| |
| |||||||
Log-Analyse und Auswertung: MP3 Player und USB Stick zeigen nur noch VerknüpfungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
07.04.2013, 20:05
| #1 |
 |  MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hallo, auf meinem MP3-Player und einem USB stick zeigt es seit einiger Zeit nur noch Verknüfungen an. Ich habe im Internet irgendwo gelesen, dass man die Dateien evtl. wieder sichtbar machen kann, wenn man versteckte Dateien anzeigen lässt. Das habe ich gemacht und jetzt sehe ich die Dateien auch wieder (aber nur blass). Mir ist dabei aufgefallen, dass ein leerer Ordner mit dem Namen 84612795 auf beiden Speichermedien ist. Ich habe meine Dateien dann auf den Desktop gespeichert und den MP3 Player formatiert. Meine Dateien waren danach weg, der leere Ordner jedoch nicht. Er lässt sich auch manuell nicht löschen. Die Logs von Spybot und GMER habe ich angehängt. Gmer musste ich in zwei Dateien aufteilen, weil es zu groß war. Der Scan mit OTL hat nicht funktioniert, das Programm hat sich beim Scan der Firefox Einstellungen immer aufgehängt. Ich hoffe das sind alle Informationen, die benötigt werden. Vielen Dank für die Hilfe vorab, Sava |
|
08.04.2013, 15:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.04.2013, 17:36
| #3 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hallo,
__________________erstmal danke für die Antwort. Mein Virenprogramm schlägt immer mal wieder Alarm. Habe jetzt noch diesen Log dazu gefunden, mehr habe ich dann nicht: Comodo: Code:
ATTFilter 2011-11-23 18:26:33 C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe .UnclassifiedMalware@1 Erkennen Erfolgreich
2011-11-23 18:26:33 C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe .UnclassifiedMalware@1 Fragen Erfolgreich
2011-11-23 18:27:25 C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe .UnclassifiedMalware@1 Erkennen Erfolgreich
2011-11-23 18:27:25 C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe .UnclassifiedMalware@1 Fragen Erfolgreich
2011-11-23 18:27:26 C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe .UnclassifiedMalware@1 Entfernen Erfolgreich
2011-11-23 18:27:28 C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe .UnclassifiedMalware@1 Entfernen Erfolgreich
2011-11-29 19:51:05 C:\Users\afshin3\Downloads\IMG04854912.JPG.scr UnclassifiedMalware@273361001 Erkennen Erfolgreich
2011-11-29 19:51:05 C:\Users\afshin3\Downloads\IMG04854912.JPG.scr UnclassifiedMalware@273361001 Fragen Erfolgreich
2011-11-29 19:51:15 C:\Users\afshin3\Downloads\IMG04854912.JPG.scr UnclassifiedMalware@273361001 Entfernen Erfolgreich
2011-11-30 19:28:44 G:\84612795\MICIN.DIR.exe UnclassifiedMalware@273363651 Erkennen Erfolgreich
2011-11-30 19:28:44 G:\84612795\FMIN.DIR.exe UnclassifiedMalware@273363651 Erkennen Erfolgreich
2011-11-30 19:28:45 G:\84612795\MICIN.DIR.exe UnclassifiedMalware@273363651 Fragen Erfolgreich
2011-11-30 19:28:54 G:\84612795\FMIN.DIR.exe UnclassifiedMalware@273363651 Entfernen Erfolgreich
2011-11-30 19:28:56 G:\84612795\MICIN.DIR.exe UnclassifiedMalware@273363651 Entfernen Erfolgreich
2011-11-30 19:28:58 G:\84612795\Manual.exe UnclassifiedMalware@273363651 Erkennen Erfolgreich
2011-11-30 19:28:58 G:\84612795\Manual.exe UnclassifiedMalware@273363651 Fragen Erfolgreich
2011-11-30 19:29:02 G:\84612795\Manual.exe UnclassifiedMalware@273363651 Entfernen Erfolgreich
2011-11-30 19:29:05 G:\84612795\LINEIN.DIR.exe UnclassifiedMalware@273363651 Erkennen Erfolgreich
2011-11-30 19:29:05 G:\84612795\LINEIN.DIR.exe UnclassifiedMalware@273363651 Fragen Erfolgreich
2011-11-30 19:29:09 G:\84612795\LINEIN.DIR.exe UnclassifiedMalware@273363651 Entfernen Erfolgreich
2011-11-30 20:12:16 C:\Users\afshin3\AppData\Local\Temp\0963411.exe UnclassifiedMalware@277088599 Erkennen Erfolgreich
2011-11-30 20:12:17 C:\Users\afshin3\AppData\Local\Temp\0963411.exe UnclassifiedMalware@277088599 Fragen Erfolgreich
2011-11-30 20:12:21 C:\Users\afshin3\AppData\Local\Temp\2958691.exe UnclassifiedMalware@277004752 Erkennen Erfolgreich
2011-11-30 20:12:21 C:\Users\afshin3\AppData\Local\Temp\0963411.exe UnclassifiedMalware@277088599 Entfernen Erfolgreich
2011-11-30 20:12:21 C:\Users\afshin3\AppData\Local\Temp\2958691.exe UnclassifiedMalware@277004752 Fragen Erfolgreich
2011-11-30 20:12:25 C:\Users\afshin3\AppData\Local\Temp\4652755.exe UnclassifiedMalware@277004752 Erkennen Erfolgreich
2011-11-30 20:12:26 C:\Users\afshin3\AppData\Local\Temp\4652755.exe UnclassifiedMalware@277004752 Fragen Erfolgreich
2011-11-30 20:12:26 C:\Users\afshin3\AppData\Local\Temp\2958691.exe UnclassifiedMalware@277004752 Entfernen Erfolgreich
2011-11-30 20:12:28 C:\Users\afshin3\AppData\Local\Temp\5460757.exe UnclassifiedMalware@276997862 Erkennen Erfolgreich
2011-11-30 20:12:28 C:\Users\afshin3\AppData\Local\Temp\5460757.exe UnclassifiedMalware@276997862 Fragen Erfolgreich
2011-11-30 20:12:28 C:\Users\afshin3\AppData\Local\Temp\4652755.exe UnclassifiedMalware@277004752 Entfernen Erfolgreich
2011-11-30 20:12:30 C:\Users\afshin3\AppData\Local\Temp\8271217.exe UnclassifiedMalware@277088599 Erkennen Erfolgreich
2011-11-30 20:12:30 C:\Users\afshin3\AppData\Local\Temp\8271217.exe UnclassifiedMalware@277088599 Fragen Erfolgreich
2011-11-30 20:12:31 C:\Users\afshin3\AppData\Local\Temp\5460757.exe UnclassifiedMalware@276997862 Entfernen Erfolgreich
2011-11-30 20:12:33 C:\Users\afshin3\AppData\Local\Temp\9349075.exe UnclassifiedMalware@277004752 Erkennen Erfolgreich
2011-11-30 20:12:33 C:\Users\afshin3\AppData\Local\Temp\9349075.exe UnclassifiedMalware@277004752 Fragen Erfolgreich
2011-11-30 20:12:34 C:\Users\afshin3\AppData\Local\Temp\8271217.exe UnclassifiedMalware@277088599 Entfernen Erfolgreich
2011-11-30 20:12:35 C:\Users\afshin3\AppData\Local\Temp\9562887.exe UnclassifiedMalware@276997862 Erkennen Erfolgreich
2011-11-30 20:12:36 C:\Users\afshin3\AppData\Local\Temp\9562887.exe UnclassifiedMalware@276997862 Fragen Erfolgreich
2011-11-30 20:12:36 C:\Users\afshin3\AppData\Local\Temp\9349075.exe UnclassifiedMalware@277004752 Entfernen Erfolgreich
2011-11-30 20:12:38 C:\Users\afshin3\AppData\Local\Temp\9562887.exe UnclassifiedMalware@276997862 Entfernen Erfolgreich
2011-11-30 20:13:35 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZON5DAC\fa[1].exe UnclassifiedMalware@277004752 Erkennen Erfolgreich
2011-11-30 20:13:35 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZON5DAC\fa[1].exe UnclassifiedMalware@277004752 Fragen Erfolgreich
2011-11-30 20:13:42 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZON5DAC\fa[1].exe UnclassifiedMalware@277004752 Entfernen Erfolgreich
2011-11-30 20:13:43 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEUOOOZH\st[1].exe UnclassifiedMalware@277088599 Erkennen Erfolgreich
2011-11-30 20:13:43 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEUOOOZH\st[1].exe UnclassifiedMalware@277088599 Fragen Erfolgreich
2011-11-30 20:13:47 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEUOOOZH\st[1].exe UnclassifiedMalware@277088599 Entfernen Erfolgreich
2011-11-30 20:13:50 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\385M64P2\iok[1].exe UnclassifiedMalware@276997862 Erkennen Erfolgreich
2011-11-30 20:13:50 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\385M64P2\iok[1].exe UnclassifiedMalware@276997862 Fragen Erfolgreich
2011-11-30 20:13:54 C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\385M64P2\iok[1].exe UnclassifiedMalware@276997862 Entfernen Erfolgreich
2011-12-15 21:36:04 C:\Users\afshin3\AppData\Roaming\Microsoft\9871\D642.tmp Malware@22s68ptqlbxem Erkennen Erfolgreich
2011-12-15 22:57:05 C:\Users\afshin3\AppData\Roaming\Microsoft\9871\D642.tmp Malware@#22s68ptqlbxem Quarantäne Erfolgreich
2012-05-01 19:06:10 G:\autorun.inf Malware@nutoqhjk323m Erkennen Erfolgreich
2012-05-01 19:06:27 G:\autorun.inf Malware@#nutoqhjk323m Fragen Erfolgreich
2012-05-01 19:06:35 G:\autorun.inf Malware@#nutoqhjk323m Quarantäne Erfolgreich
2012-06-06 20:02:29 C:\Users\afshin3\Facemoods.exe Suspicious@2cct107ip80of Erkennen Erfolgreich
2012-06-06 20:12:54 C:\Users\afshin3\Facemoods.exe Suspicious@#2cct107ip80of Quarantäne Erfolgreich
2012-10-03 17:55:49 G:\84612795\.Spotlight-V100.exe Malware@2tqjsdo1a8lo7 Erkennen Erfolgreich
2012-10-03 17:55:49 G:\84612795\home images.exe Malware@2tqjsdo1a8lo7 Erkennen Erfolgreich
2012-10-03 17:56:16 G:\84612795\.Spotlight-V100.exe Malware@#2tqjsdo1a8lo7 Fragen Erfolgreich
2012-10-03 17:56:24 G:\84612795\helpme.exe Malware@2tqjsdo1a8lo7 Erkennen Erfolgreich
2012-10-03 17:56:24 G:\84612795\helpme.exe Malware@#2tqjsdo1a8lo7 Fragen Erfolgreich
2012-10-03 17:56:25 G:\84612795\home images.exe Malware@#2tqjsdo1a8lo7 Quarantäne Erfolgreich
2012-10-03 17:56:26 G:\84612795\.Spotlight-V100.exe Malware@#2tqjsdo1a8lo7 Quarantäne Erfolgreich
2012-10-03 17:56:27 G:\84612795\gns.exe Malware@2tqjsdo1a8lo7 Erkennen Erfolgreich
2012-10-03 17:56:27 G:\84612795\gns.exe Malware@#2tqjsdo1a8lo7 Fragen Erfolgreich
2012-10-03 17:56:28 G:\84612795\helpme.exe Malware@#2tqjsdo1a8lo7 Quarantäne Erfolgreich
2012-10-03 17:56:30 G:\84612795\ephem.exe Malware@2tqjsdo1a8lo7 Erkennen Erfolgreich
2012-10-03 17:56:30 G:\84612795\ephem.exe Malware@#2tqjsdo1a8lo7 Fragen Erfolgreich
2012-10-03 17:56:31 G:\84612795\gns.exe Malware@#2tqjsdo1a8lo7 Quarantäne Erfolgreich
2012-10-03 17:57:01 G:\84612795\ephem.exe Malware@2tqjsdo1a8lo7 Ignorieren Erfolgreich
2012-10-03 17:57:02 G:\84612795\ephem.exe Malware@2tqjsdo1a8lo7 Erkennen Erfolgreich
2012-10-03 17:57:02 G:\84612795\ephem.exe Malware@#2tqjsdo1a8lo7 Fragen Erfolgreich
2012-10-03 17:57:08 G:\84612795\ephem.exe Malware@2tqjsdo1a8lo7 Ignorieren Erfolgreich
2012-11-18 11:42:39 H:\autorun.inf Malware@12vgxl2up9gxf Erkennen Erfolgreich
2012-11-18 11:42:40 H:\autorun.inf Malware@#12vgxl2up9gxf Fragen Erfolgreich
2012-11-18 11:42:51 H:\autorun.inf Malware@#12vgxl2up9gxf Quarantäne Erfolgreich
2012-11-30 18:27:13 C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe Malware@12byzb365fnzb Erkennen Erfolgreich
2012-11-30 18:27:14 C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe Malware@#12byzb365fnzb Fragen Erfolgreich
2012-11-30 18:27:41 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@2hm3iewagfep Erkennen Erfolgreich
2012-11-30 18:28:11 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe .Heur.Suspicious@1 Erkennen Erfolgreich
2012-11-30 18:29:11 C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe Malware@12byzb365fnzb Erkennen Erfolgreich
2012-11-30 18:29:15 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@#2hm3iewagfep Fragen Erfolgreich
2012-11-30 18:29:44 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe .Heur.Suspicious@1 Fragen Erfolgreich
2012-11-30 18:30:12 C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe Malware@#12byzb365fnzb Fragen Erfolgreich
2012-11-30 18:30:11 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe .UnclassifiedMalware@1 Erkennen Erfolgreich
2012-11-30 18:31:11 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe .UnclassifiedMalware@1 Fragen Erfolgreich
2012-12-03 20:54:07 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@2hm3iewagfep Erkennen Erfolgreich
2012-12-03 20:54:08 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@#2hm3iewagfep Fragen Erfolgreich
2012-12-03 20:56:11 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe Malware@12byzb365fnzb Erkennen Erfolgreich
2012-12-03 20:56:11 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe Malware@#12byzb365fnzb Fragen Erfolgreich
2012-12-15 11:45:13 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@2hm3iewagfep Erkennen Erfolgreich
2012-12-15 11:45:14 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@#2hm3iewagfep Fragen Erfolgreich
2012-12-15 11:45:29 C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe Suspicious@#2hm3iewagfep Quarantäne Erfolgreich
2012-12-15 11:45:29 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe Malware@12byzb365fnzb Erkennen Erfolgreich
2012-12-15 11:45:30 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe Malware@#12byzb365fnzb Fragen Erfolgreich
2012-12-15 11:45:33 C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe Malware@#12byzb365fnzb Quarantäne Erfolgreich
2013-02-07 13:53:21 C:\Users\afshin3\AppData\Local\Temp\update7777973.exe Malware@ghbk6797uupe Erkennen Erfolgreich
2013-02-07 13:53:22 C:\Users\afshin3\AppData\Local\Temp\update7777973.exe Malware@#ghbk6797uupe Fragen Erfolgreich
2013-02-07 13:53:36 C:\Users\afshin3\AppData\Local\Temp\update7777973.exe Malware@#ghbk6797uupe Quarantäne Erfolgreich
Code:
ATTFilter SDFSSvc.exe [2013-04-06 22:24:10] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-06 22:25:05] Loaded databases.
SDFSSvc.exe [2013-04-07 16:24:23] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-07 16:24:56] Loaded databases.
SDFSSvc.exe [2013-04-07 17:59:15] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-07 17:59:47] Loaded databases.
SDFSSvc.exe [2013-04-07 19:55:41] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-07 19:56:19] Loaded databases.
Sava |
|
08.04.2013, 21:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Ok, probier bitte OTL nochmal aus, bitte vorher folgende Hinweise noch lesen: Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.04.2013, 18:05
| #5 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hat jetzt funktioniert. Hier die Logs: Code:
ATTFilter OTL logfile created on: 09.04.2013 17:45:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afshin3\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,25% Memory free 3,50 Gb Paging File | 2,61 Gb Available in Paging File | 74,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,79 Gb Total Space | 22,95 Gb Free Space | 45,18% Space Free | Partition Type: NTFS Drive D: | 51,00 Gb Total Space | 17,40 Gb Free Space | 34,12% Space Free | Partition Type: NTFS Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\afshin3\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam) PRC - C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe ( ) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\Intense Language Office\Common\OffMan.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files\Intense Language Office\Common\OffMan.exe () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=140&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9075412246164173&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 5B 68 E9 1A F2 CB 01 [binary data] IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_3&babsrc=SP_ss&mntrId=16c9c051000000000000061b9ea0b266 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=en_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=32CC1E8D-A442-4184-9BF9-CB138534E73F&apn_sauid=09044668-D90B-4C9D-A3E5-47B624539D7B IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{26ED5B98-2585-48BC-9A12-50E2336F61D6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110415,16987,0,8,0 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_en IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=140&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9075412246164173&q={searchTerms} IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60444 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=HP_ss&mntrId=16c9c051000000000000061b9ea0b266" FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.7.20130322105505 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=KW_ss&mntrId=16c9c051000000000000061b9ea0b266&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.04 04:46:56 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 20:19:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 20:19:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 20:19:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 20:19:41 | 000,000,000 | ---D | M] [2012.11.13 20:31:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions [2012.10.03 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013.04.06 22:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions [2013.03.26 20:25:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.11.30 19:37:09 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2012.11.13 19:40:38 | 000,002,687 | ---- | M] () -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\searchplugins\Search_Results.xml [2013.03.08 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.03.08 20:19:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.30 19:27:27 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.24 09:56:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.13 19:40:38 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013.02.19 20:38:50 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) () CHR - default_search_provider: search_url = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160 CHR - Extension: Babylon Chrome OCR = C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2011.05.28 16:49:13 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [ILO_Office_Manager] C:\Windows\System32\intedreg.exe () O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [Microsoft® Windows Update] C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe ( ) O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{11aa8a7f-aa58-11e0-b6d1-001377649987}\Shell - "" = AutoRun O33 - MountPoints2\{11aa8a7f-aa58-11e0-b6d1-001377649987}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3cb859c7-f906-11e1-a9cc-001377649987}\Shell - "" = AutoRun O33 - MountPoints2\{3cb859c7-f906-11e1-a9cc-001377649987}\Shell\AutoRun\command - "" = H:\iStudio.exe O33 - MountPoints2\{6f270f5e-a999-11e0-907a-001377649987}\Shell - "" = AutoRun O33 - MountPoints2\{6f270f5e-a999-11e0-907a-001377649987}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{72ffb543-5e5e-11e0-9516-001377649987}\Shell - "" = AutoRun O33 - MountPoints2\{72ffb543-5e5e-11e0-9516-001377649987}\Shell\AutoRun\command - "" = F:\toefl.exe O33 - MountPoints2\{e950429e-ac82-11e0-bc7f-001377649987}\Shell - "" = AutoRun O33 - MountPoints2\{e950429e-ac82-11e0-bc7f-001377649987}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.07 18:04:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe [2013.04.07 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Eraser 6 [2013.04.06 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.06 22:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.06 22:23:52 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.04.06 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.04.06 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Programs [2013.04.06 22:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension [2013.04.06 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\afshin3\Desktop\MP3 [2013.04.02 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects [2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects [2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\PrintProjects [2013.03.30 18:19:38 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.30 18:19:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.30 18:19:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.30 18:19:27 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.30 18:19:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.30 18:19:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.30 18:19:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.30 18:19:23 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.30 18:19:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.30 18:19:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.30 18:19:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.30 18:19:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.30 18:19:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.30 18:19:18 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.30 18:19:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.30 18:19:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.30 18:19:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.30 18:19:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.30 18:19:14 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.30 18:19:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.30 18:19:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.30 18:19:13 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.30 18:19:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.30 18:19:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.30 18:19:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.30 18:19:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.30 18:19:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.30 18:19:08 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.30 18:19:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.30 18:19:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.30 18:19:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.30 18:19:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.30 18:19:06 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.30 18:19:06 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.30 18:19:05 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.30 18:19:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.21 19:27:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.12 19:43:37 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Roaming\DealPly [2011.10.23 11:50:41 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Users\afshin3\taskmgr.exe [2011.04.04 05:09:21 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Users\afshin3\DTLite4402-0131.exe [2011.04.04 04:45:15 | 000,606,560 | ---- | C] (RealNetworks, Inc.) -- C:\Users\afshin3\RealPlayer_de.exe [2006.07.28 13:33:26 | 000,212,992 | ---- | C] (OXY Solution) -- C:\Program Files\CardBurner.exe [2003.03.18 21:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll [2003.03.18 21:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll [2003.02.21 04:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll ========== Files - Modified Within 30 Days ========== [2013.04.09 17:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 17:43:53 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013.04.09 17:41:23 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 17:41:23 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 17:34:31 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.04.09 17:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 17:33:56 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys [2013.04.08 19:05:42 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.08 19:05:42 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.08 17:52:52 | 000,044,848 | ---- | M] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm [2013.04.07 22:05:26 | 000,000,000 | ---- | M] () -- C:\END [2013.04.07 19:10:56 | 000,377,856 | ---- | M] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe [2013.04.07 18:04:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe [2013.04.07 18:03:29 | 000,000,000 | ---- | M] () -- C:\Users\afshin3\defogger_reenable [2013.04.06 22:24:02 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.02 20:33:39 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk [2013.04.02 20:30:58 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk [2013.03.30 18:19:38 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.30 18:19:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.30 18:19:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.30 18:19:27 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.30 18:19:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.30 18:19:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.30 18:19:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.30 18:19:23 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.30 18:19:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.30 18:19:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.30 18:19:21 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.30 18:19:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.30 18:19:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.30 18:19:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.30 18:19:17 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.30 18:19:17 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.30 18:19:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.30 18:19:16 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.30 18:19:14 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.30 18:19:14 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.30 18:19:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.30 18:19:13 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.30 18:19:13 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.30 18:19:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.30 18:19:10 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.30 18:19:09 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.30 18:19:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.30 18:19:08 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.30 18:19:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.30 18:19:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.30 18:19:07 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.30 18:19:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.30 18:19:07 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.30 18:19:06 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.30 18:19:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.30 18:19:05 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.30 18:19:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.17 20:01:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.17 20:01:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.14 20:49:47 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI ========== Files Created - No Company Name ========== [2013.04.08 17:52:52 | 000,044,848 | ---- | C] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm [2013.04.07 19:10:54 | 000,377,856 | ---- | C] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe [2013.04.07 18:03:29 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\defogger_reenable [2013.04.06 22:24:02 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.06 22:24:02 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.02 20:33:39 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk [2013.04.02 20:30:58 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk [2013.03.30 18:19:07 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 20:49:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2013.01.24 21:54:24 | 000,934,320 | ---- | C] () -- C:\Users\afshin3\HashTab v5.1.0.23 Setup.exe [2013.01.24 21:54:24 | 000,933,960 | ---- | C] () -- C:\Users\afshin3\HashTab v5.1.0.23 - Commercial Setup.exe [2011.08.24 08:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.11 17:08:52 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2011.07.26 17:22:00 | 000,015,428 | ---- | C] () -- C:\Users\afshin3\RefEdit.exd [2011.07.15 09:42:53 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{ED8D64B9-37E5-435F-A739-1A5B063B4035} [2011.06.15 21:11:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.28 02:54:09 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~37673988 [2011.05.28 02:54:05 | 000,000,336 | -H-- | C] () -- C:\ProgramData\37673988 [2011.05.21 19:33:54 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{BB9D2246-53EC-47D6-B18C-E16A21D48890} [2011.04.05 21:34:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.05 20:12:03 | 000,005,115 | -H-- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011.04.04 04:39:57 | 000,287,048 | ---- | C] () -- C:\Users\afshin3\Media Player.exe [2006.07.28 13:29:14 | 000,000,367 | ---- | C] () -- C:\Program Files\MyList.mft [2006.05.30 16:03:32 | 000,025,893 | ---- | C] () -- C:\Program Files\Card Burner upotreba.xml [2005.11.15 11:25:50 | 005,823,050 | ---- | C] () -- C:\Program Files\Salif Keita - 03 - Madan.mp3 [2005.11.01 15:46:06 | 002,753,515 | ---- | C] () -- C:\Program Files\La_Flaca.mp3 [2003.10.18 06:37:10 | 004,006,266 | ---- | C] () -- C:\Program Files\ABBA - Super Trooper.mp3 [2003.10.18 06:36:58 | 003,658,106 | ---- | C] () -- C:\Program Files\Blonde - Atomic.mp3 ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 17:45:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afshin3\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,25% Memory free
3,50 Gb Paging File | 2,61 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,79 Gb Total Space | 22,95 Gb Free Space | 45,18% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 17,40 Gb Free Space | 34,12% Space Free | Partition Type: NTFS
Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5B3B02-B9EA-4261-AC8F-57CC13F3CCE8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24A73305-7487-4D37-81FB-C561EAB47B6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52443A2A-29EF-4CBE-B331-EF35E18CB1BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{585FFDE5-E5A4-4F80-95D3-19430175BB2A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5FC414DF-7217-40CE-B4EE-5090CB7ED6A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6DAD194B-864A-4AB7-87B4-8B4CE340B683}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{6EE563F1-2273-422B-BCB2-0C8BCF87AFDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70EEB091-2935-463F-94F2-FE589F288ED1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7D4F7821-1A14-4EAC-A26C-0AD0824D4E5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B178C977-397F-4768-B556-3E47BF33BF4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6EC3B30-BBB6-44E5-AACE-47CD0F303260}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{CAAE12F8-AF9A-4F6E-9112-ED74115B11DF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{ECB3E4FF-B004-4B32-86B6-2EEE599B0943}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE40B3-B02F-4D2C-931A-80F82027ED01}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{0CD39F31-2967-4791-896E-450D7B2F3A90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1045495B-BCA2-4FCE-B902-5EEC2D0FB210}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{10A6A2B1-0522-46BF-96E1-E9F891A716D8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{18F82BF0-B855-41D8-89F8-DD354F59C23E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C9EAC22-707C-430C-885B-4FD64EA6F422}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E8061EB-A0E6-4449-ABDC-335386A88E77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C942CBE-7A47-4AC9-94FE-47ABB3860C28}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{314C04AA-2DD2-4E58-9603-1994027C2945}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{410DF6CD-5162-4864-BEBE-422F30B63648}" = protocol=6 | dir=out | app=system |
"{49CC08C6-A875-403B-9300-B5F394738ED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C8978BF-DDAD-4778-B02A-3ACF01F2FABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50FBDCB5-AF22-4266-B8F4-5EBE335F3AC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{575009AE-140A-42EF-887F-BA645B75D044}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{6046089B-C609-4B12-9119-E87429D9F276}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{6E7226CD-5C1F-4FBC-B8C7-81EBD3085198}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{6FD34CB4-E4B2-4062-BE08-C08823FA15AD}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{70AA399A-697C-4531-9800-0CFFCE4BC10D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B76BC7B-9DB1-4A2F-9C18-F46DBC393120}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{9DFE6763-E414-42B4-B7A8-65376C154C7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A30858AB-FECF-42B8-9625-EDE00FC6249F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{A6DFB519-CA89-40F9-A0E0-C4A9BF6A6878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A80B1371-3858-402B-837E-917477B071E7}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{B7B2B037-F638-4057-974E-9BE0B38C6AB2}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{BAFCEDA9-D32C-48BD-A55A-A1CA725F2232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2A5B77E-25E4-4C7E-A384-CD56BCE17CA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F89ABEEB-87E6-4E2C-A64A-AE8753B88211}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{524D615B-881E-406A-A2E0-D62F500F58E2}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"TCP Query User{79F2F4D8-5D30-48E0-85EB-77F13F0BAD05}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"TCP Query User{FA8F0533-7F43-4C38-BFB0-61000A7EE68D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{102C492B-D110-4DC9-8CF9-D24DE3141D71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{840598D4-427D-44E3-99B9-F8D347D4C76B}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"UDP Query User{9C34D2E7-0ED3-4614-9D4F-8823A6F45056}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1686816B-367A-4EA6-9C20-F694A5511C13}" = AS Lernen
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CC5825C2-2F59-459B-84ED-D0D1958101FA}" = CardBurner
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = ArcSoft TotalMedia 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Glary Utilities_is1" = Glary Utilities 2.42.0.1389
"HashTab" = HashTab 5.1.0.23
"Intense Language Office" = Intense Language Office
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.1
"PrintProjects" = PrintProjects
"RealPlayer 12.0" = RealPlayer
"TIPP10_is1" = TIPP10 Version 2.1.0
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Wajam" = Wajam
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 12:25:49 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 13.0.1.4548,
time stamp: 0x4fda5ff0 Faulting module name: mozalloc.dll, version: 13.0.1.4548,
time stamp: 0x4fda4c02 Exception code: 0x80000003 Fault offset: 0x000019be Faulting
process id: 0xee0 Faulting application start time: 0x01cd68ef6e88c580 Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Program Files\Mozilla Firefox\mozalloc.dll Report Id: 0fd94c06-d4e3-11e1-881e-001377649987
Error - 03.10.2012 11:59:23 | Computer Name = afshin3-PC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 06.10.2012 12:23:45 | Computer Name = afshin3-PC | Source = RasClient | ID = 20227
Description =
Error - 06.10.2012 12:25:03 | Computer Name = afshin3-PC | Source = RasClient | ID = 20227
Description =
Error - 09.10.2012 14:06:07 | Computer Name = afshin3-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8f4 Start
Time: 01cda647afd6fcb8 Termination Time: 15 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: f75655cb-123b-11e2-9076-001377649987
Error - 09.10.2012 14:17:24 | Computer Name = afshin3-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 50c Start
Time: 01cda649979dcd96 Termination Time: 16 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 8fda58d9-123d-11e2-bac2-001377649987
Error - 13.01.2013 16:45:43 | Computer Name = afshin3-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 18.0.0.4752 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a1c Start
Time: 01cdf1c17cf0e17d Termination Time: 10 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id:
Error - 21.01.2013 17:11:11 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.4.38, time
stamp: 0x5012ea69 Faulting module name: AcroRd32.dll, version: 10.1.4.38, time stamp:
0x5012f9f9 Exception code: 0xc0000005 Fault offset: 0x00036863 Faulting process id:
0x890 Faulting application start time: 0x01cdf80e1a920eec Faulting application path:
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path: C:\Program
Files\Adobe\Reader 10.0\Reader\AcroRd32.dll Report Id: 14581df2-640f-11e2-b6bd-001377649987
Error - 06.02.2013 15:12:11 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 18.0.1.4764, time
stamp: 0x50f705c6 Faulting module name: xul.dll, version: 18.0.1.4764, time stamp:
0x50f704c6 Exception code: 0xc0000005 Fault offset: 0x00117a68 Faulting process id:
0x53c Faulting application start time: 0x01ce048e8cc992c3 Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: 1b7e0116-7091-11e2-87be-001377649987
Error - 22.02.2013 15:06:16 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 19.0.0.4794, time
stamp: 0x511ed1c1 Faulting module name: xul.dll, version: 19.0.0.4794, time stamp:
0x511ed0fe Exception code: 0xc0000005 Fault offset: 0x00155858 Faulting process id:
0xab4 Faulting application start time: 0x01ce111be5c9da76 Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: ee020211-7d22-11e2-837d-001377649987
Error - 06.03.2013 15:55:52 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 19.0.0.4794, time
stamp: 0x511ed1c1 Faulting module name: xul.dll, version: 19.0.0.4794, time stamp:
0x511ed0fe Exception code: 0xc0000005 Fault offset: 0x00155858 Faulting process id:
0xaf4 Faulting application start time: 0x01ce1aa438f690f6 Faulting application path:
C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files\Mozilla
Firefox\xul.dll Report Id: d957fb83-8697-11e2-926a-001377649987
[ Media Center Events ]
Error - 30.03.2013 11:11:04 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 4:11:04 PM - Error connecting to the internet. 4:11:04 PM - Unable
to contact server..
Error - 30.03.2013 11:11:15 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 4:11:09 PM - Error connecting to the internet. 4:11:09 PM - Unable
to contact server..
Error - 01.04.2013 11:41:16 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:15 PM - Error connecting to the internet. 5:41:16 PM - Unable
to contact server..
Error - 01.04.2013 11:41:29 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:22 PM - Error connecting to the internet. 5:41:22 PM - Unable
to contact server..
Error - 08.04.2013 11:41:33 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:33 PM - Error connecting to the internet. 5:41:33 PM - Unable
to contact server..
Error - 08.04.2013 11:41:43 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:38 PM - Error connecting to the internet. 5:41:38 PM - Unable
to contact server..
Error - 08.04.2013 13:05:39 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 7:05:39 PM - Error connecting to the internet. 7:05:39 PM - Unable
to contact server..
Error - 08.04.2013 13:05:54 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 7:05:44 PM - Error connecting to the internet. 7:05:44 PM - Unable
to contact server..
Error - 08.04.2013 14:06:13 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 8:06:13 PM - Error connecting to the internet. 8:06:13 PM - Unable
to contact server..
Error - 08.04.2013 14:06:35 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 8:06:18 PM - Error connecting to the internet. 8:06:18 PM - Unable
to contact server..
[ Spybot - Search and Destroy Events ]
Error - 06.04.2013 17:10:15 | Computer Name = afshin3-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 07.04.2013 11:53:07 | Computer Name = afshin3-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 02.04.2013 14:02:10 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 02.04.2013 14:02:18 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 02.04.2013 14:02:27 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 02.04.2013 14:02:36 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 02.04.2013 14:02:45 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 03.04.2013 12:39:13 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 03.04.2013 12:39:22 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 07.04.2013 16:14:41 | Computer Name = afshin3-PC | Source = DCOM | ID = 10005
Description =
Error - 07.04.2013 16:14:41 | Computer Name = afshin3-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 07.04.2013 16:14:41 | Computer Name = afshin3-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069
< End of report >
|
|
09.04.2013, 22:30
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MP3 Player und USB Stick zeigen nur noch VerknüpfungenZitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ --> MP3 Player und USB Stick zeigen nur noch Verknüpfungen |
|
10.04.2013, 11:05
| #7 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Es ist ein privater Laptop. Mein Mann hat Windows 7 von der Uni kostenlos bekommen. |
|
10.04.2013, 11:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Ok, danke für die Erklärung  Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2013, 19:02
| #9 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hat alles funktioniert. Hier die Logs: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.21.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
afshin3 :: AFSHIN3-PC [administrator]
21.04.2013 12:10:41
mbar-log-2013-04-21 (12-10-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27490
Time elapsed: 21 minute(s), 13 second(s)
Memory Processes Detected: 1
c:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> 3324 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Backdoor.IRCBot) -> Data: C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
c:\Users\afshin3\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\afshin3\M-1-80-5270-5785-5250 (Trojan.Agent.Gen) -> Delete on reboot.
Files Detected: 2
c:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> Delete on reboot.
c:\Users\afshin3\Media Player.exe (PUP.OfferBundler.ST) -> Delete on reboot.
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-21 13:58:44
-----------------------------
13:58:44.755 OS Version: Windows 6.1.7601 Service Pack 1
13:58:44.755 Number of processors: 2 586 0xF0D
13:58:44.755 ComputerName: AFSHIN3-PC UserName: afshin3
13:58:45.363 Initialize success
13:59:13.429 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:59:13.429 Disk 0 Vendor: TOSHIBA_MK1237GSX DL130U Size: 114473MB BusType: 3
13:59:13.538 Disk 0 MBR read successfully
13:59:13.554 Disk 0 MBR scan
13:59:13.554 Disk 0 Windows 7 default MBR code
13:59:13.570 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
13:59:13.601 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52008 MB offset 20973568
13:59:13.632 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52223 MB offset 127485952
13:59:13.648 Disk 0 scanning sectors +234438656
13:59:13.757 Disk 0 scanning C:\Windows\system32\drivers
13:59:20.902 Service scanning
13:59:40.183 Modules scanning
13:59:47.469 Disk 0 trace - called modules:
13:59:47.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:59:47.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd8408]
13:59:47.531 3 CLASSPNP.SYS[8966959e] -> nt!IofCallDriver -> [0x85bfc918]
13:59:47.531 5 ACPI.sys[88e413d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f2a610]
13:59:47.547 Scan finished successfully
14:00:17.296 Disk 0 MBR has been saved successfully to "C:\Users\afshin3\Desktop\MBR.dat"
14:00:17.311 The log file has been saved successfully to "C:\Users\afshin3\Desktop\aswMBR.txt"
Code:
ATTFilter 19:49:45.0662 2540 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:49:46.0286 2540 ============================================================
19:49:46.0286 2540 Current date / time: 2013/04/21 19:49:46.0286
19:49:46.0286 2540 SystemInfo:
19:49:46.0286 2540
19:49:46.0286 2540 OS Version: 6.1.7601 ServicePack: 1.0
19:49:46.0286 2540 Product type: Workstation
19:49:46.0286 2540 ComputerName: AFSHIN3-PC
19:49:46.0286 2540 UserName: afshin3
19:49:46.0286 2540 Windows directory: C:\Windows
19:49:46.0286 2540 System windows directory: C:\Windows
19:49:46.0286 2540 Processor architecture: Intel x86
19:49:46.0286 2540 Number of processors: 2
19:49:46.0286 2540 Page size: 0x1000
19:49:46.0286 2540 Boot type: Normal boot
19:49:46.0286 2540 ============================================================
19:49:50.0467 2540 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:49:50.0482 2540 Drive \Device\Harddisk1\DR1 - Size: 0x76C00000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:49:50.0482 2540 ============================================================
19:49:50.0482 2540 \Device\Harddisk0\DR0:
19:49:50.0482 2540 MBR partitions:
19:49:50.0482 2540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x6594000
19:49:50.0482 2540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7994800, BlocksNum 0x65FF800
19:49:50.0482 2540 \Device\Harddisk1\DR1:
19:49:50.0482 2540 MBR partitions:
19:49:50.0482 2540 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B5FE0
19:49:50.0482 2540 ============================================================
19:49:50.0560 2540 C: <-> \Device\Harddisk0\DR0\Partition1
19:49:50.0638 2540 D: <-> \Device\Harddisk0\DR0\Partition2
19:49:50.0638 2540 ============================================================
19:49:50.0638 2540 Initialize success
19:49:50.0638 2540 ============================================================
19:51:06.0596 3752 ============================================================
19:51:06.0596 3752 Scan started
19:51:06.0596 3752 Mode: Manual; SigCheck; TDLFS;
19:51:06.0596 3752 ============================================================
19:51:09.0373 3752 ================ Scan system memory ========================
19:51:09.0373 3752 System memory - ok
19:51:09.0373 3752 ================ Scan services =============================
19:51:09.0529 3752 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:51:09.0778 3752 1394ohci - ok
19:51:09.0841 3752 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:51:09.0872 3752 ACPI - ok
19:51:09.0919 3752 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:51:10.0028 3752 AcpiPmi - ok
19:51:10.0137 3752 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:51:10.0184 3752 AdobeARMservice - ok
19:51:10.0278 3752 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:10.0324 3752 AdobeFlashPlayerUpdateSvc - ok
19:51:10.0387 3752 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:10.0434 3752 adp94xx - ok
19:51:10.0465 3752 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:51:10.0496 3752 adpahci - ok
19:51:10.0512 3752 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:51:10.0543 3752 adpu320 - ok
19:51:10.0590 3752 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:51:10.0668 3752 AeLookupSvc - ok
19:51:10.0777 3752 [ E3F08935158038D385AD382442F4BB2D ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
19:51:10.0870 3752 AF15BDA - ok
19:51:10.0917 3752 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
19:51:10.0948 3752 Afc ( UnsignedFile.Multi.Generic ) - warning
19:51:10.0948 3752 Afc - detected UnsignedFile.Multi.Generic (1)
19:51:10.0995 3752 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:51:11.0104 3752 AFD - ok
19:51:11.0167 3752 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
19:51:11.0292 3752 AgereSoftModem - ok
19:51:11.0323 3752 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:51:11.0354 3752 agp440 - ok
19:51:11.0385 3752 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:51:11.0416 3752 aic78xx - ok
19:51:11.0463 3752 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:51:11.0557 3752 ALG - ok
19:51:11.0588 3752 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:51:11.0619 3752 aliide - ok
19:51:11.0635 3752 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:51:11.0666 3752 amdagp - ok
19:51:11.0682 3752 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:51:11.0713 3752 amdide - ok
19:51:11.0775 3752 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:51:11.0838 3752 AmdK8 - ok
19:51:11.0853 3752 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:51:11.0916 3752 AmdPPM - ok
19:51:11.0962 3752 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:51:11.0978 3752 amdsata - ok
19:51:12.0009 3752 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:12.0040 3752 amdsbs - ok
19:51:12.0056 3752 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:51:12.0087 3752 amdxata - ok
19:51:12.0118 3752 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:51:12.0274 3752 AppID - ok
19:51:12.0321 3752 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:51:12.0415 3752 AppIDSvc - ok
19:51:12.0462 3752 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:51:12.0524 3752 Appinfo - ok
19:51:12.0586 3752 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:51:12.0664 3752 AppMgmt - ok
19:51:12.0758 3752 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:51:12.0789 3752 arc - ok
19:51:12.0805 3752 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:51:12.0836 3752 arcsas - ok
19:51:12.0867 3752 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:13.0039 3752 AsyncMac - ok
19:51:13.0070 3752 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:51:13.0086 3752 atapi - ok
19:51:13.0164 3752 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
19:51:13.0304 3752 athr - ok
19:51:13.0382 3752 [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:51:13.0507 3752 Ati External Event Utility - ok
19:51:13.0725 3752 [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:51:13.0975 3752 atikmdag - ok
19:51:14.0053 3752 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:14.0131 3752 AudioEndpointBuilder - ok
19:51:14.0146 3752 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:51:14.0209 3752 Audiosrv - ok
19:51:14.0240 3752 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:51:14.0334 3752 AxInstSV - ok
19:51:14.0380 3752 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:51:14.0490 3752 b06bdrv - ok
19:51:14.0521 3752 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:51:14.0568 3752 b57nd60x - ok
19:51:14.0614 3752 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:51:14.0692 3752 BDESVC - ok
19:51:14.0770 3752 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:51:14.0833 3752 Beep - ok
19:51:14.0895 3752 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:51:14.0973 3752 BFE - ok
19:51:15.0036 3752 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:51:15.0129 3752 BITS - ok
19:51:15.0160 3752 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:15.0192 3752 blbdrive - ok
19:51:15.0238 3752 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:51:15.0285 3752 bowser - ok
19:51:15.0316 3752 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:15.0363 3752 BrFiltLo - ok
19:51:15.0394 3752 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:15.0441 3752 BrFiltUp - ok
19:51:15.0472 3752 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:51:15.0550 3752 Browser - ok
19:51:15.0582 3752 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:51:15.0628 3752 Brserid - ok
19:51:15.0660 3752 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:15.0706 3752 BrSerWdm - ok
19:51:15.0769 3752 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:15.0816 3752 BrUsbMdm - ok
19:51:15.0816 3752 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:15.0862 3752 BrUsbSer - ok
19:51:15.0878 3752 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:15.0925 3752 BTHMODEM - ok
19:51:15.0972 3752 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:51:16.0050 3752 bthserv - ok
19:51:16.0081 3752 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:51:16.0143 3752 cdfs - ok
19:51:16.0206 3752 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:51:16.0268 3752 cdrom - ok
19:51:16.0299 3752 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:51:16.0362 3752 CertPropSvc - ok
19:51:16.0408 3752 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:51:16.0455 3752 circlass - ok
19:51:16.0502 3752 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:51:16.0533 3752 CLFS - ok
19:51:16.0674 3752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:16.0720 3752 clr_optimization_v2.0.50727_32 - ok
19:51:16.0814 3752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:16.0876 3752 clr_optimization_v4.0.30319_32 - ok
19:51:16.0892 3752 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:16.0939 3752 CmBatt - ok
19:51:17.0079 3752 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:51:17.0173 3752 cmdAgent - ok
19:51:17.0235 3752 [ A1A240C4BC6ABAAB75E0D25F51B09591 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
19:51:17.0251 3752 cmderd - ok
19:51:17.0298 3752 [ A1865742BBCF4C5F38FEE1258F8048FD ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
19:51:17.0329 3752 cmdGuard - ok
19:51:17.0344 3752 [ 221D000474F01B1606FFC3FF362D9333 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
19:51:17.0360 3752 cmdHlp - ok
19:51:17.0391 3752 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:51:17.0422 3752 cmdide - ok
19:51:17.0469 3752 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:51:17.0516 3752 CNG - ok
19:51:17.0563 3752 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:51:17.0594 3752 Compbatt - ok
19:51:17.0641 3752 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:51:17.0672 3752 CompositeBus - ok
19:51:17.0688 3752 COMSysApp - ok
19:51:17.0750 3752 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:51:17.0797 3752 crcdisk - ok
19:51:17.0844 3752 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:51:17.0922 3752 CryptSvc - ok
19:51:17.0953 3752 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:51:18.0031 3752 CSC - ok
19:51:18.0078 3752 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:51:18.0124 3752 CscService - ok
19:51:18.0171 3752 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:51:18.0234 3752 DcomLaunch - ok
19:51:18.0280 3752 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:51:18.0358 3752 defragsvc - ok
19:51:18.0405 3752 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:51:18.0468 3752 DfsC - ok
19:51:18.0530 3752 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:51:18.0592 3752 Dhcp - ok
19:51:18.0624 3752 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:51:18.0686 3752 discache - ok
19:51:18.0780 3752 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:51:18.0811 3752 Disk - ok
19:51:18.0842 3752 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:51:18.0904 3752 Dnscache - ok
19:51:18.0982 3752 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:51:19.0045 3752 dot3svc - ok
19:51:19.0092 3752 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:51:19.0154 3752 DPS - ok
19:51:19.0201 3752 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:51:19.0248 3752 drmkaud - ok
19:51:19.0326 3752 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:51:19.0388 3752 DXGKrnl - ok
19:51:19.0419 3752 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:51:19.0482 3752 EapHost - ok
19:51:19.0638 3752 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:51:19.0762 3752 ebdrv - ok
19:51:19.0809 3752 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:51:19.0840 3752 EFS - ok
19:51:19.0934 3752 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:51:19.0981 3752 ehRecvr - ok
19:51:20.0012 3752 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:51:20.0106 3752 ehSched - ok
19:51:20.0152 3752 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:51:20.0199 3752 elxstor - ok
19:51:20.0215 3752 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:51:20.0262 3752 ErrDev - ok
19:51:20.0324 3752 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:51:20.0402 3752 EventSystem - ok
19:51:20.0433 3752 ewusbnet - ok
19:51:20.0449 3752 ew_hwusbdev - ok
19:51:20.0480 3752 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:51:20.0527 3752 exfat - ok
19:51:20.0620 3752 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:51:20.0761 3752 fastfat - ok
19:51:20.0917 3752 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:51:21.0010 3752 Fax - ok
19:51:21.0026 3752 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:51:21.0073 3752 fdc - ok
19:51:21.0104 3752 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:51:21.0166 3752 fdPHost - ok
19:51:21.0198 3752 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:51:21.0244 3752 FDResPub - ok
19:51:21.0276 3752 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:51:21.0307 3752 FileInfo - ok
19:51:21.0322 3752 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:51:21.0369 3752 Filetrace - ok
19:51:21.0400 3752 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:21.0447 3752 flpydisk - ok
19:51:21.0478 3752 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:51:21.0510 3752 FltMgr - ok
19:51:21.0603 3752 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:51:21.0697 3752 FontCache - ok
19:51:21.0790 3752 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:21.0822 3752 FontCache3.0.0.0 - ok
19:51:21.0837 3752 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:51:21.0868 3752 FsDepends - ok
19:51:21.0900 3752 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:51:21.0915 3752 Fs_Rec - ok
19:51:21.0962 3752 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:51:21.0993 3752 fvevol - ok
19:51:22.0040 3752 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:51:22.0056 3752 gagp30kx - ok
19:51:22.0118 3752 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:51:22.0196 3752 gpsvc - ok
19:51:22.0227 3752 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:51:22.0305 3752 hcw85cir - ok
19:51:22.0352 3752 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:51:22.0414 3752 HdAudAddService - ok
19:51:22.0461 3752 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:51:22.0508 3752 HDAudBus - ok
19:51:22.0539 3752 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:51:22.0570 3752 HidBatt - ok
19:51:22.0570 3752 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:51:22.0633 3752 HidBth - ok
19:51:22.0648 3752 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:51:22.0695 3752 HidIr - ok
19:51:22.0758 3752 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:51:22.0851 3752 hidserv - ok
19:51:22.0898 3752 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:51:22.0945 3752 HidUsb - ok
19:51:22.0976 3752 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:51:23.0070 3752 hkmsvc - ok
19:51:23.0116 3752 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:51:23.0194 3752 HomeGroupListener - ok
19:51:23.0226 3752 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:51:23.0288 3752 HomeGroupProvider - ok
19:51:23.0335 3752 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:51:23.0350 3752 HpSAMD - ok
19:51:23.0413 3752 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:51:23.0475 3752 HTTP - ok
19:51:23.0491 3752 huawei_enumerator - ok
19:51:23.0506 3752 hwdatacard - ok
19:51:23.0538 3752 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:51:23.0569 3752 hwpolicy - ok
19:51:23.0616 3752 [ F02EA43AE8F936124DEBF5B87F12C795 ] hxctlflt C:\Windows\system32\DRIVERS\hxctlflt.sys
19:51:23.0678 3752 hxctlflt - ok
19:51:23.0740 3752 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:51:23.0787 3752 i8042prt - ok
19:51:23.0850 3752 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:51:23.0896 3752 iaStorV - ok
19:51:23.0974 3752 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:24.0052 3752 idsvc - ok
19:51:24.0084 3752 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:51:24.0099 3752 iirsp - ok
19:51:24.0162 3752 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:51:24.0255 3752 IKEEXT - ok
19:51:24.0302 3752 [ 3B6BE2DA5993B1E38613976FAF4AC83E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
19:51:24.0349 3752 inspect - ok
19:51:24.0380 3752 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:51:24.0396 3752 intelide - ok
19:51:24.0442 3752 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:51:24.0489 3752 intelppm - ok
19:51:24.0520 3752 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:51:24.0583 3752 IPBusEnum - ok
19:51:24.0614 3752 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:24.0676 3752 IpFilterDriver - ok
19:51:24.0786 3752 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:51:24.0879 3752 iphlpsvc - ok
19:51:24.0910 3752 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:51:24.0942 3752 IPMIDRV - ok
19:51:24.0957 3752 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:51:25.0020 3752 IPNAT - ok
19:51:25.0051 3752 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:51:25.0160 3752 IRENUM - ok
19:51:25.0191 3752 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:51:25.0222 3752 isapnp - ok
19:51:25.0269 3752 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:51:25.0300 3752 iScsiPrt - ok
19:51:25.0332 3752 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:51:25.0363 3752 kbdclass - ok
19:51:25.0394 3752 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:51:25.0456 3752 kbdhid - ok
19:51:25.0472 3752 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:51:25.0503 3752 KeyIso - ok
19:51:25.0644 3752 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
19:51:25.0690 3752 Kodak AiO Network Discovery Service - ok
19:51:25.0768 3752 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
19:51:25.0815 3752 Kodak AiO Status Monitor Service - ok
19:51:25.0846 3752 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:51:25.0878 3752 KSecDD - ok
19:51:25.0909 3752 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:51:25.0956 3752 KSecPkg - ok
19:51:26.0002 3752 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:51:26.0065 3752 KtmRm - ok
19:51:26.0127 3752 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:51:26.0205 3752 LanmanServer - ok
19:51:26.0221 3752 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:51:26.0283 3752 LanmanWorkstation - ok
19:51:26.0330 3752 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:51:26.0424 3752 lltdio - ok
19:51:26.0470 3752 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:51:26.0533 3752 lltdsvc - ok
19:51:26.0564 3752 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:51:26.0611 3752 lmhosts - ok
19:51:26.0642 3752 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:51:26.0673 3752 LSI_FC - ok
19:51:26.0689 3752 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:51:26.0704 3752 LSI_SAS - ok
19:51:26.0720 3752 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:51:26.0751 3752 LSI_SAS2 - ok
19:51:26.0767 3752 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:51:26.0782 3752 LSI_SCSI - ok
19:51:26.0814 3752 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:51:26.0876 3752 luafv - ok
19:51:26.0923 3752 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:51:26.0954 3752 Mcx2Svc - ok
19:51:26.0970 3752 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:51:27.0001 3752 megasas - ok
19:51:27.0016 3752 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:51:27.0063 3752 MegaSR - ok
19:51:27.0094 3752 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:51:27.0172 3752 MMCSS - ok
19:51:27.0204 3752 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:51:27.0250 3752 Modem - ok
19:51:27.0282 3752 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:51:27.0328 3752 monitor - ok
19:51:27.0391 3752 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:51:27.0406 3752 mouclass - ok
19:51:27.0453 3752 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:51:27.0500 3752 mouhid - ok
19:51:27.0531 3752 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:51:27.0562 3752 mountmgr - ok
19:51:27.0672 3752 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:27.0703 3752 MozillaMaintenance - ok
19:51:27.0765 3752 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:51:27.0812 3752 mpio - ok
19:51:27.0843 3752 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:51:27.0906 3752 mpsdrv - ok
19:51:27.0968 3752 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:51:28.0062 3752 MpsSvc - ok
19:51:28.0108 3752 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:51:28.0155 3752 MRxDAV - ok
19:51:28.0202 3752 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:28.0296 3752 mrxsmb - ok
19:51:28.0327 3752 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:28.0358 3752 mrxsmb10 - ok
19:51:28.0389 3752 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:28.0436 3752 mrxsmb20 - ok
19:51:28.0467 3752 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:51:28.0498 3752 msahci - ok
19:51:28.0514 3752 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:51:28.0545 3752 msdsm - ok
19:51:28.0576 3752 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:51:28.0623 3752 MSDTC - ok
19:51:28.0670 3752 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:51:28.0717 3752 Msfs - ok
19:51:28.0732 3752 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:51:28.0779 3752 mshidkmdf - ok
19:51:28.0810 3752 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:51:28.0826 3752 msisadrv - ok
19:51:28.0873 3752 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:51:28.0935 3752 MSiSCSI - ok
19:51:28.0951 3752 msiserver - ok
19:51:28.0982 3752 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:51:29.0029 3752 MSKSSRV - ok
19:51:29.0060 3752 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:29.0122 3752 MSPCLOCK - ok
19:51:29.0169 3752 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:51:29.0278 3752 MSPQM - ok
19:51:29.0325 3752 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:51:29.0356 3752 MsRPC - ok
19:51:29.0388 3752 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:51:29.0419 3752 mssmbios - ok
19:51:29.0434 3752 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:51:29.0481 3752 MSTEE - ok
19:51:29.0481 3752 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:51:29.0528 3752 MTConfig - ok
19:51:29.0559 3752 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:51:29.0590 3752 Mup - ok
19:51:29.0622 3752 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:51:29.0684 3752 napagent - ok
19:51:29.0762 3752 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:51:29.0824 3752 NativeWifiP - ok
19:51:29.0902 3752 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:51:29.0965 3752 NDIS - ok
19:51:29.0996 3752 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:30.0058 3752 NdisCap - ok
19:51:30.0090 3752 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:30.0152 3752 NdisTapi - ok
19:51:30.0214 3752 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:30.0277 3752 Ndisuio - ok
19:51:30.0308 3752 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:30.0370 3752 NdisWan - ok
19:51:30.0402 3752 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:51:30.0464 3752 NDProxy - ok
19:51:30.0511 3752 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:51:30.0573 3752 NetBIOS - ok
19:51:30.0620 3752 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:51:30.0714 3752 NetBT - ok
19:51:30.0745 3752 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:51:30.0776 3752 Netlogon - ok
19:51:30.0838 3752 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:51:30.0916 3752 Netman - ok
19:51:30.0979 3752 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:51:31.0041 3752 netprofm - ok
19:51:31.0072 3752 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:31.0104 3752 NetTcpPortSharing - ok
19:51:31.0150 3752 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:51:31.0166 3752 nfrd960 - ok
19:51:31.0213 3752 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:51:31.0260 3752 NlaSvc - ok
19:51:31.0291 3752 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:51:31.0338 3752 Npfs - ok
19:51:31.0353 3752 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:51:31.0400 3752 nsi - ok
19:51:31.0416 3752 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:51:31.0478 3752 nsiproxy - ok
19:51:31.0587 3752 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:51:31.0665 3752 Ntfs - ok
19:51:31.0696 3752 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:51:31.0774 3752 Null - ok
19:51:31.0806 3752 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:51:31.0837 3752 nvraid - ok
19:51:31.0868 3752 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:51:31.0899 3752 nvstor - ok
19:51:31.0915 3752 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:51:31.0946 3752 nv_agp - ok
19:51:31.0977 3752 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:51:32.0008 3752 ohci1394 - ok
19:51:32.0055 3752 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:51:32.0133 3752 p2pimsvc - ok
19:51:32.0164 3752 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:51:32.0227 3752 p2psvc - ok
19:51:32.0258 3752 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:51:32.0289 3752 Parport - ok
19:51:32.0320 3752 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:51:32.0352 3752 partmgr - ok
19:51:32.0367 3752 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:51:32.0414 3752 Parvdm - ok
19:51:32.0461 3752 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:51:32.0508 3752 PcaSvc - ok
19:51:32.0554 3752 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:51:32.0586 3752 pci - ok
19:51:32.0601 3752 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:51:32.0617 3752 pciide - ok
19:51:32.0664 3752 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:32.0695 3752 pcmcia - ok
19:51:32.0742 3752 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:51:32.0788 3752 pcw - ok
19:51:32.0820 3752 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:51:32.0898 3752 PEAUTH - ok
19:51:32.0976 3752 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:51:33.0085 3752 PeerDistSvc - ok
19:51:33.0194 3752 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:51:33.0288 3752 pla - ok
19:51:33.0334 3752 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:51:33.0444 3752 PlugPlay - ok
19:51:33.0459 3752 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:51:33.0506 3752 PNRPAutoReg - ok
19:51:33.0553 3752 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:51:33.0584 3752 PNRPsvc - ok
19:51:33.0631 3752 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:51:33.0693 3752 PolicyAgent - ok
19:51:33.0771 3752 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:51:33.0865 3752 Power - ok
19:51:33.0912 3752 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:51:33.0974 3752 PptpMiniport - ok
19:51:33.0990 3752 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:51:34.0036 3752 Processor - ok
19:51:34.0083 3752 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:51:34.0161 3752 ProfSvc - ok
19:51:34.0192 3752 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:51:34.0224 3752 ProtectedStorage - ok
19:51:34.0255 3752 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:51:34.0302 3752 Psched - ok
19:51:34.0380 3752 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:51:34.0458 3752 ql2300 - ok
19:51:34.0473 3752 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:51:34.0504 3752 ql40xx - ok
19:51:34.0536 3752 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:51:34.0598 3752 QWAVE - ok
19:51:34.0614 3752 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:51:34.0645 3752 QWAVEdrv - ok
19:51:34.0660 3752 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:51:34.0723 3752 RasAcd - ok
19:51:34.0785 3752 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:34.0848 3752 RasAgileVpn - ok
19:51:34.0879 3752 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:51:34.0941 3752 RasAuto - ok
19:51:34.0972 3752 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:35.0035 3752 Rasl2tp - ok
19:51:35.0097 3752 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:51:35.0175 3752 RasMan - ok
19:51:35.0206 3752 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:35.0253 3752 RasPppoe - ok
19:51:35.0284 3752 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:51:35.0347 3752 RasSstp - ok
19:51:35.0394 3752 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:51:35.0456 3752 rdbss - ok
19:51:35.0487 3752 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:51:35.0518 3752 rdpbus - ok
19:51:35.0550 3752 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:35.0612 3752 RDPCDD - ok
19:51:35.0643 3752 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:51:35.0721 3752 RDPDR - ok
19:51:35.0784 3752 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:51:35.0846 3752 RDPENCDD - ok
19:51:35.0893 3752 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:51:35.0940 3752 RDPREFMP - ok
19:51:35.0986 3752 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:51:36.0049 3752 RDPWD - ok
19:51:36.0096 3752 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:51:36.0127 3752 rdyboost - ok
19:51:36.0158 3752 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:51:36.0220 3752 RemoteAccess - ok
19:51:36.0267 3752 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:51:36.0330 3752 RemoteRegistry - ok
19:51:36.0376 3752 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:51:36.0439 3752 RpcEptMapper - ok
19:51:36.0470 3752 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:51:36.0548 3752 RpcLocator - ok
19:51:36.0595 3752 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:51:36.0642 3752 RpcSs - ok
19:51:36.0673 3752 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:51:36.0751 3752 rspndr - ok
19:51:36.0782 3752 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:51:36.0844 3752 s3cap - ok
19:51:36.0876 3752 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:51:36.0891 3752 SamSs - ok
19:51:36.0922 3752 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:51:36.0954 3752 sbp2port - ok
19:51:37.0000 3752 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:51:37.0047 3752 SCardSvr - ok
19:51:37.0063 3752 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:51:37.0125 3752 scfilter - ok
19:51:37.0172 3752 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:51:37.0266 3752 Schedule - ok
19:51:37.0281 3752 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:51:37.0328 3752 SCPolicySvc - ok
19:51:37.0375 3752 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:51:37.0422 3752 SDRSVC - ok
19:51:37.0531 3752 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:51:37.0578 3752 SDScannerService - ok
19:51:37.0702 3752 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:51:37.0749 3752 SDUpdateService - ok
19:51:37.0780 3752 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:51:37.0812 3752 SDWSCService - ok
19:51:37.0858 3752 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:51:37.0952 3752 secdrv - ok
19:51:37.0983 3752 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:51:38.0061 3752 seclogon - ok
19:51:38.0077 3752 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:51:38.0139 3752 SENS - ok
19:51:38.0202 3752 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:51:38.0264 3752 SensrSvc - ok
19:51:38.0295 3752 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:51:38.0326 3752 Serenum - ok
19:51:38.0342 3752 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:51:38.0389 3752 Serial - ok
19:51:38.0404 3752 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:51:38.0436 3752 sermouse - ok
19:51:38.0498 3752 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:51:38.0545 3752 SessionEnv - ok
19:51:38.0576 3752 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:51:38.0654 3752 sffdisk - ok
19:51:38.0670 3752 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:51:38.0716 3752 sffp_mmc - ok
19:51:38.0763 3752 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:51:38.0794 3752 sffp_sd - ok
19:51:38.0826 3752 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:51:38.0872 3752 sfloppy - ok
19:51:38.0950 3752 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:51:38.0997 3752 SharedAccess - ok
19:51:39.0044 3752 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:39.0122 3752 ShellHWDetection - ok
19:51:39.0153 3752 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:51:39.0184 3752 sisagp - ok
19:51:39.0216 3752 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:51:39.0247 3752 SiSRaid2 - ok
19:51:39.0262 3752 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:51:39.0294 3752 SiSRaid4 - ok
19:51:39.0372 3752 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:51:39.0403 3752 SkypeUpdate - ok
19:51:39.0465 3752 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:51:39.0512 3752 Smb - ok
19:51:39.0559 3752 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:51:39.0590 3752 SNMPTRAP - ok
19:51:40.0027 3752 [ 9CD6FFC9F5B999EB5DF69B9177D9848F ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
19:51:40.0510 3752 SNPSTD3 - ok
19:51:40.0542 3752 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:51:40.0573 3752 spldr - ok
19:51:40.0620 3752 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:51:40.0713 3752 Spooler - ok
19:51:40.0869 3752 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:51:40.0978 3752 sppsvc - ok
19:51:41.0025 3752 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:51:41.0072 3752 sppuinotify - ok
19:51:41.0119 3752 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:51:41.0197 3752 srv - ok
19:51:41.0228 3752 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:51:41.0275 3752 srv2 - ok
19:51:41.0306 3752 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:51:41.0353 3752 srvnet - ok
19:51:41.0400 3752 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:51:41.0446 3752 SSDPSRV - ok
19:51:41.0462 3752 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:51:41.0524 3752 SstpSvc - ok
19:51:41.0571 3752 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:51:41.0618 3752 stexstor - ok
19:51:41.0665 3752 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:51:41.0727 3752 StiSvc - ok
19:51:41.0758 3752 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:51:41.0805 3752 storflt - ok
19:51:41.0836 3752 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:51:41.0883 3752 StorSvc - ok
19:51:41.0930 3752 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:51:41.0946 3752 storvsc - ok
19:51:41.0961 3752 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:51:41.0992 3752 swenum - ok
19:51:42.0039 3752 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:51:42.0117 3752 swprv - ok
19:51:42.0180 3752 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:51:42.0242 3752 SysMain - ok
19:51:42.0273 3752 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:42.0351 3752 TabletInputService - ok
19:51:42.0398 3752 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:51:42.0476 3752 TapiSrv - ok
19:51:42.0507 3752 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:51:42.0585 3752 TBS - ok
19:51:42.0663 3752 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:51:42.0741 3752 Tcpip - ok
19:51:42.0788 3752 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:51:42.0835 3752 TCPIP6 - ok
19:51:42.0866 3752 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:51:42.0913 3752 tcpipreg - ok
19:51:42.0960 3752 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:51:43.0038 3752 TDPIPE - ok
19:51:43.0069 3752 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:51:43.0100 3752 TDTCP - ok
19:51:43.0131 3752 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:51:43.0225 3752 tdx - ok
19:51:43.0256 3752 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:51:43.0287 3752 TermDD - ok
19:51:43.0334 3752 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:51:43.0396 3752 TermService - ok
19:51:43.0428 3752 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:51:43.0459 3752 Themes - ok
19:51:43.0490 3752 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:51:43.0537 3752 THREADORDER - ok
19:51:43.0584 3752 [ FBD16717FD68B206C4CE3BB3C9EE5CB3 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:51:43.0630 3752 TomTomHOMEService - ok
19:51:43.0646 3752 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:51:43.0724 3752 TrkWks - ok
19:51:43.0833 3752 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:43.0911 3752 TrustedInstaller - ok
19:51:43.0942 3752 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:44.0005 3752 tssecsrv - ok
19:51:44.0052 3752 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:51:44.0114 3752 TsUsbFlt - ok
19:51:44.0161 3752 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:51:44.0208 3752 tunnel - ok
19:51:44.0254 3752 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:51:44.0301 3752 uagp35 - ok
19:51:44.0379 3752 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:51:44.0457 3752 udfs - ok
19:51:44.0504 3752 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:51:44.0566 3752 UI0Detect - ok
19:51:44.0598 3752 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:51:44.0629 3752 uliagpkx - ok
19:51:44.0660 3752 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:51:44.0707 3752 umbus - ok
19:51:44.0769 3752 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:51:44.0832 3752 UmPass - ok
19:51:44.0878 3752 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:51:44.0925 3752 UmRdpService - ok
19:51:44.0988 3752 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:51:45.0066 3752 upnphost - ok
19:51:45.0097 3752 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:51:45.0159 3752 usbaudio - ok
19:51:45.0206 3752 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:45.0268 3752 usbccgp - ok
19:51:45.0331 3752 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:51:45.0362 3752 usbcir - ok
19:51:45.0393 3752 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:51:45.0440 3752 usbehci - ok
19:51:45.0471 3752 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:51:45.0518 3752 usbhub - ok
19:51:45.0565 3752 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:51:45.0643 3752 usbohci - ok
19:51:45.0690 3752 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:51:45.0736 3752 usbprint - ok
19:51:45.0768 3752 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:51:45.0846 3752 usbscan - ok
19:51:45.0877 3752 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:45.0939 3752 USBSTOR - ok
19:51:45.0955 3752 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:51:45.0986 3752 usbuhci - ok
19:51:46.0033 3752 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:51:46.0080 3752 UxSms - ok
19:51:46.0111 3752 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:51:46.0142 3752 VaultSvc - ok
19:51:46.0189 3752 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:51:46.0204 3752 vdrvroot - ok
19:51:46.0282 3752 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:51:46.0407 3752 vds - ok
19:51:46.0454 3752 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:46.0501 3752 vga - ok
19:51:46.0516 3752 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:51:46.0563 3752 VgaSave - ok
19:51:46.0610 3752 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:51:46.0641 3752 vhdmp - ok
19:51:46.0672 3752 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:51:46.0704 3752 viaagp - ok
19:51:46.0766 3752 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:51:46.0813 3752 ViaC7 - ok
19:51:46.0844 3752 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:51:46.0875 3752 viaide - ok
19:51:46.0922 3752 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:51:46.0969 3752 vmbus - ok
19:51:47.0031 3752 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:51:47.0078 3752 VMBusHID - ok
19:51:47.0125 3752 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:51:47.0234 3752 volmgr - ok
19:51:47.0281 3752 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:51:47.0312 3752 volmgrx - ok
19:51:47.0359 3752 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:51:47.0406 3752 volsnap - ok
19:51:47.0437 3752 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:51:47.0468 3752 vsmraid - ok
19:51:47.0671 3752 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:51:47.0780 3752 VSS - ok
19:51:47.0811 3752 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:47.0874 3752 vwifibus - ok
19:51:47.0905 3752 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:48.0030 3752 vwififlt - ok
19:51:48.0108 3752 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:51:48.0139 3752 vwifimp - ok
19:51:48.0264 3752 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:51:48.0388 3752 W32Time - ok
19:51:48.0435 3752 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:51:48.0466 3752 WacomPen - ok
19:51:48.0576 3752 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files\Wajam\Updater\WajamUpdater.exe
19:51:48.0638 3752 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
19:51:48.0638 3752 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
19:51:48.0732 3752 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:51:48.0856 3752 WANARP - ok
19:51:48.0872 3752 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:51:48.0919 3752 Wanarpv6 - ok
19:51:49.0184 3752 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:51:49.0262 3752 WatAdminSvc - ok
19:51:49.0340 3752 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:51:49.0434 3752 wbengine - ok
19:51:49.0480 3752 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:51:49.0558 3752 WbioSrvc - ok
19:51:49.0652 3752 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:51:49.0714 3752 wcncsvc - ok
19:51:49.0761 3752 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:49.0855 3752 WcsPlugInService - ok
19:51:49.0948 3752 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:51:49.0964 3752 Wd - ok
19:51:50.0042 3752 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
19:51:50.0120 3752 WDC_SAM - ok
19:51:50.0245 3752 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:51:50.0292 3752 Wdf01000 - ok
19:51:50.0323 3752 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:51:50.0494 3752 WdiServiceHost - ok
19:51:50.0510 3752 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:51:50.0541 3752 WdiSystemHost - ok
19:51:50.0572 3752 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:51:50.0635 3752 WebClient - ok
19:51:50.0713 3752 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:51:50.0760 3752 Wecsvc - ok
19:51:50.0791 3752 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:51:50.0853 3752 wercplsupport - ok
19:51:50.0900 3752 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:51:50.0978 3752 WerSvc - ok
19:51:51.0009 3752 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:51.0072 3752 WfpLwf - ok
19:51:51.0103 3752 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:51:51.0165 3752 WIMMount - ok
19:51:51.0306 3752 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:51:51.0384 3752 WinDefend - ok
19:51:51.0415 3752 WinHttpAutoProxySvc - ok
19:51:51.0540 3752 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:51:51.0586 3752 Winmgmt - ok
19:51:51.0711 3752 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:51:51.0805 3752 WinRM - ok
19:51:51.0914 3752 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:51:51.0976 3752 WinUsb - ok
19:51:52.0054 3752 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:51:52.0117 3752 Wlansvc - ok
19:51:52.0132 3752 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:51:52.0195 3752 WmiAcpi - ok
19:51:52.0257 3752 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:51:52.0304 3752 wmiApSrv - ok
19:51:52.0491 3752 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:51:52.0569 3752 WMPNetworkSvc - ok
19:51:52.0616 3752 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:51:52.0663 3752 WPCSvc - ok
19:51:52.0694 3752 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:51:52.0772 3752 WPDBusEnum - ok
19:51:52.0834 3752 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:51:52.0928 3752 ws2ifsl - ok
19:51:53.0006 3752 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:51:53.0084 3752 wscsvc - ok
19:51:53.0100 3752 WSearch - ok
19:51:53.0474 3752 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:51:53.0599 3752 wuauserv - ok
19:51:53.0661 3752 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:51:53.0708 3752 WudfPf - ok
19:51:53.0786 3752 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:53.0817 3752 WUDFRd - ok
19:51:53.0864 3752 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:51:53.0911 3752 wudfsvc - ok
19:51:53.0973 3752 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:51:54.0004 3752 WwanSvc - ok
19:51:54.0082 3752 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
19:51:54.0114 3752 yukonw7 - ok
19:51:54.0160 3752 ================ Scan global ===============================
19:51:54.0192 3752 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:51:54.0238 3752 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:51:54.0254 3752 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:51:54.0285 3752 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:51:54.0316 3752 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:51:54.0316 3752 [Global] - ok
19:51:54.0316 3752 ================ Scan MBR ==================================
19:51:54.0348 3752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:51:55.0596 3752 \Device\Harddisk0\DR0 - ok
19:51:55.0596 3752 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
19:51:59.0199 3752 \Device\Harddisk1\DR1 - ok
19:51:59.0199 3752 ================ Scan VBR ==================================
19:51:59.0215 3752 [ 8BA36A6B90B3BC61500248CB95C5AFE2 ] \Device\Harddisk0\DR0\Partition1
19:51:59.0215 3752 \Device\Harddisk0\DR0\Partition1 - ok
19:51:59.0246 3752 [ DFEC95D37A81712264515104AD888221 ] \Device\Harddisk0\DR0\Partition2
19:51:59.0277 3752 \Device\Harddisk0\DR0\Partition2 - ok
19:51:59.0293 3752 [ 40C9E516A967F8E9C2EA91203199C90C ] \Device\Harddisk1\DR1\Partition1
19:51:59.0293 3752 \Device\Harddisk1\DR1\Partition1 - ok
19:51:59.0293 3752 ============================================================
19:51:59.0293 3752 Scan finished
19:51:59.0293 3752 ============================================================
19:51:59.0324 3512 Detected object count: 2
19:51:59.0324 3512 Actual detected object count: 2
19:52:25.0454 3512 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:25.0454 3512 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:25.0454 3512 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:25.0454 3512 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.04.2013, 23:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hast du MBAR ein 2. Mal laufen lassen, um sicherzugehen, dass es nichts mehr fand?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2013, 19:00
| #11 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Ja, ich halte mich genau an die Anweisungen :-) Beim 2. Mal wurde nichts mehr gefunden. Hier der Log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.21.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
afshin3 :: AFSHIN3-PC [administrator]
21.04.2013 13:31:03
mbar-log-2013-04-21 (13-31-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27398
Time elapsed: 13 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Geändert von Sava (22.04.2013 um 19:06 Uhr) |
|
22.04.2013, 21:29
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2013, 18:59
| #13 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hier das Ergebnis Code:
ATTFilter ComboFix 13-04-23.02 - afshin3 23.04.2013 19:34:34.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1790.1048 [GMT 2:00]
Running from: c:\users\afshin3\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\37673988
c:\users\afshin3\HashTab v5.1.0.23 - Commercial Setup.exe
c:\users\afshin3\HashTab v5.1.0.23 Setup.exe
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 )))))))))))))))))))))))))))))))
.
.
2013-04-23 17:43 . 2013-04-23 17:43 -------- d-----w- c:\users\afshin3\AppData\Local\temp
2013-04-23 17:43 . 2013-04-23 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 17:10 . 2013-04-22 17:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2013-04-21 12:10 . 2013-02-19 12:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-21 09:48 . 2013-04-21 09:48 -------- d-----w- c:\programdata\Malwarebytes
2013-04-21 08:46 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-21 08:46 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-21 08:46 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-21 08:46 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-21 08:46 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-21 08:46 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-21 08:46 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-21 08:46 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-21 08:46 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-07 15:05 . 2013-04-07 15:05 -------- d-----w- c:\users\afshin3\AppData\Local\Eraser 6
2013-04-07 14:31 . 2013-04-07 14:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2013-04-06 20:24 . 2013-04-23 17:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-06 20:23 . 2013-04-23 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-06 20:18 . 2013-04-06 20:18 -------- d-----w- c:\users\afshin3\AppData\Local\Programs
2013-04-06 20:04 . 2013-04-06 20:04 -------- d-----w- c:\program files\HashTab Shell Extension
2013-04-02 18:43 . 2012-10-08 08:05 225792 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2013-04-02 18:37 . 2013-04-02 18:37 -------- d-----w- c:\program files\PrintProjects
2013-04-02 18:37 . 2013-04-02 18:37 -------- d-----w- c:\programdata\PrintProjects
2013-04-02 18:37 . 2013-04-02 18:37 -------- d-----w- c:\programdata\Visan
2013-04-02 18:16 . 2013-04-02 18:16 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1851351363
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 17:09 . 2013-03-04 13:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2013-04-07 14:31 . 2013-03-05 08:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-4\StartResources.dll
2013-04-03 16:23 . 2013-03-04 13:59 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2013-03-17 18:01 . 2012-04-09 17:40 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 18:01 . 2011-05-17 16:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 17:03 . 2013-03-12 17:03 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-4\SpotlightResources.dll
2013-02-12 04:48 . 2013-03-14 18:09 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 18:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-21 17:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2006-07-28 11:33 . 2006-07-28 11:33 212992 ----a-w- c:\program files\CardBurner.exe
2003-03-18 19:20 . 2003-03-18 19:20 1060864 ----a-w- c:\program files\mfc71.dll
2003-03-18 19:12 . 2003-03-18 19:12 1047552 ----a-w- c:\program files\mfc71u.dll
2003-02-21 02:42 . 2003-02-21 02:42 348160 ----a-w- c:\program files\msvcr71.dll
2013-04-21 09:21 . 2013-04-21 09:21 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ILO_Office_Manager"="IntEdReg.exe" [2002-10-14 53760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:01]
.
2013-04-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-19 18:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:60444
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}\75C414E4D2332443732333: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=HP_ss&mntrId=16c9c051000000000000061b9ea0b266
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=KW_ss&mntrId=16c9c051000000000000061b9ea0b266&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,ce,46,77,10,c7,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,f9,1d,58,f0,29,7a,49,be,6b,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,f9,1d,58,f0,29,7a,49,be,6b,4b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\guard32.dll
.
Completion time: 2013-04-23 19:45:57
ComboFix-quarantined-files.txt 2013-04-23 17:45
.
Pre-Run: 29.554.016.256 bytes free
Post-Run: 30.096.699.392 bytes free
.
- - End Of File - - 3B5CEE77DCEF2EB723AFC6204098910D
|
|
23.04.2013, 23:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MP3 Player und USB Stick zeigen nur noch Verknüpfungen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2013, 19:29
| #15 |
| | MP3 Player und USB Stick zeigen nur noch Verknüpfungen Hier die Logfiles Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x86
Ran by afshin3 on 24.04.2013 at 18:17:44,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\surf canyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividmediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\afshin3\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\afshin3\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\afshin3\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\afshin3\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Users\afshin3\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2013 at 18:20:07,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Logfile created 04/24/2013 at 18:34:45
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : afshin3 - AFSHIN3-PC
# Boot Mode : Normal
# Running from : C:\Users\afshin3\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\afshin3\AppData\Local\PackageAware
Folder Deleted : C:\Users\afshin3\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\afshin3\AppData\LocalLow\facemoods.com
***** [Registry] *****
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\prefs.js
C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\user.js ... Deleted !
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=HP_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4812_[...]
Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "false");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Deleted : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAM[...]
Deleted : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Deleted : user_pref("extensions.wajam.supported_sites.ebay_product.wajam_se_js", "try {window['APP_LABEL_NAME'[...]
Deleted : user_pref("extensions.wajam.supported_sites.ebay_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = '[...]
Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Deleted : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Deleted : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]
Deleted : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]
Deleted : user_pref("extensions.wajam.trace_log", "1356976618717 - onFlagInfoReceived - Server mapping version[...]
Deleted : user_pref("extensions.wajam.unique_id", "D6FE8B73C8A3F2F8DE3960D9267BB3BF");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.26");
Deleted : user_pref("extensions.wajam.website_version", "1.00266.0");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=KW_ss&mntrId=16c9[...]
-\\ Google Chrome v [Unable to get version]
File : C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.7] : search_url = "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c05100000000[...]
Deleted [l.92] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=16c9c051000000000000001377649987&tlve[...]
*************************
AdwCleaner[R1].txt - [6088 octets] - [24/04/2013 18:34:17]
AdwCleaner[S1].txt - [6168 octets] - [24/04/2013 18:34:45]
########## EOF - C:\AdwCleaner[S1].txt - [6228 octets] ##########
Code:
ATTFilter OTL logfile created on: 24.04.2013 19:26:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afshin3\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,21% Memory free 3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,79 Gb Total Space | 27,89 Gb Free Space | 54,91% Space Free | Partition Type: NTFS Drive D: | 51,00 Gb Total Space | 21,51 Gb Free Space | 42,17% Space Free | Partition Type: NTFS Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\afshin3\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\Intense Language Office\Common\OffMan.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Intense Language Office\Common\OffMan.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (catchme) -- C:\Users\afshin3\AppData\Local\Temp\catchme.sys File not found DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 5B 68 E9 1A F2 CB 01 [binary data] IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{26ED5B98-2585-48BC-9A12-50E2336F61D6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110415,16987,0,8,0 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60444 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.04 04:46:56 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 11:21:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.21 11:21:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 11:21:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.21 11:21:48 | 000,000,000 | ---D | M] [2012.11.13 20:31:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions [2012.10.03 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013.04.24 18:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions [2013.04.21 13:51:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.21 11:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.04.21 11:21:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.24 09:56:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.19 20:38:50 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) () CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2013.04.23 19:43:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [ILO_Office_Manager] C:\Windows\System32\intedreg.exe () O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 18:17:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.24 18:17:21 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.24 17:59:29 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\afshin3\Desktop\JRT.exe [2013.04.23 19:46:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.23 19:46:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.23 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\temp [2013.04.23 19:31:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.23 19:31:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.23 19:31:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.23 19:18:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.23 19:18:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.23 19:14:30 | 005,059,674 | R--- | C] (Swearware) -- C:\Users\afshin3\Desktop\ComboFix.exe [2013.04.21 14:10:00 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.21 14:09:58 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.21 14:09:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.21 14:09:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.21 14:09:57 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.21 14:09:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.21 14:09:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.21 14:09:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.21 14:09:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.21 14:09:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.21 14:02:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\afshin3\Desktop\tdsskiller.exe [2013.04.21 13:53:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\afshin3\Desktop\aswMBR.exe [2013.04.21 12:41:28 | 000,000,000 | ---D | C] -- C:\Avenger [2013.04.21 11:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.21 11:44:42 | 000,000,000 | ---D | C] -- C:\Users\afshin3\Desktop\mbar [2013.04.21 11:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.21 10:46:23 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.21 10:46:19 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.21 10:46:18 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.21 10:46:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.21 10:46:03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.21 10:46:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.07 18:04:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe [2013.04.07 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Eraser 6 [2013.04.06 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.06 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.04.06 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Programs [2013.04.06 22:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension [2013.04.02 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects [2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects [2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\PrintProjects [2013.03.30 18:19:38 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.30 18:19:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.30 18:19:27 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.30 18:19:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.30 18:19:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.30 18:19:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.30 18:19:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.30 18:19:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.30 18:19:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.30 18:19:18 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.30 18:19:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.30 18:19:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.30 18:19:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.30 18:19:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.30 18:19:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.30 18:19:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.30 18:19:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.30 18:19:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.30 18:19:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.30 18:19:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.30 18:19:08 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.30 18:19:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.30 18:19:06 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.30 18:19:06 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.30 18:19:05 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.30 18:19:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.10.23 11:50:41 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Users\afshin3\taskmgr.exe [2011.04.04 05:09:21 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Users\afshin3\DTLite4402-0131.exe [2011.04.04 04:45:15 | 000,606,560 | ---- | C] (RealNetworks, Inc.) -- C:\Users\afshin3\RealPlayer_de.exe [2006.07.28 13:33:26 | 000,212,992 | ---- | C] (OXY Solution) -- C:\Program Files\CardBurner.exe [2003.03.18 21:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll [2003.03.18 21:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll [2003.02.21 04:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll ========== Files - Modified Within 30 Days ========== [2013.04.24 20:06:49 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013.04.24 19:58:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.24 18:44:21 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 18:44:21 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 18:37:24 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.04.24 18:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.24 18:36:53 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys [2013.04.24 18:00:37 | 000,619,461 | ---- | M] () -- C:\Users\afshin3\Desktop\adwcleaner.exe [2013.04.24 17:59:35 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\afshin3\Desktop\JRT.exe [2013.04.23 19:43:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.23 19:14:36 | 005,059,674 | R--- | M] (Swearware) -- C:\Users\afshin3\Desktop\ComboFix.exe [2013.04.22 20:14:14 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.22 20:14:14 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.21 19:45:47 | 000,286,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.21 14:02:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\afshin3\Desktop\tdsskiller.exe [2013.04.21 14:00:17 | 000,000,512 | ---- | M] () -- C:\Users\afshin3\Desktop\MBR.dat [2013.04.21 13:54:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\afshin3\Desktop\aswMBR.exe [2013.04.08 17:52:52 | 000,044,848 | ---- | M] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm [2013.04.07 19:10:56 | 000,377,856 | ---- | M] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe [2013.04.07 18:04:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe [2013.04.07 18:03:29 | 000,000,000 | ---- | M] () -- C:\Users\afshin3\defogger_reenable [2013.04.02 20:33:39 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk [2013.04.02 20:30:58 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk [2013.03.30 18:19:38 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.30 18:19:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.30 18:19:27 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.30 18:19:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.30 18:19:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.30 18:19:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.30 18:19:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.30 18:19:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.30 18:19:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.30 18:19:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.30 18:19:17 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.30 18:19:17 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.30 18:19:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.30 18:19:16 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.30 18:19:14 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.30 18:19:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.30 18:19:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.30 18:19:10 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.30 18:19:09 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.30 18:19:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.30 18:19:08 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.30 18:19:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.30 18:19:07 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.30 18:19:06 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.30 18:19:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.30 18:19:05 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.30 18:19:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll ========== Files Created - No Company Name ========== [2013.04.24 18:00:35 | 000,619,461 | ---- | C] () -- C:\Users\afshin3\Desktop\adwcleaner.exe [2013.04.23 19:31:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.23 19:31:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.23 19:31:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.23 19:31:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.23 19:31:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.21 14:00:17 | 000,000,512 | ---- | C] () -- C:\Users\afshin3\Desktop\MBR.dat [2013.04.08 17:52:52 | 000,044,848 | ---- | C] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm [2013.04.07 19:10:54 | 000,377,856 | ---- | C] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe [2013.04.07 18:03:29 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\defogger_reenable [2013.04.02 20:33:39 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk [2013.04.02 20:30:58 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk [2013.03.30 18:19:07 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 20:49:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.08.24 08:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.11 17:08:52 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2011.07.26 17:22:00 | 000,015,428 | ---- | C] () -- C:\Users\afshin3\RefEdit.exd [2011.07.15 09:42:53 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{ED8D64B9-37E5-435F-A739-1A5B063B4035} [2011.06.15 21:11:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.28 02:54:09 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~37673988 [2011.05.21 19:33:54 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{BB9D2246-53EC-47D6-B18C-E16A21D48890} [2011.04.05 21:34:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.05 20:12:03 | 000,005,115 | -H-- | C] () -- C:\ProgramData\mtbjfghn.xbe [2006.07.28 13:29:14 | 000,000,367 | ---- | C] () -- C:\Program Files\MyList.mft [2006.05.30 16:03:32 | 000,025,893 | ---- | C] () -- C:\Program Files\Card Burner upotreba.xml [2005.11.15 11:25:50 | 005,823,050 | ---- | C] () -- C:\Program Files\Salif Keita - 03 - Madan.mp3 [2005.11.01 15:46:06 | 002,753,515 | ---- | C] () -- C:\Program Files\La_Flaca.mp3 [2003.10.18 06:37:10 | 004,006,266 | ---- | C] () -- C:\Program Files\ABBA - Super Trooper.mp3 [2003.10.18 06:36:58 | 003,658,106 | ---- | C] () -- C:\Program Files\Blonde - Atomic.mp3 ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.04.2013 19:26:14 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afshin3\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,21% Memory free
3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,79 Gb Total Space | 27,89 Gb Free Space | 54,91% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 21,51 Gb Free Space | 42,17% Space Free | Partition Type: NTFS
Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5B3B02-B9EA-4261-AC8F-57CC13F3CCE8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24A73305-7487-4D37-81FB-C561EAB47B6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52443A2A-29EF-4CBE-B331-EF35E18CB1BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{585FFDE5-E5A4-4F80-95D3-19430175BB2A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5FC414DF-7217-40CE-B4EE-5090CB7ED6A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6DAD194B-864A-4AB7-87B4-8B4CE340B683}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{6EE563F1-2273-422B-BCB2-0C8BCF87AFDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70EEB091-2935-463F-94F2-FE589F288ED1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7D4F7821-1A14-4EAC-A26C-0AD0824D4E5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B178C977-397F-4768-B556-3E47BF33BF4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6EC3B30-BBB6-44E5-AACE-47CD0F303260}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{CAAE12F8-AF9A-4F6E-9112-ED74115B11DF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{ECB3E4FF-B004-4B32-86B6-2EEE599B0943}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE40B3-B02F-4D2C-931A-80F82027ED01}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{0CD39F31-2967-4791-896E-450D7B2F3A90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1045495B-BCA2-4FCE-B902-5EEC2D0FB210}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{10A6A2B1-0522-46BF-96E1-E9F891A716D8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{18F82BF0-B855-41D8-89F8-DD354F59C23E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C9EAC22-707C-430C-885B-4FD64EA6F422}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E8061EB-A0E6-4449-ABDC-335386A88E77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C942CBE-7A47-4AC9-94FE-47ABB3860C28}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{314C04AA-2DD2-4E58-9603-1994027C2945}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{410DF6CD-5162-4864-BEBE-422F30B63648}" = protocol=6 | dir=out | app=system |
"{49CC08C6-A875-403B-9300-B5F394738ED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C8978BF-DDAD-4778-B02A-3ACF01F2FABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50FBDCB5-AF22-4266-B8F4-5EBE335F3AC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{575009AE-140A-42EF-887F-BA645B75D044}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{6046089B-C609-4B12-9119-E87429D9F276}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{6E7226CD-5C1F-4FBC-B8C7-81EBD3085198}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{6FD34CB4-E4B2-4062-BE08-C08823FA15AD}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{70AA399A-697C-4531-9800-0CFFCE4BC10D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B76BC7B-9DB1-4A2F-9C18-F46DBC393120}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{9DFE6763-E414-42B4-B7A8-65376C154C7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A30858AB-FECF-42B8-9625-EDE00FC6249F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{A6DFB519-CA89-40F9-A0E0-C4A9BF6A6878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A80B1371-3858-402B-837E-917477B071E7}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{B7B2B037-F638-4057-974E-9BE0B38C6AB2}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{BAFCEDA9-D32C-48BD-A55A-A1CA725F2232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2A5B77E-25E4-4C7E-A384-CD56BCE17CA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F89ABEEB-87E6-4E2C-A64A-AE8753B88211}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{524D615B-881E-406A-A2E0-D62F500F58E2}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"TCP Query User{79F2F4D8-5D30-48E0-85EB-77F13F0BAD05}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"TCP Query User{FA8F0533-7F43-4C38-BFB0-61000A7EE68D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{102C492B-D110-4DC9-8CF9-D24DE3141D71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{840598D4-427D-44E3-99B9-F8D347D4C76B}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
"UDP Query User{9C34D2E7-0ED3-4614-9D4F-8823A6F45056}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1686816B-367A-4EA6-9C20-F694A5511C13}" = AS Lernen
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CC5825C2-2F59-459B-84ED-D0D1958101FA}" = CardBurner
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = ArcSoft TotalMedia 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Glary Utilities_is1" = Glary Utilities 2.42.0.1389
"HashTab" = HashTab 5.1.0.23
"Intense Language Office" = Intense Language Office
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.1
"PrintProjects" = PrintProjects
"RealPlayer 12.0" = RealPlayer
"TIPP10_is1" = TIPP10 Version 2.1.0
"TomTom HOME" = TomTom HOME 2.7.3.1894
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
< End of report >
|
|
| Themen zu MP3 Player und USB Stick zeigen nur noch Verknüpfungen |
| backdoor.ircbot, dateien, einstellungen, firefox, funktioniert, gmer, leerer ordner, mp3, mp3-player, ordner, programm, pup.datamngr, pup.offerbundler.st, spybot, trojan.agent.gen, usb stick, usb stick dateien, verknüfungen, verknüpfungen, versteckte, versteckte dateien |
Hybrid-Darstellung
