-DDA4-4A47-9209-6C8D5400501D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C269F7FE-403F-4BA8-AADF-EF3DBF4994D8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11607749-0F7E-4096-B930-D5DEBAE0E281}" = Mister Wong Toolbar
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.2.1
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CCleaner" = CCleaner
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.6
"OnlineFotoservice" = OnlineFotoservice
"PCFriendly" = PCFriendly
"Photo SlideShow Maker" = Photo SlideShow Maker
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Usability Studio_is1" = Usability Studio 3.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = ????????? WinRAR
"Word8.0" = Microsoft Word 97
"XviD Video Codec" = XviD Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 16:54:38 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:54:38.942]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:54:39 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:54:39.042]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:55:14 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:55:14.065]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:55:14 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:55:14.154]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:55:43 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:55:43.127]: [00001912]: SendSKeySettingToDevice::
 Snmp Load Error[-1] To[192.168.178.31]  
 
Error - 18.10.2012 16:55:43 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:55:43.229]: [00001912]: SendSKeySettingToDevice::
 Snmp Load Error[-1] To[192.168.178.31]  
 
Error - 18.10.2012 16:55:49 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:55:49.178]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:55:49 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:55:49.267]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:56:24 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:56:24.290]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
Error - 18.10.2012 16:56:24 | Computer Name = Inna-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/18 22:56:24.381]: [00001912]: GetDeviceIpAddress:
 GetAddressByName [BRWF07BCB4D2ADA] Error  
 
[ Media Center Events ]
Error - 03.04.2012 12:32:26 | Computer Name = Inna-PC | Source = MCUpdate | ID = 0
Description = 18:32:25 - Fehler beim Herstellen der Internetverbindung.  18:32:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 16.10.2012 16:34:28 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 16.10.2012 16:34:28 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 16.10.2012 16:34:58 | Computer Name = Inna-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.10.2012 16:34:59 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 16.10.2012 16:34:59 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 17.10.2012 03:23:29 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  jswpslwf
 
Error - 17.10.2012 13:09:09 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  jswpslwf
 
Error - 18.10.2012 02:24:15 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  jswpslwf
 
Error - 18.10.2012 08:08:44 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   BTHidMgr  jswpslwf
 
Error - 18.10.2012 12:41:45 | Computer Name = Inna-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
 
< End of report >
         
--- --- ---


Alt 19.10.2012, 05:44   #6
kira
/// Helfer-Team
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Zitat:
Zitat von Mantonio Beitrag anzeigen
außer vielleicht der win prozess "acdaemon.exe" im task manager. kann sich dahinter was verstecken?
Online-Aktualisierungsprogramm der Firma Arcsoft: Unter Systemsteuerung-> Software/Programme:
ArcSoft Software Suite

1.
Programme aus dem Autostart zu entfernen ("Häkchen entfernen"), die das System garnix benötigt, aber beeinträchtigen die Systemleistung:
Code:
ATTFilter
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
         
um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart
► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg
Die Programme bleiben dabei erhalten, falls man braucht, können jederzeit manuell gestartet werden!
Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll.
Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden![/COLOR][/SIZE][/I][/B]

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
CHR - homepage: http://home.sweetim.com/?crg=4.0003002&barid={6DBCDDD8-753D-11E1-83C3-001E33F1BA5B}

:Files
C:\Users\Inna\AppData\Roaming\winxarj
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

3.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

4.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

5.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

6.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

7.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

8.
Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows!
► daher muss aktualisiert werden! Version 9 ist aktuell...
Du kannst gleich den Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________
--> BKA Trojaner Ukash

Alt 19.10.2012, 20:30   #7
Mantonio
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



Läuft alles super. 1000 Dank nochmal Kira. Spende ist unterwegs :-)

Code:
ATTFilter
All processes killed
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
C:\Users\Inna\AppData\Roaming\winxarj folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Inna\Desktop\Mateo-Antivirus\cmd.bat deleted successfully.
C:\Users\Inna\Desktop\Mateo-Antivirus\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Inna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14328365 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 857997176 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2031 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131698 bytes
RecycleBin emptied: 328637012 bytes
 
Total Files Cleaned = 1.145,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10192012_183826

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 20.10.2012, 02:58   #8
kira
/// Helfer-Team
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash



herzlichen Dank für deine tatkräftige Unterstützung!

ich wünsche Dir alles Gute & malwarefreies surfen
gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu BKA Trojaner Ukash
antivir, autorun, avira, bho, bka bundeskriminalamt trojaner, bka trojaner ukash, defender, downloader, explorer, firefox, format, home, lws.exe, maleware, malwarebytes, microsoft, mozilla, opera, pdfforge toolbar, photoshop, realtek, registry, scan, software, stick, sweetpacks, trojaner, wallpaper, windows, winlogon



Ähnliche Themen: BKA Trojaner Ukash


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. gvu / ukash-trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (11)
  3. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  4. Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (12)
  5. Ukash GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (11)
  6. UKASH BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2012 (22)
  7. BKA/UKASH - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (1)
  8. Ukash Trojaner
    Log-Analyse und Auswertung - 28.07.2012 (25)
  9. GVU Trojaner 2.07? Ukash
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  10. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (2)
  11. Ukash- Trojaner
    Mülltonne - 04.06.2012 (2)
  12. BKA-trojaner, ukash
    Log-Analyse und Auswertung - 20.01.2012 (10)
  13. BKA-Ukash-Trojaner
    Log-Analyse und Auswertung - 04.08.2011 (1)
  14. BKA Trojaner Ukash
    Log-Analyse und Auswertung - 14.05.2011 (1)
  15. Ukash-BKA Trojaner
    Log-Analyse und Auswertung - 06.05.2011 (68)
  16. Ukash - BKA - Trojaner
    Log-Analyse und Auswertung - 02.05.2011 (25)
  17. BKA-Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (3)

Zum Thema BKA Trojaner Ukash - Hallo zusammen, mich hat der BKA Trojaner auch erwischt. Habe nach Anleitung die 3 Logfiles erstellt, s.u. bzw. im Anhang. Habe den Maleware scan noch nicht gemacht, wollte erstmal eure - BKA Trojaner Ukash...
Archiv
Du betrachtest: BKA Trojaner Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.