| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Groupon TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2013, 20:34
| #1 |
 |  Groupon Trojaner Hallo allerseits, ich habe gestern auch diese Email bekommen und habe innerhalb von Outlook den zip-Ordner geöffnet. Ich bin mir aber nicht mehr sicher, ob ich die auszuführende Datei geöffnet habe oder nicht. Ich habe mit Avira gescant und einige Funde gehabt. Ich habe auch mit Malwarebytes, OTL und GMER gescannt. Ich bitte euch um Hilfe. MfG Igor Hier ist das Ergebnis von Avira: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 8. März 2013 17:50
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : IGOR-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 12.02.2013 16:14:21
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 22:03:56
LUKE.DLL : 13.6.0.602 67808 Bytes 12.02.2013 16:14:30
AVSCPLR.DLL : 13.6.0.628 94432 Bytes 06.02.2013 06:33:13
AVREG.DLL : 13.6.0.600 250592 Bytes 06.02.2013 06:33:13
avlode.dll : 13.6.2.624 434912 Bytes 06.02.2013 06:33:14
avlode.rdf : 13.0.0.38 15231 Bytes 13.02.2013 15:22:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:55:29
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 20:51:05
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 20:51:05
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 20:51:05
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 20:51:05
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 20:51:05
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 20:51:05
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 04:19:09
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 08:12:10
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 15:22:50
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 14:54:54
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 15:32:12
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 21:31:30
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 16:42:50
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 17:56:46
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 10:37:52
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 16:33:25
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 19:11:11
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 15:41:24
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 17:09:40
VBASE027.VDF : 7.11.63.211 212480 Bytes 06.03.2013 12:42:47
VBASE028.VDF : 7.11.64.21 198656 Bytes 08.03.2013 13:30:37
VBASE029.VDF : 7.11.64.22 2048 Bytes 08.03.2013 13:30:38
VBASE030.VDF : 7.11.64.23 2048 Bytes 08.03.2013 13:30:38
VBASE031.VDF : 7.11.64.32 10752 Bytes 08.03.2013 13:30:39
Engineversion : 8.2.12.14
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.96 471420 Bytes 08.03.2013 13:30:55
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 20:14:27
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 21:30:25
AEPACK.DLL : 8.3.2.0 827767 Bytes 08.03.2013 13:30:55
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 13:30:54
AEHEUR.DLL : 8.1.4.236 5833081 Bytes 08.03.2013 13:30:54
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 17:50:22
AEEXP.DLL : 8.4.0.10 192886 Bytes 08.03.2013 13:30:55
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 16:42:50
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 16:14:15
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 16:14:21
AVREP.DLL : 13.6.0.480 178544 Bytes 06.02.2013 06:33:13
AVARKT.DLL : 13.6.0.624 260832 Bytes 12.02.2013 16:14:19
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 12.02.2013 16:14:20
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 16:14:22
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 16:14:30
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 22:03:53
RCTEXT.DLL : 13.6.0.480 68976 Bytes 12.02.2013 16:14:15
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Freitag, 8. März 2013 17:50
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_287.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_287.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_FATIGBU.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMARTInk.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMARTBoardService.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'FUFAXSTM.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'sm56hlpr.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpAgent.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMARTHelperService.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSVC.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpHostW.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WacomTouchService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AtService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3126' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2b01f41d-6cf702c2
[0] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test2.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.OS
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7e390107-486ac018
[0] Archivtyp: ZIP
--> ewjvaiwebvhtuai124a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Desinfektion:
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7e390107-486ac018
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d39e01.qua' verschoben!
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2b01f41d-6cf702c2
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.OS
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e43b1a3.qua' verschoben!
Ende des Suchlaufs: Freitag, 8. März 2013 19:48
Benötigte Zeit: 1:54:28 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
26490 Verzeichnisse wurden überprüft
1039728 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1039723 Dateien ohne Befall
11695 Archive wurden durchsucht
5 Warnungen
3 Hinweise
695692 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Hier ist das Ergebnis von Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.08.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Igor :: IGOR-PC [Administrator] Schutz: Aktiviert 08.03.2013 20:06:35 mbam-log-2013-03-08 (20-06-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203296 Laufzeit: 6 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 08.03.2013 20:18:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Igor\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,94 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,37% Memory free 5,87 Gb Paging File | 4,37 Gb Available in Paging File | 74,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 133,69 Gb Free Space | 57,43% Space Free | Partition Type: NTFS Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Igor\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies) PRC - C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies) PRC - C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\WacomTouchService.exe () PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Windows\System32\msjetoledb40.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SMARTHelperService) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (WacomTouchService) -- C:\Windows\System32\WacomTouchService.exe () SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (StarOpen) -- File not found DRV - (a904vk49) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC) DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC) DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (wacomhidfilter) -- C:\Windows\System32\drivers\wacomhidfilter.sys (Wacom Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes,DefaultScope = {C1A4511A-C963-4E44-A47E-977FBE201AA4} IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{C1A4511A-C963-4E44-A47E-977FBE201AA4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{F6BAB714-EFC8-4CCA-A045-5564D39015F8}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.10.23 17:01:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.28 18:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.28 18:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 20:28:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 20:28:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.10.23 17:01:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 20:28:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 20:28:20 | 000,000,000 | ---D | M] [2010.05.09 16:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Extensions [2013.03.07 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Firefox\Profiles\xsu45c8k.default\extensions [2013.03.07 19:20:47 | 000,013,878 | ---- | M] () (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2011.08.03 19:02:41 | 000,083,618 | ---- | M] () -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\searchplugins\canoonet.xml [2013.02.27 20:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.27 20:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.02.27 20:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.02.27 20:28:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.28 16:32:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 19:53:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.03.28 16:32:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.28 16:32:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.28 16:32:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.28 16:32:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [EPSON BX620FWD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [Epson Stylus Office BX620FWD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093BF58E-1AED-4338-B93C-59B3F257B0D2}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA3D1E6-CC7F-4DD5-9C4E-53539239BEFF}: DhcpNameServer = 10.101.226.2 195.37.105.57 195.37.105.58 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4aec2c18-699a-11df-85fc-001e37e60a30}\Shell - "" = AutoRun O33 - MountPoints2\{4aec2c18-699a-11df-85fc-001e37e60a30}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{51a660a8-bfdf-11de-81ed-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{51a660a8-bfdf-11de-81ed-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe "start.pdf" O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 20:16:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe [2013.03.08 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Roaming\Malwarebytes [2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.08 18:31:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.08 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.02 16:42:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.02 16:42:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.03.02 16:42:00 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.02 16:42:00 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.02 16:42:00 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.02 16:41:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.02 16:41:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.02 16:41:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.02 16:41:55 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.03.02 16:41:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.03.02 16:41:54 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.03.02 16:41:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.03.02 16:41:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.03.02 16:41:52 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.03.02 16:41:52 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.03.02 16:41:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.03.02 16:41:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.03.02 16:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.03.02 16:41:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.03.02 16:41:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.03.02 16:41:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.03.01 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\Igor\Documents\Command and Conquer Generals Data [2013.02.27 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.19 07:14:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.19 07:14:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.19 07:14:12 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.19 07:13:54 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.19 07:13:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.17 20:50:03 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.02.17 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.02.17 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.02.17 20:47:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2013.02.17 20:47:31 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2013.02.17 20:47:31 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2013.02.17 20:47:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2013.02.17 20:46:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2013.02.17 20:45:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2013.02.17 20:43:36 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Local\Windows Live [2013.02.17 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live ========== Files - Modified Within 30 Days ========== [2013.03.08 20:16:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe [2013.03.08 17:39:55 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 17:39:55 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 17:32:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 17:32:08 | 2364,493,824 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 06:14:35 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.04 06:14:35 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.04 06:14:35 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.04 06:14:35 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.24 22:27:11 | 000,003,077 | ---- | M] () -- C:\Users\Igor\.recently-used.xbel [2013.02.19 17:37:46 | 000,445,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.17 20:49:26 | 000,000,020 | ---- | M] () -- C:\Windows\´ó [2013.02.07 18:48:19 | 000,001,013 | ---- | M] () -- C:\Users\Igor\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.02.24 22:27:11 | 000,003,077 | ---- | C] () -- C:\Users\Igor\.recently-used.xbel [2013.02.17 20:49:48 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.02.17 20:49:32 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.02.17 20:49:25 | 000,000,020 | ---- | C] () -- C:\Windows\´ó [2013.01.06 21:11:43 | 000,000,092 | ---- | C] () -- C:\Users\Igor\de.pws [2013.01.06 21:11:43 | 000,000,025 | ---- | C] () -- C:\Users\Igor\de.prepl [2012.11.17 21:02:24 | 000,000,728 | ---- | C] () -- C:\Users\Igor\.tracker.prefs [2012.11.17 21:02:24 | 000,000,158 | ---- | C] () -- C:\Users\Igor\.tracker_starter.prefs [2012.04.10 14:22:33 | 000,004,096 | -H-- | C] () -- C:\Users\Igor\AppData\Local\keyfile3.drm [2011.11.11 20:54:50 | 000,077,216 | ---- | C] () -- C:\ProgramData\dudenbib.wav [2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.07.01 13:03:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.14 19:18:15 | 000,000,173 | ---- | C] () -- C:\Users\Igor\AppData\Local\msmathematics.qat.Igor [2011.03.27 20:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI [2010.12.12 23:18:12 | 000,006,238 | ---- | C] () -- C:\Users\Igor\.emacs [2010.12.12 12:37:02 | 000,004,752 | ---- | C] () -- C:\Users\Igor\%backup%~ [2010.11.27 15:02:12 | 000,011,376 | ---- | C] () -- C:\Users\Igor\gsview32.ini [2009.11.22 13:46:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.23 17:41:33 | 000,007,597 | ---- | C] () -- C:\Users\Igor\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.03.2013 20:18:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Igor\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,94 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,37% Memory free
5,87 Gb Paging File | 4,37 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 133,69 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F85F9-F6C2-489E-B5F6-F059582E205B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0AA4DB48-8344-48F7-AAAF-746E6F6B204C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D29FD02-2170-4510-988C-4432F2ECFE28}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D3FB491-AE9F-4A1A-97DE-0F41A621021C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1202045F-1670-42B8-BDC5-4390D4F43CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1447A0D3-D3A0-4294-AD91-E132D662BFEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{19CA0F7B-EF88-4D05-A5AB-08C02FB26DF5}" = lport=57564 | protocol=6 | dir=in | name=pando media booster |
"{1BD286D5-DBE8-4C30-8EE7-A3E6082EDF7A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1FC037D1-993A-45E9-ABD4-D64FF9EF1156}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A239A87-19E0-4E2D-8F5C-039604C8F260}" = lport=57564 | protocol=17 | dir=in | name=pando media booster |
"{3AEDD7A0-1658-4362-A64C-5C62C47DED1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{43090ACE-CBCE-44D7-B636-B323A9394FA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44173BC3-4361-4AE2-AD4A-3D5A86500F61}" = lport=139 | protocol=6 | dir=in | app=system |
"{5769F108-41DE-4B9F-905D-41E2CDB16338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B0E2238-1C56-4AF5-A3C3-461BB9E20045}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E6EA0A3-4152-440E-92E2-97A56CFAE187}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6241E64B-9D0A-4AB6-83CC-E15A88852A2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{6760D11F-C7AE-4176-BC39-139E919C26E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EC0457B-9F65-488A-91B2-56280D1A8382}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73E57006-B439-45B0-9525-24D5F46B5288}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78B96770-22BC-43DD-AEC8-A25D1C183765}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FB31C95-A88E-4117-BCD4-575B116FA2E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B9EAE3C-C259-462F-8727-F6A1676400E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1C9BBD1-DFB3-4526-B559-4DAE25FA3F0F}" = lport=57564 | protocol=6 | dir=in | name=pando media booster |
"{B6E0F417-F2F0-4BFB-8923-14008B180101}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C38D9235-6984-4DAD-AF62-9C3FBDC3B411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4D23DFE-E827-4B36-AD16-3E1885D1C4FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5DDC500-E7F1-4BBA-A60F-BC39D10F674F}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF08E3B9-BF5C-4491-9B43-1C662E6992C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0ADB5E8-2273-45CF-B4B9-7B5B8AEF56CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E28E3BF1-E553-4412-88F9-B2A87B102F51}" = lport=57564 | protocol=17 | dir=in | name=pando media booster |
"{E4D36BDC-9A4B-4D8A-8D19-7C28B976634F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8262ACF-1751-4772-ABFE-CD6A4BFE747C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F679990A-86BB-4467-A911-3C8ED04F926C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6ED9EE7-A789-4F3D-AD79-5214A3E1D789}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD4F0353-8549-4E0A-BA66-4A12FCBF7FF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDD139F-E63A-47C4-AF3F-E7F37F6D43E7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FFADB0A4-6BE0-4BFC-AED4-DA92218B77BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2AB06-045E-4BDB-B399-FF43B8F15CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09DCCF43-6262-4829-A4A7-1AE84C2ACC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D0C3B50-3D12-405E-BE2D-561778FD4B8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{186A868F-86C8-420F-8E55-0532B0694351}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{190EDF58-1F1B-414F-B890-EF702C1D015C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{22314404-3E01-41C6-8D4E-688C6335A8D8}" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"{37B4D08A-9922-440E-BD60-FCB367AA9A15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B4852A3-3597-4688-902A-7C51410164AC}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{3C4DCFA1-899C-4C46-9962-45F056431CAC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{44625ADC-0E0C-4800-B315-21641C8A3256}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4490890B-5D69-431E-8006-915DDC303F12}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{44CC8D88-A984-4D8E-B512-6B0A5F1D87A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4551E1FB-BBC3-450E-BCE2-D277D1567979}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5171A404-C177-4121-BD90-899F1FBFC010}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{5C455617-CEEF-4C32-8188-887991DF1B80}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{675B006A-3150-4323-8965-6016A1E2B4B3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"{6F155868-3659-452C-A8AD-13C2FC6BA0E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F68DB9F-7681-43CE-B099-59B9C95EA749}" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"{71631A15-B5D7-43EF-BB12-9CDCAD6B994F}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"{7F796A07-1FDE-4DCD-A80E-981962C7B30C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{872CC69D-31E2-4113-8380-95B16E4305A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F73A066-985E-4091-8003-700D9A6CF324}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9928BEE0-CE22-4DF5-857B-519D4DD38E95}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A21CF4AF-C77D-4DFA-81ED-62896DB9021B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3DCEC63-CC45-4F61-800E-0B40AA5821EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4BD0E16-A564-45E4-90E6-5725F7B5C13C}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{C61EEE58-EFB8-4FEF-8594-88E4961A00CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA25BD42-339F-4821-8BF3-AEE06F255E65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4801106-4164-4E72-8537-3D8DEC877290}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{D6B01AB3-A777-49B1-A4E0-CB820220DC58}" = protocol=6 | dir=out | app=system |
"{D955A1C8-6306-4092-88DE-5B009120221B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6126F2F-2547-46E8-B564-239D5B7A61B6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E9608FBC-5A66-4FE4-AAC1-6055FC80F988}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EC84660A-2584-4885-B5A2-AF5EF03A6E8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8C579E2-AE8A-44B9-8F38-3A29CE4AA687}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9AB2436-6B05-4007-BE31-2AED5B94FB7D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{072F5813-3DEC-4513-BA29-A841BE2206C9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{091A6AE5-9A20-4A2D-90EF-A127933963E0}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{2AF4A1DC-9541-483D-98C2-1BE9DDE5C0E8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{7D48AF3B-DC0D-4AA7-9CB3-1A92C12C317F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{9528AEA3-5D1D-4FF8-879C-C0AE1D0BB0C3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{953015BA-F94C-4FA0-94BD-C94EED6A8B38}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=6 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe |
"TCP Query User{9A289E63-0482-4DA4-87FB-FA3DC447547F}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat |
"TCP Query User{9EA6B18C-97D5-4808-BDC6-59629E01B420}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat |
"TCP Query User{9F771E8B-A6C0-4956-A8EF-6BEF500951B5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A190202C-9E3B-469A-8711-78E9639FEAA4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{BE20BA8C-241F-4CF6-B4DA-E434543A7942}C:\program files\smart technologies\education software\ucgui.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"TCP Query User{BF0CB885-A42D-482D-AB8B-0B3F40DABAB9}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C2BCB147-8B51-4EB6-BBE4-56F07993506E}C:\program files\smart technologies\education software\ucservice.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"TCP Query User{EEC0C0F9-4D0E-4B13-8C1C-11FDE515452C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{010400A7-2DFB-4272-B1D9-664E791CABB9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1EA94CF8-9984-46C1-937A-51D491A2A14F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{36330053-17EA-48E3-B087-D05B016C268D}C:\program files\smart technologies\education software\ucgui.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"UDP Query User{378AF4B2-4B1E-4166-8332-CF3F1A834AF7}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat |
"UDP Query User{3F359682-E718-401F-8BA3-DD6D7BB9AA4C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4B8CC75A-1EC1-416A-876F-7C3ADD7DB68A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{4F49CA8E-2953-4691-9004-444593412713}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{500E311C-BFC0-4450-8F30-434270E188D5}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=17 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe |
"UDP Query User{5037AF2A-D88D-4429-981B-A5D108A58AF4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9B05C9E4-FE89-4CEA-93F9-4CD41179B5CE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{B0420676-43FD-48BB-BCCB-93370DC16805}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BCA7018A-E411-4075-99E3-185AE478A83F}C:\program files\smart technologies\education software\ucservice.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"UDP Query User{D7AB14EB-AE64-4934-B7C7-A691547F4973}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FA04828C-8C1F-4DE9-8456-C29751153F5B}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}" = Adobe Flash Player 10 ActiveX
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D7C895F6-7BD7-41F9-94F8-4FCD50F2F771}_is1" = myFuNe 2.0
"{D9D5A07A-F299-4741-BFE6-302324CC0BD7}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.12 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Derive 6" = Derive 6
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"GeoGebra 4.2" = GeoGebra 4.2
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OSP Tracker" = Tracker
"Pen Tablet Driver" = Stifttablett
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Inkscape" = Inkscape 0.48.1
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.06.2011 05:49:30 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.06.2011 05:49:30 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.06.2011 06:16:49 | Computer Name = Igor-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Fingerprint
Sensor\Drivers\DPinst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.06.2011 06:18:50 | Computer Name = Igor-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\fingerprint
sensor\Drivers\DPinst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.06.2011 15:31:00 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.06.2011 15:31:00 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.06.2011 03:29:41 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.06.2011 03:29:41 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.06.2011 03:28:23 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.06.2011 03:28:23 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ DigitalPersona Pro Events ]
Error - 08.04.2012 10:00:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:35:54 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:35:58 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:36:05 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:36:09 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 17.07.2012 03:21:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
[ OSession Events ]
Error - 19.12.2012 22:27:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 22:31:16 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 22:34:14 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 22:35:22 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 23:01:25 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.01.2013 08:09:31 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.01.2013 08:11:06 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 08.01.2013 04:49:12 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 480
seconds with 420 seconds of active time. This session ended with a crash.
Error - 08.01.2013 04:55:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 356
seconds with 300 seconds of active time. This session ended with a crash.
Error - 15.01.2013 11:24:46 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 67
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.01.2013 02:46:41 | Computer Name = Igor-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 21.01.2013 13:20:09 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SSDP-Suche erreicht.
Error - 21.01.2013 13:20:09 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 08.02.2013 19:13:39 | Computer Name = Igor-PC | Source = DCOM | ID = 10010
Description =
Error - 15.02.2013 11:08:42 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ATService erreicht.
Error - 22.02.2013 07:36:27 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description =
Error - 22.02.2013 09:55:24 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ATService erreicht.
Error - 27.02.2013 08:18:56 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description =
Error - 01.03.2013 04:35:51 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description =
Error - 01.03.2013 06:47:25 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 21:06:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000078 WDC_WD25 rev.01.0 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Igor\AppData\Local\Temp\kxldrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830879E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C11C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spjb.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91E03340, 0x3EE217, 0xE8000020]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 865CF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{093BF58E-1AED-4338-B93C-59B3F257B0D2} 86BFC500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\volmgr \Device\VolMgrControl 859141F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{ECA3D1E6-CC7F-4DD5-9C4E-53539239BEFF} 86BFC500
Device \Driver\usbohci \Device\USBPDO-0 86C971F8
Device \Driver\usbehci \Device\USBPDO-1 86C671F8
Device \Driver\volmgr \Device\HarddiskVolume1 859141F8
Device \Driver\volmgr \Device\HarddiskVolume2 859141F8
Device \Driver\cdrom \Device\CdRom0 86B901F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 865CC1F8
Device \Driver\atapi \Device\Ide\IdePort0 865CC1F8
Device \Driver\atapi \Device\Ide\IdePort1 865CC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86BFC500
Device \Driver\nvstor \Device\00000078 865CD1F8
Device \Driver\nvstor \Device\RaidPort0 865CD1F8
Device \Driver\PCI_PNP5504 \Device\0000006a spjb.sys
Device \Driver\usbohci \Device\USBFDO-0 86C971F8
Device \Driver\usbehci \Device\USBFDO-1 86C671F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5B7C4E9E-2284-4DE2-A89D-B29246B9CD88} 86BFC500
Device \Driver\a904vk49 \Device\Scsi\a904vk491 86D691F8
Device \Driver\sptd \Device\1952413504 spjb.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x865cd1f8]<< 865cd1f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868aa030] 868aa030
Trace 3 CLASSPNP.SYS[8b98559e] -> nt!IofCallDriver -> [0x866bf738] 866bf738
Trace 5 ACPI.sys[8b35b3d4] -> nt!IofCallDriver -> \Device\00000078[0x8664f030] 8664f030
Trace \Driver\nvstor[0x866631d0] -> IRP_MJ_CREATE -> 0x865cd1f8 865cd1f8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e37e60a30
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e37e60a30@001a1b1c1bfe 0x02 0x32 0x71 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0x15 0xFE 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x92 0x2F 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0xD0 0xC2 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x82 0x9E 0x60 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e37e60a30 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e37e60a30@001a1b1c1bfe 0x02 0x32 0x71 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x6E 0xF5 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x92 0x2F 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0xD0 0xC2 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x82 0x9E 0x60 0xD3 ...
---- EOF - GMER 2.1 ----
Geändert von IgorS (08.03.2013 um 21:18 Uhr) |
|
10.03.2013, 09:40
| #2 |
| | Groupon Trojaner Es würde mich sehr interessieren, ob ich den Trojaner überhaupt aktiviert habe. Bislang habe ich nämlich keine Aktivitäten des Trojaners gemerkt.
__________________Ich danke schon mal im Voraus für die Hilfe. |
|
11.03.2013, 20:39
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Groupon Trojaner Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.03.2013, 21:30
| #4 | ||
| | Groupon Trojaner Hallo und danke für deine Antwort! Zitat:
Zitat:
Ansonsten habe ich keine weiteren Logs außer die schon oben geposteten. Wie gesagt, ich habe den zip-Ordner der Fake-Groupon-Email geöffnet, kann mich aber nicht mehr erinnern, ob ich die darin befindliche DOS-...-Datei, wie bei der auftauchenden Warnung (glaube ich) genannt, tatsächlich geöffnet habe. Ich mache gerne weitere Log mit anderen Virenscaner (Empfehlung?), wenn das helfen kann, den "Schädling" zu finden bzw. evtl. sicher zu gehen, dass keiner da ist. |
|
12.03.2013, 10:01
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.03.2013, 17:31
| #6 |
| | Groupon Trojaner Hier ist der Log von MBAR (kein Fund gewesen): Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.12.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Igor :: IGOR-PC [administrator]
12.03.2013 16:25:53
mbar-log-2013-03-12 (16-25-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29190
Time elapsed: 13 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Der Scan von aswMBR wurde unterbrochen. Hier die Fehlermeldung: (siehe Anhang) Nach Trennung von Internetverbindung und dem Abschalten von Antiviren-Programmen habe ich erneut versucht, zu scanen. Es tauchte aber nach einer Zeit wieder diese Fehlermeldung auf. --------------------------------------------- Die Log-Datei von TDSS-Killer: Code:
ATTFilter 17:11:26.0014 4672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:11:26.0294 4672 ============================================================
17:11:26.0294 4672 Current date / time: 2013/03/12 17:11:26.0294
17:11:26.0294 4672 SystemInfo:
17:11:26.0294 4672
17:11:26.0294 4672 OS Version: 6.1.7601 ServicePack: 1.0
17:11:26.0294 4672 Product type: Workstation
17:11:26.0294 4672 ComputerName: IGOR-PC
17:11:26.0294 4672 UserName: Igor
17:11:26.0294 4672 Windows directory: C:\Windows
17:11:26.0294 4672 System windows directory: C:\Windows
17:11:26.0294 4672 Processor architecture: Intel x86
17:11:26.0294 4672 Number of processors: 2
17:11:26.0294 4672 Page size: 0x1000
17:11:26.0294 4672 Boot type: Normal boot
17:11:26.0294 4672 ============================================================
17:11:28.0004 4672 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:11:28.0004 4672 ============================================================
17:11:28.0004 4672 \Device\Harddisk0\DR0:
17:11:28.0004 4672 MBR partitions:
17:11:28.0004 4672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:11:28.0004 4672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
17:11:28.0004 4672 ============================================================
17:11:28.0024 4672 C: <-> \Device\Harddisk0\DR0\Partition2
17:11:28.0024 4672 ============================================================
17:11:28.0024 4672 Initialize success
17:11:28.0024 4672 ============================================================
17:13:42.0713 5992 ============================================================
17:13:42.0713 5992 Scan started
17:13:42.0713 5992 Mode: Manual; SigCheck; TDLFS;
17:13:42.0713 5992 ============================================================
17:13:43.0056 5992 ================ Scan system memory ========================
17:13:43.0056 5992 System memory - ok
17:13:43.0056 5992 ================ Scan services =============================
17:13:43.0352 5992 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:13:43.0493 5992 1394ohci - ok
17:13:43.0555 5992 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:13:43.0586 5992 ACPI - ok
17:13:43.0633 5992 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:13:43.0695 5992 AcpiPmi - ok
17:13:43.0836 5992 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:13:43.0851 5992 AdobeARMservice - ok
17:13:43.0914 5992 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:43.0945 5992 adp94xx - ok
17:13:43.0976 5992 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:13:44.0007 5992 adpahci - ok
17:13:44.0023 5992 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:13:44.0054 5992 adpu320 - ok
17:13:44.0085 5992 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:13:44.0163 5992 AeLookupSvc - ok
17:13:44.0226 5992 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:13:44.0319 5992 AFD - ok
17:13:44.0351 5992 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:13:44.0382 5992 agp440 - ok
17:13:44.0413 5992 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:13:44.0444 5992 aic78xx - ok
17:13:44.0491 5992 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:13:44.0538 5992 ALG - ok
17:13:44.0585 5992 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:13:44.0616 5992 aliide - ok
17:13:44.0647 5992 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:13:44.0694 5992 amdagp - ok
17:13:44.0756 5992 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:13:44.0787 5992 amdide - ok
17:13:44.0834 5992 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:13:44.0881 5992 AmdK8 - ok
17:13:44.0912 5992 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:13:44.0959 5992 AmdPPM - ok
17:13:45.0021 5992 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:13:45.0037 5992 amdsata - ok
17:13:45.0084 5992 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:45.0099 5992 amdsbs - ok
17:13:45.0131 5992 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:13:45.0146 5992 amdxata - ok
17:13:45.0240 5992 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:13:45.0255 5992 AntiVirSchedulerService - ok
17:13:45.0302 5992 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:13:45.0333 5992 AntiVirService - ok
17:13:45.0380 5992 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:13:45.0411 5992 AppID - ok
17:13:45.0443 5992 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:13:45.0505 5992 AppIDSvc - ok
17:13:45.0536 5992 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:13:45.0583 5992 Appinfo - ok
17:13:45.0630 5992 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:13:45.0677 5992 AppMgmt - ok
17:13:45.0708 5992 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:13:45.0723 5992 arc - ok
17:13:45.0739 5992 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:13:45.0770 5992 arcsas - ok
17:13:45.0801 5992 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:45.0957 5992 AsyncMac - ok
17:13:46.0004 5992 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:13:46.0035 5992 atapi - ok
17:13:46.0145 5992 [ 4FEE29D288226C9252E49A3277F025C3 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
17:13:46.0285 5992 ATService - ok
17:13:46.0316 5992 [ 53FF3096D5D9AE2A75C16703A9819965 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
17:13:46.0394 5992 ATSwpWDF - ok
17:13:46.0457 5992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:13:46.0519 5992 AudioEndpointBuilder - ok
17:13:46.0535 5992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:13:46.0581 5992 Audiosrv - ok
17:13:46.0628 5992 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:13:46.0659 5992 avgntflt - ok
17:13:46.0706 5992 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:13:46.0722 5992 avipbb - ok
17:13:46.0769 5992 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:13:46.0784 5992 avkmgr - ok
17:13:46.0847 5992 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:13:46.0940 5992 AxInstSV - ok
17:13:47.0003 5992 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:13:47.0081 5992 b06bdrv - ok
17:13:47.0112 5992 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:13:47.0143 5992 b57nd60x - ok
17:13:47.0252 5992 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
17:13:47.0315 5992 BCM43XX - ok
17:13:47.0346 5992 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:13:47.0377 5992 BDESVC - ok
17:13:47.0408 5992 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:13:47.0455 5992 Beep - ok
17:13:47.0517 5992 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:13:47.0595 5992 BFE - ok
17:13:47.0658 5992 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:13:47.0767 5992 BITS - ok
17:13:47.0814 5992 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:47.0845 5992 blbdrive - ok
17:13:47.0876 5992 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:13:47.0939 5992 bowser - ok
17:13:47.0970 5992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:48.0048 5992 BrFiltLo - ok
17:13:48.0063 5992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:48.0095 5992 BrFiltUp - ok
17:13:48.0141 5992 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:13:48.0188 5992 Browser - ok
17:13:48.0204 5992 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:13:48.0266 5992 Brserid - ok
17:13:48.0297 5992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:48.0344 5992 BrSerWdm - ok
17:13:48.0360 5992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:48.0391 5992 BrUsbMdm - ok
17:13:48.0407 5992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:48.0438 5992 BrUsbSer - ok
17:13:48.0485 5992 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:13:48.0594 5992 BthEnum - ok
17:13:48.0625 5992 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:48.0656 5992 BTHMODEM - ok
17:13:48.0687 5992 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:13:48.0703 5992 BthPan - ok
17:13:48.0750 5992 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:13:48.0843 5992 BTHPORT - ok
17:13:48.0875 5992 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:13:48.0937 5992 bthserv - ok
17:13:48.0968 5992 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:13:48.0999 5992 BTHUSB - ok
17:13:49.0031 5992 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:13:49.0077 5992 cdfs - ok
17:13:49.0124 5992 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:13:49.0155 5992 cdrom - ok
17:13:49.0218 5992 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:13:49.0311 5992 CertPropSvc - ok
17:13:49.0343 5992 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:13:49.0374 5992 circlass - ok
17:13:49.0405 5992 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:13:49.0436 5992 CLFS - ok
17:13:49.0499 5992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:49.0530 5992 clr_optimization_v2.0.50727_32 - ok
17:13:49.0623 5992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:49.0655 5992 clr_optimization_v4.0.30319_32 - ok
17:13:49.0686 5992 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:49.0701 5992 CmBatt - ok
17:13:49.0748 5992 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:13:49.0764 5992 cmdide - ok
17:13:49.0811 5992 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
17:13:49.0889 5992 CNG - ok
17:13:49.0951 5992 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:13:50.0029 5992 Com4QLBEx - ok
17:13:50.0060 5992 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:13:50.0076 5992 Compbatt - ok
17:13:50.0123 5992 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:13:50.0138 5992 CompositeBus - ok
17:13:50.0169 5992 COMSysApp - ok
17:13:50.0185 5992 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:50.0201 5992 crcdisk - ok
17:13:50.0247 5992 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:13:50.0310 5992 CryptSvc - ok
17:13:50.0341 5992 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:13:50.0403 5992 CSC - ok
17:13:50.0466 5992 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:13:50.0559 5992 CscService - ok
17:13:50.0591 5992 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:13:50.0637 5992 DcomLaunch - ok
17:13:50.0669 5992 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:13:50.0715 5992 defragsvc - ok
17:13:50.0762 5992 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:13:50.0809 5992 DfsC - ok
17:13:50.0887 5992 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:13:50.0934 5992 Dhcp - ok
17:13:50.0949 5992 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:13:50.0996 5992 discache - ok
17:13:51.0027 5992 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:13:51.0059 5992 Disk - ok
17:13:51.0090 5992 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:13:51.0137 5992 Dnscache - ok
17:13:51.0183 5992 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:13:51.0246 5992 dot3svc - ok
17:13:51.0293 5992 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
17:13:51.0386 5992 DpHost ( UnsignedFile.Multi.Generic ) - warning
17:13:51.0386 5992 DpHost - detected UnsignedFile.Multi.Generic (1)
17:13:51.0433 5992 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:13:51.0495 5992 DPS - ok
17:13:51.0527 5992 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:13:51.0558 5992 drmkaud - ok
17:13:51.0620 5992 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:13:51.0683 5992 DXGKrnl - ok
17:13:51.0729 5992 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:13:51.0776 5992 EapHost - ok
17:13:51.0932 5992 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:13:52.0104 5992 ebdrv - ok
17:13:52.0135 5992 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:13:52.0182 5992 EFS - ok
17:13:52.0244 5992 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:13:52.0322 5992 ehRecvr - ok
17:13:52.0353 5992 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:13:52.0431 5992 ehSched - ok
17:13:52.0509 5992 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:13:52.0587 5992 elxstor - ok
17:13:52.0681 5992 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
17:13:52.0697 5992 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
17:13:52.0697 5992 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
17:13:52.0728 5992 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:13:52.0759 5992 ErrDev - ok
17:13:52.0790 5992 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:13:52.0853 5992 EventSystem - ok
17:13:52.0884 5992 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:13:52.0931 5992 exfat - ok
17:13:52.0946 5992 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:13:52.0977 5992 fastfat - ok
17:13:53.0040 5992 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:13:53.0165 5992 Fax - ok
17:13:53.0211 5992 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:13:53.0227 5992 fdc - ok
17:13:53.0243 5992 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:13:53.0289 5992 fdPHost - ok
17:13:53.0305 5992 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:13:53.0352 5992 FDResPub - ok
17:13:53.0383 5992 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:13:53.0399 5992 FileInfo - ok
17:13:53.0414 5992 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:13:53.0461 5992 Filetrace - ok
17:13:53.0570 5992 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:13:53.0695 5992 FLEXnet Licensing Service - ok
17:13:53.0726 5992 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:53.0757 5992 flpydisk - ok
17:13:53.0789 5992 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:13:53.0820 5992 FltMgr - ok
17:13:53.0898 5992 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
17:13:53.0991 5992 FontCache - ok
17:13:54.0054 5992 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:13:54.0069 5992 FontCache3.0.0.0 - ok
17:13:54.0101 5992 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:13:54.0116 5992 FsDepends - ok
17:13:54.0163 5992 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:13:54.0179 5992 Fs_Rec - ok
17:13:54.0241 5992 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:13:54.0288 5992 fvevol - ok
17:13:54.0319 5992 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:54.0350 5992 gagp30kx - ok
17:13:54.0413 5992 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:13:54.0491 5992 gpsvc - ok
17:13:54.0506 5992 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:13:54.0553 5992 hcw85cir - ok
17:13:54.0615 5992 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:13:54.0662 5992 HdAudAddService - ok
17:13:54.0693 5992 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:13:54.0725 5992 HDAudBus - ok
17:13:54.0756 5992 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:54.0787 5992 HidBatt - ok
17:13:54.0803 5992 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:13:54.0849 5992 HidBth - ok
17:13:54.0881 5992 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:13:54.0896 5992 HidIr - ok
17:13:54.0927 5992 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:13:54.0974 5992 hidserv - ok
17:13:55.0037 5992 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:13:55.0052 5992 HidUsb - ok
17:13:55.0099 5992 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:13:55.0146 5992 hkmsvc - ok
17:13:55.0177 5992 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:13:55.0239 5992 HomeGroupListener - ok
17:13:55.0286 5992 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:13:55.0333 5992 HomeGroupProvider - ok
17:13:55.0380 5992 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:13:55.0411 5992 HpqKbFiltr - ok
17:13:55.0473 5992 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
17:13:55.0505 5992 HpqRemHid - ok
17:13:55.0551 5992 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
17:13:55.0567 5992 hpqwmiex - ok
17:13:55.0598 5992 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:13:55.0629 5992 HpSAMD - ok
17:13:55.0692 5992 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:13:55.0754 5992 HTTP - ok
17:13:55.0801 5992 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:13:55.0817 5992 hwpolicy - ok
17:13:55.0848 5992 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:13:55.0879 5992 i8042prt - ok
17:13:55.0910 5992 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:13:55.0957 5992 iaStorV - ok
17:13:56.0051 5992 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:13:56.0160 5992 idsvc - ok
17:13:56.0191 5992 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:13:56.0222 5992 iirsp - ok
17:13:56.0285 5992 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:13:56.0363 5992 IKEEXT - ok
17:13:56.0503 5992 [ 202350C0055A39CFCA30B2942F7B10D2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:13:56.0581 5992 IntcAzAudAddService - ok
17:13:56.0612 5992 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:13:56.0643 5992 intelide - ok
17:13:56.0659 5992 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:13:56.0690 5992 intelppm - ok
17:13:56.0706 5992 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:13:56.0753 5992 IPBusEnum - ok
17:13:56.0784 5992 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:56.0831 5992 IpFilterDriver - ok
17:13:56.0893 5992 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:13:57.0018 5992 iphlpsvc - ok
17:13:57.0049 5992 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:13:57.0080 5992 IPMIDRV - ok
17:13:57.0096 5992 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:13:57.0158 5992 IPNAT - ok
17:13:57.0189 5992 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:13:57.0236 5992 IRENUM - ok
17:13:57.0267 5992 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:13:57.0283 5992 isapnp - ok
17:13:57.0330 5992 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:13:57.0361 5992 iScsiPrt - ok
17:13:57.0423 5992 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:13:57.0439 5992 kbdclass - ok
17:13:57.0470 5992 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:13:57.0501 5992 kbdhid - ok
17:13:57.0517 5992 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:13:57.0533 5992 KeyIso - ok
17:13:57.0579 5992 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:13:57.0595 5992 KSecDD - ok
17:13:57.0626 5992 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:13:57.0657 5992 KSecPkg - ok
17:13:57.0689 5992 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:13:57.0751 5992 KtmRm - ok
17:13:57.0767 5992 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:13:57.0845 5992 LanmanServer - ok
17:13:57.0876 5992 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:13:57.0923 5992 LanmanWorkstation - ok
17:13:58.0001 5992 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:13:58.0032 5992 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:13:58.0032 5992 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:13:58.0063 5992 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:13:58.0125 5992 lltdio - ok
17:13:58.0157 5992 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:13:58.0203 5992 lltdsvc - ok
17:13:58.0219 5992 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:13:58.0250 5992 lmhosts - ok
17:13:58.0297 5992 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:13:58.0313 5992 LSI_FC - ok
17:13:58.0328 5992 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:13:58.0359 5992 LSI_SAS - ok
17:13:58.0375 5992 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:13:58.0391 5992 LSI_SAS2 - ok
17:13:58.0406 5992 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:13:58.0437 5992 LSI_SCSI - ok
17:13:58.0453 5992 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:13:58.0500 5992 luafv - ok
17:13:58.0547 5992 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:13:58.0562 5992 MBAMProtector - ok
17:13:58.0625 5992 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:13:58.0718 5992 MBAMScheduler - ok
17:13:58.0765 5992 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:13:58.0812 5992 MBAMService - ok
17:13:58.0843 5992 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:13:58.0874 5992 Mcx2Svc - ok
17:13:58.0890 5992 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:13:58.0905 5992 megasas - ok
17:13:58.0937 5992 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:13:58.0952 5992 MegaSR - ok
17:13:58.0983 5992 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:13:59.0030 5992 MMCSS - ok
17:13:59.0061 5992 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:13:59.0108 5992 Modem - ok
17:13:59.0171 5992 [ 25483F9D590D5F00BD951E1181453EC2 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
17:13:59.0202 5992 MODEMCSA - ok
17:13:59.0233 5992 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:13:59.0280 5992 monitor - ok
17:13:59.0311 5992 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:13:59.0327 5992 mouclass - ok
17:13:59.0358 5992 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:13:59.0389 5992 mouhid - ok
17:13:59.0436 5992 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:13:59.0451 5992 mountmgr - ok
17:13:59.0545 5992 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:13:59.0623 5992 MozillaMaintenance - ok
17:13:59.0654 5992 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:13:59.0685 5992 mpio - ok
17:13:59.0717 5992 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:13:59.0763 5992 mpsdrv - ok
17:13:59.0810 5992 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:13:59.0873 5992 MpsSvc - ok
17:13:59.0904 5992 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:13:59.0935 5992 MRxDAV - ok
17:13:59.0982 5992 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:00.0044 5992 mrxsmb - ok
17:14:00.0091 5992 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:00.0185 5992 mrxsmb10 - ok
17:14:00.0216 5992 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:00.0247 5992 mrxsmb20 - ok
17:14:00.0294 5992 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:14:00.0325 5992 msahci - ok
17:14:00.0372 5992 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:14:00.0403 5992 msdsm - ok
17:14:00.0419 5992 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:14:00.0465 5992 MSDTC - ok
17:14:00.0512 5992 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:14:00.0543 5992 Msfs - ok
17:14:00.0559 5992 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:14:00.0606 5992 mshidkmdf - ok
17:14:00.0637 5992 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:14:00.0668 5992 msisadrv - ok
17:14:00.0699 5992 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:14:00.0746 5992 MSiSCSI - ok
17:14:00.0746 5992 msiserver - ok
17:14:00.0777 5992 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:14:00.0809 5992 MSKSSRV - ok
17:14:00.0824 5992 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:00.0871 5992 MSPCLOCK - ok
17:14:00.0887 5992 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:14:00.0933 5992 MSPQM - ok
17:14:00.0965 5992 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:14:00.0980 5992 MsRPC - ok
17:14:01.0027 5992 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:14:01.0058 5992 mssmbios - ok
17:14:01.0074 5992 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:14:01.0105 5992 MSTEE - ok
17:14:01.0136 5992 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:01.0152 5992 MTConfig - ok
17:14:01.0167 5992 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:14:01.0199 5992 Mup - ok
17:14:01.0245 5992 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:14:01.0323 5992 napagent - ok
17:14:01.0370 5992 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:14:01.0448 5992 NativeWifiP - ok
17:14:01.0511 5992 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:14:01.0573 5992 NDIS - ok
17:14:01.0620 5992 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:01.0667 5992 NdisCap - ok
17:14:01.0682 5992 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:01.0729 5992 NdisTapi - ok
17:14:01.0776 5992 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:01.0823 5992 Ndisuio - ok
17:14:01.0869 5992 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:01.0916 5992 NdisWan - ok
17:14:01.0963 5992 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:14:01.0994 5992 NDProxy - ok
17:14:02.0010 5992 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:14:02.0057 5992 NetBIOS - ok
17:14:02.0103 5992 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:14:02.0166 5992 NetBT - ok
17:14:02.0181 5992 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:14:02.0197 5992 Netlogon - ok
17:14:02.0228 5992 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:14:02.0291 5992 Netman - ok
17:14:02.0322 5992 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:14:02.0369 5992 netprofm - ok
17:14:02.0415 5992 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:14:02.0447 5992 NetTcpPortSharing - ok
17:14:02.0478 5992 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:02.0509 5992 nfrd960 - ok
17:14:02.0556 5992 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:14:02.0649 5992 NlaSvc - ok
17:14:02.0696 5992 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:14:02.0743 5992 Npfs - ok
17:14:02.0743 5992 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:14:02.0790 5992 nsi - ok
17:14:02.0805 5992 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:14:02.0852 5992 nsiproxy - ok
17:14:02.0930 5992 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:14:03.0008 5992 Ntfs - ok
17:14:03.0039 5992 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:14:03.0086 5992 Null - ok
17:14:03.0117 5992 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
17:14:03.0164 5992 NVENETFD - ok
17:14:03.0414 5992 [ 05B288B25C2EBD9A4E9E5114AE790876 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:14:03.0632 5992 nvlddmkm - ok
17:14:03.0679 5992 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:14:03.0710 5992 nvraid - ok
17:14:03.0741 5992 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
17:14:03.0804 5992 nvsmu - ok
17:14:03.0851 5992 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:14:03.0897 5992 nvstor - ok
17:14:03.0913 5992 [ E937A615D4289E83E234C3EC26092431 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:14:03.0960 5992 nvsvc - ok
17:14:03.0991 5992 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:14:04.0022 5992 nv_agp - ok
17:14:04.0131 5992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:04.0178 5992 odserv - ok
17:14:04.0209 5992 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:14:04.0241 5992 ohci1394 - ok
17:14:04.0287 5992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:04.0303 5992 ose - ok
17:14:04.0350 5992 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:14:04.0412 5992 p2pimsvc - ok
17:14:04.0443 5992 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:14:04.0521 5992 p2psvc - ok
17:14:04.0553 5992 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:14:04.0584 5992 Parport - ok
17:14:04.0631 5992 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:14:04.0646 5992 partmgr - ok
17:14:04.0662 5992 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:14:04.0677 5992 Parvdm - ok
17:14:04.0709 5992 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:14:04.0740 5992 PcaSvc - ok
17:14:04.0787 5992 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:14:04.0802 5992 pci - ok
17:14:04.0865 5992 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:14:04.0911 5992 pciide - ok
17:14:04.0943 5992 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:04.0974 5992 pcmcia - ok
17:14:05.0005 5992 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:14:05.0036 5992 pcw - ok
17:14:05.0099 5992 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:14:05.0177 5992 PEAUTH - ok
17:14:05.0239 5992 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:14:05.0333 5992 PeerDistSvc - ok
17:14:05.0411 5992 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:14:05.0504 5992 pla - ok
17:14:05.0567 5992 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:14:05.0645 5992 PlugPlay - ok
17:14:05.0660 5992 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:14:05.0691 5992 PNRPAutoReg - ok
17:14:05.0723 5992 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:14:05.0738 5992 PNRPsvc - ok
17:14:05.0769 5992 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:14:05.0816 5992 PolicyAgent - ok
17:14:05.0863 5992 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:14:05.0972 5992 Power - ok
17:14:06.0003 5992 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:14:06.0066 5992 PptpMiniport - ok
17:14:06.0081 5992 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:14:06.0113 5992 Processor - ok
17:14:06.0159 5992 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:14:06.0206 5992 ProfSvc - ok
17:14:06.0222 5992 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:14:06.0237 5992 ProtectedStorage - ok
17:14:06.0284 5992 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:14:06.0315 5992 Psched - ok
17:14:06.0378 5992 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:14:06.0425 5992 ql2300 - ok
17:14:06.0440 5992 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:06.0471 5992 ql40xx - ok
17:14:06.0503 5992 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:14:06.0534 5992 QWAVE - ok
17:14:06.0565 5992 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:14:06.0581 5992 QWAVEdrv - ok
17:14:06.0612 5992 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:14:06.0659 5992 RasAcd - ok
17:14:06.0705 5992 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:06.0752 5992 RasAgileVpn - ok
17:14:06.0768 5992 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:14:06.0815 5992 RasAuto - ok
17:14:06.0830 5992 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:06.0877 5992 Rasl2tp - ok
17:14:06.0955 5992 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:14:07.0064 5992 RasMan - ok
17:14:07.0095 5992 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:07.0158 5992 RasPppoe - ok
17:14:07.0189 5992 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:14:07.0236 5992 RasSstp - ok
17:14:07.0283 5992 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:14:07.0329 5992 rdbss - ok
17:14:07.0361 5992 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:07.0392 5992 rdpbus - ok
17:14:07.0423 5992 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:07.0532 5992 RDPCDD - ok
17:14:07.0595 5992 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:14:07.0626 5992 RDPDR - ok
17:14:07.0657 5992 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:14:07.0704 5992 RDPENCDD - ok
17:14:07.0735 5992 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:14:07.0782 5992 RDPREFMP - ok
17:14:07.0844 5992 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:14:07.0891 5992 RdpVideoMiniport - ok
17:14:07.0938 5992 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:14:07.0969 5992 RDPWD - ok
17:14:08.0016 5992 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:14:08.0094 5992 rdyboost - ok
17:14:08.0141 5992 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:14:08.0187 5992 RemoteAccess - ok
17:14:08.0219 5992 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:14:08.0281 5992 RemoteRegistry - ok
17:14:08.0312 5992 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:14:08.0343 5992 RFCOMM - ok
17:14:08.0375 5992 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:14:08.0421 5992 RpcEptMapper - ok
17:14:08.0453 5992 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:14:08.0484 5992 RpcLocator - ok
17:14:08.0515 5992 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:14:08.0546 5992 RpcSs - ok
17:14:08.0577 5992 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:14:08.0624 5992 rspndr - ok
17:14:08.0655 5992 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:14:08.0687 5992 s3cap - ok
17:14:08.0702 5992 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:14:08.0718 5992 SamSs - ok
17:14:08.0765 5992 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:14:08.0796 5992 sbp2port - ok
17:14:08.0827 5992 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:14:08.0858 5992 SCardSvr - ok
17:14:08.0874 5992 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:14:08.0921 5992 scfilter - ok
17:14:08.0983 5992 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:14:09.0123 5992 Schedule - ok
17:14:09.0155 5992 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:14:09.0170 5992 SCPolicySvc - ok
17:14:09.0217 5992 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:14:09.0264 5992 SDRSVC - ok
17:14:09.0311 5992 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:14:09.0342 5992 secdrv - ok
17:14:09.0373 5992 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:14:09.0420 5992 seclogon - ok
17:14:09.0435 5992 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:14:09.0482 5992 SENS - ok
17:14:09.0513 5992 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:14:09.0576 5992 SensrSvc - ok
17:14:09.0607 5992 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:14:09.0669 5992 Serenum - ok
17:14:09.0701 5992 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:14:09.0732 5992 Serial - ok
17:14:09.0763 5992 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:14:09.0810 5992 sermouse - ok
17:14:09.0857 5992 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:14:09.0919 5992 SessionEnv - ok
17:14:09.0966 5992 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:14:10.0013 5992 sffdisk - ok
17:14:10.0028 5992 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:14:10.0059 5992 sffp_mmc - ok
17:14:10.0075 5992 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:14:10.0106 5992 sffp_sd - ok
17:14:10.0137 5992 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:10.0169 5992 sfloppy - ok
17:14:10.0215 5992 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:14:10.0278 5992 SharedAccess - ok
17:14:10.0309 5992 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:14:10.0371 5992 ShellHWDetection - ok
17:14:10.0434 5992 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:14:10.0449 5992 sisagp - ok
17:14:10.0481 5992 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:10.0496 5992 SiSRaid2 - ok
17:14:10.0527 5992 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:10.0543 5992 SiSRaid4 - ok
17:14:10.0637 5992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:14:10.0761 5992 SkypeUpdate - ok
17:14:10.0871 5992 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
17:14:10.0964 5992 SMARTHelperService - ok
17:14:11.0027 5992 [ A4C659F9692E7695CFDD23B9EF9F035D ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
17:14:11.0042 5992 SMARTMouseFilterx86 - ok
17:14:11.0105 5992 [ 45954C46F3FCAE82AC7ACF58F2B421BD ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
17:14:11.0120 5992 SMARTVHidMini2000x86 - ok
17:14:11.0136 5992 [ BD6F2C43F591A93D3D987A404DB3D62D ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
17:14:11.0151 5992 SMARTVTabletPCx86 - ok
17:14:11.0183 5992 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:14:11.0229 5992 Smb - ok
17:14:11.0276 5992 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
17:14:11.0339 5992 smserial - ok
17:14:11.0385 5992 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:14:11.0417 5992 SNMPTRAP - ok
17:14:11.0510 5992 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:14:11.0573 5992 Sony PC Companion - ok
17:14:11.0604 5992 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:14:11.0635 5992 spldr - ok
17:14:11.0666 5992 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:14:11.0744 5992 Spooler - ok
17:14:11.0853 5992 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:14:12.0041 5992 sppsvc - ok
17:14:12.0087 5992 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:14:12.0181 5992 sppuinotify - ok
17:14:12.0259 5992 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
17:14:12.0259 5992 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
17:14:12.0275 5992 sptd ( LockedFile.Multi.Generic ) - warning
17:14:12.0275 5992 sptd - detected LockedFile.Multi.Generic (1)
17:14:12.0321 5992 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:14:12.0368 5992 srv - ok
17:14:12.0415 5992 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:14:12.0462 5992 srv2 - ok
17:14:12.0493 5992 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:14:12.0524 5992 srvnet - ok
17:14:12.0555 5992 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:14:12.0618 5992 SSDPSRV - ok
17:14:12.0680 5992 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:14:12.0696 5992 ssmdrv - ok
17:14:12.0711 5992 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:14:12.0743 5992 SstpSvc - ok
17:14:12.0758 5992 StarOpen - ok
17:14:12.0789 5992 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:14:12.0805 5992 stexstor - ok
17:14:12.0852 5992 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:14:12.0914 5992 StiSvc - ok
17:14:12.0930 5992 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:14:12.0945 5992 storflt - ok
17:14:12.0977 5992 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:14:13.0023 5992 StorSvc - ok
17:14:13.0055 5992 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:14:13.0101 5992 storvsc - ok
17:14:13.0148 5992 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:14:13.0179 5992 swenum - ok
17:14:13.0211 5992 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:14:13.0257 5992 swprv - ok
17:14:13.0320 5992 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:14:13.0351 5992 SynTP - ok
17:14:13.0429 5992 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:14:13.0476 5992 SysMain - ok
17:14:13.0523 5992 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:14:13.0554 5992 TabletInputService - ok
17:14:13.0616 5992 [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
17:14:13.0725 5992 TabletServicePen - ok
17:14:13.0772 5992 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:14:13.0835 5992 TapiSrv - ok
17:14:13.0850 5992 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:14:13.0913 5992 TBS - ok
17:14:13.0991 5992 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:14:14.0131 5992 Tcpip - ok
17:14:14.0178 5992 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:14:14.0225 5992 TCPIP6 - ok
17:14:14.0271 5992 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:14:14.0303 5992 tcpipreg - ok
17:14:14.0349 5992 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:14:14.0396 5992 TDPIPE - ok
17:14:14.0427 5992 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:14:14.0459 5992 TDTCP - ok
17:14:14.0505 5992 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:14:14.0537 5992 tdx - ok
17:14:14.0568 5992 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:14:14.0583 5992 TermDD - ok
17:14:14.0646 5992 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:14:14.0771 5992 TermService - ok
17:14:14.0802 5992 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:14:14.0849 5992 Themes - ok
17:14:14.0880 5992 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:14:14.0911 5992 THREADORDER - ok
17:14:14.0927 5992 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:14:14.0989 5992 TrkWks - ok
17:14:15.0036 5992 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:14:15.0098 5992 TrustedInstaller - ok
17:14:15.0145 5992 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:15.0192 5992 tssecsrv - ok
17:14:15.0239 5992 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:14:15.0270 5992 TsUsbFlt - ok
17:14:15.0332 5992 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:14:15.0363 5992 tunnel - ok
17:14:15.0395 5992 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:14:15.0410 5992 uagp35 - ok
17:14:15.0441 5992 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:14:15.0504 5992 udfs - ok
17:14:15.0535 5992 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:14:15.0566 5992 UI0Detect - ok
17:14:15.0613 5992 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:14:15.0644 5992 uliagpkx - ok
17:14:15.0707 5992 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:14:15.0722 5992 umbus - ok
17:14:15.0753 5992 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:14:15.0785 5992 UmPass - ok
17:14:15.0816 5992 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:14:15.0863 5992 UmRdpService - ok
17:14:15.0878 5992 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:14:15.0956 5992 upnphost - ok
17:14:16.0003 5992 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:14:16.0050 5992 usbaudio - ok
17:14:16.0097 5992 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:16.0128 5992 usbccgp - ok
17:14:16.0175 5992 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:14:16.0221 5992 usbcir - ok
17:14:16.0268 5992 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:14:16.0284 5992 usbehci - ok
17:14:16.0315 5992 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:14:16.0346 5992 usbhub - ok
17:14:16.0362 5992 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:14:16.0393 5992 usbohci - ok
17:14:16.0440 5992 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:14:16.0455 5992 usbprint - ok
17:14:16.0502 5992 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:14:16.0549 5992 usbscan - ok
17:14:16.0643 5992 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
17:14:16.0689 5992 usbser - ok
17:14:16.0689 5992 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:16.0752 5992 USBSTOR - ok
17:14:16.0783 5992 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:14:16.0814 5992 usbuhci - ok
17:14:16.0861 5992 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:14:16.0892 5992 usbvideo - ok
17:14:16.0923 5992 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:14:16.0986 5992 UxSms - ok
17:14:17.0017 5992 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:14:17.0033 5992 VaultSvc - ok
17:14:17.0064 5992 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:14:17.0095 5992 vdrvroot - ok
17:14:17.0142 5992 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:14:17.0267 5992 vds - ok
17:14:17.0313 5992 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:17.0329 5992 vga - ok
17:14:17.0376 5992 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:14:17.0407 5992 VgaSave - ok
17:14:17.0438 5992 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:14:17.0469 5992 vhdmp - ok
17:14:17.0501 5992 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:14:17.0532 5992 viaagp - ok
17:14:17.0547 5992 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:14:17.0579 5992 ViaC7 - ok
17:14:17.0594 5992 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:14:17.0625 5992 viaide - ok
17:14:17.0672 5992 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:14:17.0750 5992 vmbus - ok
17:14:17.0766 5992 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:14:17.0797 5992 VMBusHID - ok
17:14:17.0813 5992 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:14:17.0844 5992 volmgr - ok
17:14:17.0875 5992 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:14:17.0906 5992 volmgrx - ok
17:14:17.0922 5992 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:14:17.0953 5992 volsnap - ok
17:14:17.0984 5992 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:18.0015 5992 vsmraid - ok
17:14:18.0062 5992 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:14:18.0171 5992 VSS - ok
17:14:18.0203 5992 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:14:18.0234 5992 vwifibus - ok
17:14:18.0265 5992 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:14:18.0296 5992 vwififlt - ok
17:14:18.0312 5992 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:14:18.0343 5992 vwifimp - ok
17:14:18.0374 5992 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:14:18.0437 5992 W32Time - ok
17:14:18.0499 5992 [ A4293CE975419A9D139355B3E7A98B62 ] wacomhidfilter C:\Windows\system32\DRIVERS\wacomhidfilter.sys
17:14:18.0515 5992 wacomhidfilter - ok
17:14:18.0515 5992 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:14:18.0546 5992 wacommousefilter - ok
17:14:18.0577 5992 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:14:18.0608 5992 WacomPen - ok
17:14:18.0624 5992 [ EAA61E9010C21A1C12BFE5B9E3160C59 ] WacomTouchService C:\Windows\system32\WacomTouchService.exe
17:14:18.0655 5992 WacomTouchService - ok
17:14:18.0686 5992 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
17:14:18.0702 5992 wacomvhid - ok
17:14:18.0717 5992 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
17:14:18.0733 5992 WacomVKHid - ok
17:14:18.0749 5992 [ 423ABF94D9D0A2EA1AD104E3519D4FEA ] WacomVTHid C:\Windows\system32\DRIVERS\WacomVTHid.sys
17:14:18.0764 5992 WacomVTHid - ok
17:14:18.0827 5992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:14:18.0858 5992 WANARP - ok
17:14:18.0858 5992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:14:18.0889 5992 Wanarpv6 - ok
17:14:18.0983 5992 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:14:19.0139 5992 wbengine - ok
17:14:19.0170 5992 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:14:19.0217 5992 WbioSrvc - ok
17:14:19.0263 5992 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:14:19.0326 5992 wcncsvc - ok
17:14:19.0341 5992 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:19.0388 5992 WcsPlugInService - ok
17:14:19.0419 5992 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:14:19.0451 5992 Wd - ok
17:14:19.0513 5992 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
17:14:19.0513 5992 WDC_SAM ( UnsignedFile.Multi.Generic ) - warning
17:14:19.0513 5992 WDC_SAM - detected UnsignedFile.Multi.Generic (1)
17:14:19.0575 5992 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:14:19.0622 5992 Wdf01000 - ok
17:14:19.0638 5992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:14:19.0716 5992 WdiServiceHost - ok
17:14:19.0731 5992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:14:19.0747 5992 WdiSystemHost - ok
17:14:19.0794 5992 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:14:19.0841 5992 WebClient - ok
17:14:19.0856 5992 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:14:19.0903 5992 Wecsvc - ok
17:14:19.0919 5992 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:14:19.0981 5992 wercplsupport - ok
17:14:20.0012 5992 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:14:20.0059 5992 WerSvc - ok
17:14:20.0106 5992 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:20.0137 5992 WfpLwf - ok
17:14:20.0153 5992 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:14:20.0184 5992 WIMMount - ok
17:14:20.0231 5992 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:14:20.0309 5992 WinDefend - ok
17:14:20.0324 5992 WinHttpAutoProxySvc - ok
17:14:20.0387 5992 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:14:20.0449 5992 Winmgmt - ok
17:14:20.0511 5992 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:14:20.0667 5992 WinRM - ok
17:14:20.0745 5992 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:14:20.0777 5992 WinUsb - ok
17:14:20.0839 5992 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:14:20.0886 5992 Wlansvc - ok
17:14:20.0995 5992 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:14:21.0182 5992 wlidsvc - ok
17:14:21.0245 5992 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:14:21.0260 5992 WmiAcpi - ok
17:14:21.0307 5992 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:14:21.0354 5992 wmiApSrv - ok
17:14:21.0447 5992 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:14:21.0525 5992 WMPNetworkSvc - ok
17:14:21.0557 5992 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:14:21.0588 5992 WPCSvc - ok
17:14:21.0635 5992 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:14:21.0713 5992 WPDBusEnum - ok
17:14:21.0759 5992 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:14:21.0806 5992 ws2ifsl - ok
17:14:21.0837 5992 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:14:21.0869 5992 wscsvc - ok
17:14:21.0884 5992 WSearch - ok
17:14:21.0962 5992 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:14:22.0056 5992 wuauserv - ok
17:14:22.0103 5992 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:14:22.0134 5992 WudfPf - ok
17:14:22.0181 5992 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:22.0212 5992 WUDFRd - ok
17:14:22.0243 5992 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:14:22.0274 5992 wudfsvc - ok
17:14:22.0305 5992 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:14:22.0337 5992 WwanSvc - ok
17:14:22.0399 5992 ================ Scan global ===============================
17:14:22.0446 5992 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:14:22.0508 5992 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:14:22.0571 5992 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:14:22.0602 5992 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:14:22.0649 5992 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:14:22.0680 5992 [Global] - ok
17:14:22.0680 5992 ================ Scan MBR ==================================
17:14:22.0695 5992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:14:22.0992 5992 \Device\Harddisk0\DR0 - ok
17:14:22.0992 5992 ================ Scan VBR ==================================
17:14:22.0992 5992 [ EB6C30FAD276855E5CDCAC0656285A62 ] \Device\Harddisk0\DR0\Partition1
17:14:23.0007 5992 \Device\Harddisk0\DR0\Partition1 - ok
17:14:23.0039 5992 [ F0051B3136D6FEF39A9F39105E42B67A ] \Device\Harddisk0\DR0\Partition2
17:14:23.0039 5992 \Device\Harddisk0\DR0\Partition2 - ok
17:14:23.0039 5992 ============================================================
17:14:23.0039 5992 Scan finished
17:14:23.0039 5992 ============================================================
17:14:23.0070 4676 Detected object count: 5
17:14:23.0070 4676 Actual detected object count: 5
17:15:26.0671 4676 DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676 DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:15:26.0671 4676 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:15:26.0671 4676 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:15:26.0671 4676 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:15:26.0687 4676 WDC_SAM ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0687 4676 WDC_SAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:15:39.0338 3536 Deinitialize success
|
|
12.03.2013, 17:53
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 00:15
| #8 |
| | Groupon Trojaner Hier ist der aswMBR-Log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 00:08:25
-----------------------------
00:08:25.807 OS Version: Windows 6.1.7601 Service Pack 1
00:08:25.807 Number of processors: 2 586 0x6802
00:08:25.811 ComputerName: IGOR-PC UserName: Igor
00:08:26.889 Initialize success
00:08:42.773 AVAST engine defs: 13031200
00:09:46.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000079
00:09:46.115 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
00:09:46.143 Disk 0 MBR read successfully
00:09:46.147 Disk 0 MBR scan
00:09:46.179 Disk 0 Windows 7 default MBR code
00:09:46.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:09:46.271 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
00:09:46.287 Disk 0 scanning sectors +488394752
00:09:46.398 Disk 0 scanning C:\Windows\system32\drivers
00:10:11.611 Service scanning
00:10:36.398 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:10:45.948 Modules scanning
00:11:05.787 Disk 0 trace - called modules:
00:11:05.821 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x865cd1f8]<<
00:11:05.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868aa380]
00:11:05.838 3 CLASSPNP.SYS[8b98959e] -> nt!IofCallDriver -> [0x866c5698]
00:11:05.847 5 ACPI.sys[8b36a3d4] -> nt!IofCallDriver -> \Device\00000079[0x8664d030]
00:11:05.855 \Driver\nvstor[0x8664f948] -> IRP_MJ_CREATE -> 0x865cd1f8
00:11:05.865 Scan finished successfully
00:11:33.810 Disk 0 MBR has been saved successfully to "C:\Users\Igor\Desktop\MBR.dat"
00:11:33.821 The log file has been saved successfully to "C:\Users\Igor\Desktop\aswMBR.txt"
|
|
13.03.2013, 08:57
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 14:32
| #10 |
| | Groupon Trojaner Hier ist die Log-Datei von ComboFix: Code:
ATTFilter ComboFix 13-03-12.02 - Igor 13.03.2013 14:06:26.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3007.1960 [GMT 1:00]
ausgeführt von:: c:\users\Igor\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Igor\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\system32\sm56co85.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-13 bis 2013-03-13 ))))))))))))))))))))))))))))))
.
.
2013-03-13 13:14 . 2013-03-13 13:14 -------- d-----w- c:\users\Igor\AppData\Local\temp
2013-03-13 13:14 . 2013-03-13 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 17:31 . 2013-03-08 17:31 -------- d-----w- c:\users\Igor\AppData\Roaming\Malwarebytes
2013-03-08 17:31 . 2013-03-08 17:31 -------- d-----w- c:\programdata\Malwarebytes
2013-03-08 17:31 . 2013-03-08 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-08 17:31 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-02 15:42 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-02 15:42 . 2013-01-13 19:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-02 15:42 . 2013-01-13 21:17 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-02 15:42 . 2013-01-13 21:17 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-02 15:42 . 2013-01-13 21:16 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-19 06:14 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-19 06:14 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-19 06:14 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-19 06:14 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-19 06:13 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-19 06:13 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-17 19:50 . 2013-02-17 19:50 -------- d-----w- c:\windows\de
2013-02-17 19:49 . 2013-02-17 19:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-17 19:48 . 2013-02-17 19:49 -------- d-----w- c:\program files\Windows Live
2013-02-17 19:47 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-02-17 19:47 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-02-17 19:47 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-02-17 19:47 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-17 19:46 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-02-17 19:45 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-17 19:43 . 2013-02-17 19:51 -------- d-----w- c:\users\Igor\AppData\Local\Windows Live
2013-02-17 19:42 . 2013-02-17 19:42 -------- d-----w- c:\program files\Common Files\Windows Live
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:13 . 2012-12-24 19:00 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 19:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-10 08:28 . 2013-03-10 08:28 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Igor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Igor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Igor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-04 332432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
S3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [x]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38 153232 ---ha-w- c:\programdata\Duden\DKReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\xsu45c8k.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2009-10-23 18:01; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(528)
c:\windows\system32\DPPWDFLT.DLL
.
Zeit der Fertigstellung: 2013-03-13 14:16:00
ComboFix-quarantined-files.txt 2013-03-13 13:16
.
Vor Suchlauf: 11 Verzeichnis(se), 142.423.691.264 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 142.469.148.672 Bytes frei
.
- - End Of File - - 02C47AB62B752581C58FF204B34D70FC
|
|
13.03.2013, 14:38
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 17:11
| #12 |
| | Groupon Trojaner Hier ist das Ergebnis von JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Professional x86
Ran by Igor on 13.03.2013 at 16:28:07,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Igor\appdata\locallow\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\minidumps [55 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 16:31:06,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier ist das Ergebnis von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 16:39:54 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Igor - IGOR-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Igor\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\xsu45c8k.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [721 octets] - [13/03/2013 16:39:54]
########## EOF - C:\AdwCleaner[S1].txt - [780 octets] ##########
Hier ist das Ergebnis von OTL: Code:
ATTFilter OTL logfile created on: 13.03.2013 16:48:33 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Igor\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,94 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,42% Memory free 5,87 Gb Paging File | 4,57 Gb Available in Paging File | 77,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 132,39 Gb Free Space | 56,87% Space Free | Partition Type: NTFS Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Igor\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies) PRC - C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies) PRC - C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\WacomTouchService.exe () PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\System32\msjetoledb40.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SMARTHelperService) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (WacomTouchService) -- C:\Windows\System32\WacomTouchService.exe () SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (StarOpen) -- File not found DRV - (catchme) -- C:\Users\Igor\AppData\Local\Temp\catchme.sys File not found DRV - (aujeff7a) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC) DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC) DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (wacomhidfilter) -- C:\Windows\System32\drivers\wacomhidfilter.sys (Wacom Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{C1A4511A-C963-4E44-A47E-977FBE201AA4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{F6BAB714-EFC8-4CCA-A045-5564D39015F8}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.10.23 17:01:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.28 18:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.28 18:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.10 09:28:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:28:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.10.23 17:01:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.10 09:28:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:28:06 | 000,000,000 | ---D | M] [2010.05.09 16:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Extensions [2013.03.11 06:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Firefox\Profiles\xsu45c8k.default\extensions [2013.03.11 06:18:41 | 000,013,968 | ---- | M] () (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2011.08.03 19:02:41 | 000,083,618 | ---- | M] () -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\searchplugins\canoonet.xml [2013.03.10 09:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.10 09:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.10 09:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.10 09:28:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.28 16:32:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 19:53:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.03.28 16:32:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.28 16:32:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.28 16:32:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.28 16:32:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.13 14:14:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093BF58E-1AED-4338-B93C-59B3F257B0D2}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA3D1E6-CC7F-4DD5-9C4E-53539239BEFF}: DhcpNameServer = 10.101.226.2 195.37.105.57 195.37.105.58 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 16:28:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.13 16:27:26 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.13 16:24:29 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Igor\Desktop\JRT.exe [2013.03.13 14:16:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.13 14:16:02 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.13 14:16:02 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Local\temp [2013.03.13 14:03:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.13 14:03:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.13 14:03:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.13 14:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.13 14:02:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.13 13:59:13 | 005,037,887 | R--- | C] (Swearware) -- C:\Users\Igor\Desktop\ComboFix.exe [2013.03.12 17:09:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Igor\Desktop\tdsskiller.exe [2013.03.12 16:29:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Igor\Desktop\aswMBR.exe [2013.03.12 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Igor\Desktop\mbar-1.01.0.1021 [2013.03.10 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.08 20:16:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe [2013.03.08 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Roaming\Malwarebytes [2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.08 18:31:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.08 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.02 16:42:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.02 16:42:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.03.02 16:42:00 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.02 16:42:00 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.02 16:42:00 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.02 16:41:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.02 16:41:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.02 16:41:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.02 16:41:55 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.03.02 16:41:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.03.02 16:41:54 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.03.02 16:41:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.03.02 16:41:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.03.02 16:41:52 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.03.02 16:41:52 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.03.02 16:41:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.03.02 16:41:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.03.02 16:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.03.02 16:41:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.03.02 16:41:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.03.02 16:41:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.03.01 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\Igor\Documents\Command and Conquer Generals Data [2013.02.19 07:14:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.19 07:14:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.19 07:14:12 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.19 07:13:54 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.19 07:13:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.17 20:50:03 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.02.17 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.02.17 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.02.17 20:47:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2013.02.17 20:47:31 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2013.02.17 20:47:31 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2013.02.17 20:47:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2013.02.17 20:46:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2013.02.17 20:45:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2013.02.17 20:43:36 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Local\Windows Live [2013.02.17 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live ========== Files - Modified Within 30 Days ========== [2013.03.13 16:50:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 16:50:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 16:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 16:42:16 | 2364,493,824 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 16:25:19 | 000,597,667 | ---- | M] () -- C:\Users\Igor\Desktop\adwcleaner.exe [2013.03.13 16:24:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Igor\Desktop\JRT.exe [2013.03.13 14:14:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.13 13:59:29 | 005,037,887 | R--- | M] (Swearware) -- C:\Users\Igor\Desktop\ComboFix.exe [2013.03.13 00:11:33 | 000,000,512 | ---- | M] () -- C:\Users\Igor\Desktop\MBR.dat [2013.03.12 17:20:31 | 000,116,694 | ---- | M] () -- C:\Users\Igor\Desktop\aswMBR.png [2013.03.12 17:09:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Igor\Desktop\tdsskiller.exe [2013.03.12 16:30:55 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Igor\Desktop\aswMBR.exe [2013.03.12 15:56:25 | 013,786,977 | ---- | M] () -- C:\Users\Igor\Desktop\mbar-1.01.0.1021.zip [2013.03.11 19:20:34 | 322,961,408 | ---- | M] () -- C:\Users\Igor\Desktop\pmagic_2013_02_28.iso [2013.03.08 20:49:59 | 000,377,856 | ---- | M] () -- C:\Users\Igor\Desktop\gmer_2.1.19155.exe [2013.03.08 20:16:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe [2013.03.04 06:14:35 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.04 06:14:35 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.04 06:14:35 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.04 06:14:35 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.24 22:27:11 | 000,003,077 | ---- | M] () -- C:\Users\Igor\.recently-used.xbel [2013.02.19 17:37:46 | 000,445,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.17 20:49:26 | 000,000,020 | ---- | M] () -- C:\Windows\´ó ========== Files Created - No Company Name ========== [2013.03.13 16:25:19 | 000,597,667 | ---- | C] () -- C:\Users\Igor\Desktop\adwcleaner.exe [2013.03.13 14:03:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.13 14:03:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.13 14:03:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.13 14:03:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.13 14:03:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.13 00:11:33 | 000,000,512 | ---- | C] () -- C:\Users\Igor\Desktop\MBR.dat [2013.03.12 16:47:16 | 000,116,694 | ---- | C] () -- C:\Users\Igor\Desktop\aswMBR.png [2013.03.12 15:56:23 | 013,786,977 | ---- | C] () -- C:\Users\Igor\Desktop\mbar-1.01.0.1021.zip [2013.03.11 19:11:41 | 322,961,408 | ---- | C] () -- C:\Users\Igor\Desktop\pmagic_2013_02_28.iso [2013.03.08 20:49:58 | 000,377,856 | ---- | C] () -- C:\Users\Igor\Desktop\gmer_2.1.19155.exe [2013.02.24 22:27:11 | 000,003,077 | ---- | C] () -- C:\Users\Igor\.recently-used.xbel [2013.02.17 20:49:48 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.02.17 20:49:32 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.02.17 20:49:25 | 000,000,020 | ---- | C] () -- C:\Windows\´ó [2013.01.06 21:11:43 | 000,000,092 | ---- | C] () -- C:\Users\Igor\de.pws [2013.01.06 21:11:43 | 000,000,025 | ---- | C] () -- C:\Users\Igor\de.prepl [2012.11.17 21:02:24 | 000,000,728 | ---- | C] () -- C:\Users\Igor\.tracker.prefs [2012.11.17 21:02:24 | 000,000,158 | ---- | C] () -- C:\Users\Igor\.tracker_starter.prefs [2012.04.10 14:22:33 | 000,004,096 | -H-- | C] () -- C:\Users\Igor\AppData\Local\keyfile3.drm [2011.11.11 20:54:50 | 000,077,216 | ---- | C] () -- C:\ProgramData\dudenbib.wav [2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.07.01 13:03:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.14 19:18:15 | 000,000,173 | ---- | C] () -- C:\Users\Igor\AppData\Local\msmathematics.qat.Igor [2011.03.27 20:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI [2010.12.12 23:18:12 | 000,006,238 | ---- | C] () -- C:\Users\Igor\.emacs [2010.12.12 12:37:02 | 000,004,752 | ---- | C] () -- C:\Users\Igor\%backup%~ [2010.11.27 15:02:12 | 000,011,376 | ---- | C] () -- C:\Users\Igor\gsview32.ini [2009.11.22 13:46:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.23 17:41:33 | 000,007,597 | ---- | C] () -- C:\Users\Igor\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.03.2013 16:48:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Igor\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,94 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,42% Memory free
5,87 Gb Paging File | 4,57 Gb Available in Paging File | 77,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 132,39 Gb Free Space | 56,87% Space Free | Partition Type: NTFS
Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F85F9-F6C2-489E-B5F6-F059582E205B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0AA4DB48-8344-48F7-AAAF-746E6F6B204C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D29FD02-2170-4510-988C-4432F2ECFE28}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D3FB491-AE9F-4A1A-97DE-0F41A621021C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1202045F-1670-42B8-BDC5-4390D4F43CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1447A0D3-D3A0-4294-AD91-E132D662BFEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{19CA0F7B-EF88-4D05-A5AB-08C02FB26DF5}" = lport=57564 | protocol=6 | dir=in | name=pando media booster |
"{1BD286D5-DBE8-4C30-8EE7-A3E6082EDF7A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1FC037D1-993A-45E9-ABD4-D64FF9EF1156}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A239A87-19E0-4E2D-8F5C-039604C8F260}" = lport=57564 | protocol=17 | dir=in | name=pando media booster |
"{3AEDD7A0-1658-4362-A64C-5C62C47DED1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{43090ACE-CBCE-44D7-B636-B323A9394FA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44173BC3-4361-4AE2-AD4A-3D5A86500F61}" = lport=139 | protocol=6 | dir=in | app=system |
"{5769F108-41DE-4B9F-905D-41E2CDB16338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B0E2238-1C56-4AF5-A3C3-461BB9E20045}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E6EA0A3-4152-440E-92E2-97A56CFAE187}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6241E64B-9D0A-4AB6-83CC-E15A88852A2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{6760D11F-C7AE-4176-BC39-139E919C26E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EC0457B-9F65-488A-91B2-56280D1A8382}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73E57006-B439-45B0-9525-24D5F46B5288}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78B96770-22BC-43DD-AEC8-A25D1C183765}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FB31C95-A88E-4117-BCD4-575B116FA2E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B9EAE3C-C259-462F-8727-F6A1676400E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1C9BBD1-DFB3-4526-B559-4DAE25FA3F0F}" = lport=57564 | protocol=6 | dir=in | name=pando media booster |
"{B6E0F417-F2F0-4BFB-8923-14008B180101}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C38D9235-6984-4DAD-AF62-9C3FBDC3B411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4D23DFE-E827-4B36-AD16-3E1885D1C4FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5DDC500-E7F1-4BBA-A60F-BC39D10F674F}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF08E3B9-BF5C-4491-9B43-1C662E6992C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0ADB5E8-2273-45CF-B4B9-7B5B8AEF56CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E28E3BF1-E553-4412-88F9-B2A87B102F51}" = lport=57564 | protocol=17 | dir=in | name=pando media booster |
"{E4D36BDC-9A4B-4D8A-8D19-7C28B976634F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8262ACF-1751-4772-ABFE-CD6A4BFE747C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F679990A-86BB-4467-A911-3C8ED04F926C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6ED9EE7-A789-4F3D-AD79-5214A3E1D789}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD4F0353-8549-4E0A-BA66-4A12FCBF7FF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDD139F-E63A-47C4-AF3F-E7F37F6D43E7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FFADB0A4-6BE0-4BFC-AED4-DA92218B77BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2AB06-045E-4BDB-B399-FF43B8F15CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09DCCF43-6262-4829-A4A7-1AE84C2ACC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D0C3B50-3D12-405E-BE2D-561778FD4B8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{186A868F-86C8-420F-8E55-0532B0694351}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{190EDF58-1F1B-414F-B890-EF702C1D015C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{22314404-3E01-41C6-8D4E-688C6335A8D8}" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"{37B4D08A-9922-440E-BD60-FCB367AA9A15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B4852A3-3597-4688-902A-7C51410164AC}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{3C4DCFA1-899C-4C46-9962-45F056431CAC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{44625ADC-0E0C-4800-B315-21641C8A3256}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4490890B-5D69-431E-8006-915DDC303F12}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{44CC8D88-A984-4D8E-B512-6B0A5F1D87A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4551E1FB-BBC3-450E-BCE2-D277D1567979}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5171A404-C177-4121-BD90-899F1FBFC010}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{5C455617-CEEF-4C32-8188-887991DF1B80}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{675B006A-3150-4323-8965-6016A1E2B4B3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"{6F155868-3659-452C-A8AD-13C2FC6BA0E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F68DB9F-7681-43CE-B099-59B9C95EA749}" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"{71631A15-B5D7-43EF-BB12-9CDCAD6B994F}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"{7F796A07-1FDE-4DCD-A80E-981962C7B30C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{872CC69D-31E2-4113-8380-95B16E4305A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F73A066-985E-4091-8003-700D9A6CF324}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9928BEE0-CE22-4DF5-857B-519D4DD38E95}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A21CF4AF-C77D-4DFA-81ED-62896DB9021B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3DCEC63-CC45-4F61-800E-0B40AA5821EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4BD0E16-A564-45E4-90E6-5725F7B5C13C}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{C61EEE58-EFB8-4FEF-8594-88E4961A00CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA25BD42-339F-4821-8BF3-AEE06F255E65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4801106-4164-4E72-8537-3D8DEC877290}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{D6B01AB3-A777-49B1-A4E0-CB820220DC58}" = protocol=6 | dir=out | app=system |
"{D955A1C8-6306-4092-88DE-5B009120221B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6126F2F-2547-46E8-B564-239D5B7A61B6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E9608FBC-5A66-4FE4-AAC1-6055FC80F988}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EC84660A-2584-4885-B5A2-AF5EF03A6E8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8C579E2-AE8A-44B9-8F38-3A29CE4AA687}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9AB2436-6B05-4007-BE31-2AED5B94FB7D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{072F5813-3DEC-4513-BA29-A841BE2206C9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{091A6AE5-9A20-4A2D-90EF-A127933963E0}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{2AF4A1DC-9541-483D-98C2-1BE9DDE5C0E8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{7D48AF3B-DC0D-4AA7-9CB3-1A92C12C317F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{9528AEA3-5D1D-4FF8-879C-C0AE1D0BB0C3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{953015BA-F94C-4FA0-94BD-C94EED6A8B38}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=6 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe |
"TCP Query User{9A289E63-0482-4DA4-87FB-FA3DC447547F}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat |
"TCP Query User{9EA6B18C-97D5-4808-BDC6-59629E01B420}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat |
"TCP Query User{9F771E8B-A6C0-4956-A8EF-6BEF500951B5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A190202C-9E3B-469A-8711-78E9639FEAA4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{BE20BA8C-241F-4CF6-B4DA-E434543A7942}C:\program files\smart technologies\education software\ucgui.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"TCP Query User{BF0CB885-A42D-482D-AB8B-0B3F40DABAB9}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C2BCB147-8B51-4EB6-BBE4-56F07993506E}C:\program files\smart technologies\education software\ucservice.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"TCP Query User{EEC0C0F9-4D0E-4B13-8C1C-11FDE515452C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{010400A7-2DFB-4272-B1D9-664E791CABB9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1EA94CF8-9984-46C1-937A-51D491A2A14F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{36330053-17EA-48E3-B087-D05B016C268D}C:\program files\smart technologies\education software\ucgui.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"UDP Query User{378AF4B2-4B1E-4166-8332-CF3F1A834AF7}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat |
"UDP Query User{3F359682-E718-401F-8BA3-DD6D7BB9AA4C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4B8CC75A-1EC1-416A-876F-7C3ADD7DB68A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{4F49CA8E-2953-4691-9004-444593412713}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{500E311C-BFC0-4450-8F30-434270E188D5}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=17 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe |
"UDP Query User{5037AF2A-D88D-4429-981B-A5D108A58AF4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9B05C9E4-FE89-4CEA-93F9-4CD41179B5CE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{B0420676-43FD-48BB-BCCB-93370DC16805}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BCA7018A-E411-4075-99E3-185AE478A83F}C:\program files\smart technologies\education software\ucservice.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"UDP Query User{D7AB14EB-AE64-4934-B7C7-A691547F4973}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FA04828C-8C1F-4DE9-8456-C29751153F5B}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}" = Adobe Flash Player 10 ActiveX
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D7C895F6-7BD7-41F9-94F8-4FCD50F2F771}_is1" = myFuNe 2.0
"{D9D5A07A-F299-4741-BFE6-302324CC0BD7}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.12 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Derive 6" = Derive 6
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"GeoGebra 4.2" = GeoGebra 4.2
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OSP Tracker" = Tracker
"Pen Tablet Driver" = Stifttablett
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Inkscape" = Inkscape 0.48.1
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:24 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:24 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:25 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:25 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:26 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
Error - 13.03.2013 11:43:26 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description =
[ DigitalPersona Pro Events ]
Error - 08.04.2012 10:00:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:35:54 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:35:58 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:36:05 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 15.04.2012 12:36:09 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 17.07.2012 03:21:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
[ OSession Events ]
Error - 19.12.2012 22:27:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 22:31:16 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 22:34:14 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 22:35:22 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2012 23:01:25 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.01.2013 08:09:31 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.01.2013 08:11:06 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 08.01.2013 04:49:12 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 480
seconds with 420 seconds of active time. This session ended with a crash.
Error - 08.01.2013 04:55:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 356
seconds with 300 seconds of active time. This session ended with a crash.
Error - 15.01.2013 11:24:46 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 67
seconds with 0 seconds of active time. This session ended with a crash.
< End of report >
|
|
13.03.2013, 20:26
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 00:34
| #14 |
| | Groupon Trojaner Hier ist die Log-Datei von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.13.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Igor :: IGOR-PC [Administrator] Schutz: Aktiviert 13.03.2013 20:33:46 mbam-log-2013-03-13 (20-33-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208264 Laufzeit: 8 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier ist die Log-Datei von ESET Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=87ecd3e5a7a9f0448c34a720f93c8e92
# engine=13375
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-13 10:58:25
# local_time=2013-03-13 11:58:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 17567 228638795 10338 0
# compatibility_mode=5893 16776574 100 94 10371321 114846696 0 0
# scanned=176475
# found=0
# cleaned=0
# scan_time=9124
|
|
14.03.2013, 15:38
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Groupon Trojaner |
| 7-zip, adobe reader xi, avira, classpnp.sys, datei, dllhost.exe, email, funde, gestern, groupon, groupon trojaner, innerhalb, install.exe, launch, malwarebytes, nicht mehr, ntdll.dll, office 2007, outlook, pando media booster, plug-in, taskhost.exe, troja, trojane, trojaner, visual studio |
Linear-Darstellung
