| |
| |||||||
Log-Analyse und Auswertung: Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER LogfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.03.2014, 08:06
| #1 |
| |  Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles Hallo ihr Lieben, ich erbitte die Auswertung von folgendem Logfile. Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden vom Telekom (T-online) gesperrt.Bitte um Hilfe. Hier Scann Nr 1GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-09 07:08:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000060 ST310005 rev.CC44 931,51GB
Running: igxsf7vg.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\uwdoipow.sys
---- System - GMER 2.1 ----
SSDT 9EEA880E ZwCreateSection
SSDT 9EEA8818 ZwRequestWaitReplyPort
SSDT 9EEA8813 ZwSetContextThread
SSDT 9EEA881D ZwSetSecurityObject
SSDT 9EEA8822 ZwSystemDebugControl
SSDT 9EEA87AF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83A77A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83AB1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83AB858C 4 Bytes [0E, 88, EA, 9E] {PUSH CS; MOV DL, CH; SAHF }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83AB88E8 4 Bytes [18, 88, EA, 9E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 83AB892C 1 Byte [13]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 83AB892C 4 Bytes [13, 88, EA, 9E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 83AB89A8 4 Bytes [1D, 88, EA, 9E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9F23E000, 0x2F786C, 0xE8000020]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DE562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DE56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E02546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DF85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DF4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DF5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DF51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DF6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DF8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DF8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DF90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DFE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2148] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DF4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Und Scann NR 2 GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-09 07:15:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000060 ST310005 rev.CC44 931,51GB
Running: igxsf7vg.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\uwdoipow.sys
---- Services - GMER 2.1 ----
Service C:\Windows\system32\netfxperf.dll .NET CLR Data
Service C:\Windows\system32\netfxperf.dll .NET CLR Networking
Service C:\Windows\system32\netfxperf.dll .NET CLR Networking 4.0.0.0
Service C:\Windows\system32\netfxperf.dll .NET Data Provider for Oracle
Service C:\Windows\system32\netfxperf.dll .NET Data Provider for SqlServer
Service C:\Windows\system32\netfxperf.dll .NET Memory Cache 4.0
Service C:\Windows\system32\mscoree.dll .NETFramework
Service C:\Windows\system32\drivers\1394ohci.sys [MANUAL] 1394ohci
Service C:\Windows\system32\drivers\ACPI.sys [BOOT] ACPI
Service C:\Windows\system32\drivers\acpipmi.sys [MANUAL] AcpiPmi
Service C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [AUTO] AdobeARMservice
Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\Windows\system32\DRIVERS\adp94xx.sys [MANUAL] adp94xx
Service C:\Windows\system32\DRIVERS\adpahci.sys [MANUAL] adpahci
Service C:\Windows\system32\DRIVERS\adpu320.sys [MANUAL] adpu320
Service adsi
Service C:\Windows\System32\aelupsvc.dll [MANUAL] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys [MANUAL] agp440
Service C:\Windows\system32\DRIVERS\djsvs.sys [MANUAL] aic78xx
Service C:\Windows\System32\alg.exe [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys [MANUAL] aliide
Service C:\Windows\system32\atiesrxx.exe [AUTO] AMD External Events Utility
Service C:\Windows\system32\drivers\amdagp.sys [MANUAL] amdagp
Service C:\Windows\system32\DRIVERS\amdide.sys [BOOT] amdide
Service C:\Windows\system32\DRIVERS\amdk8.sys [MANUAL] AmdK8
Service C:\Windows\system32\DRIVERS\atikmdag.sys [MANUAL] amdkmdag
Service C:\Windows\system32\DRIVERS\atikmpag.sys [MANUAL] amdkmdap
Service C:\Windows\system32\DRIVERS\amdppm.sys [MANUAL] AmdPPM
Service C:\Windows\system32\DRIVERS\amdsata.sys [BOOT] amdsata
Service C:\Windows\system32\DRIVERS\amdsbs.sys [MANUAL] amdsbs
Service C:\Windows\system32\DRIVERS\amdxata.sys [BOOT] amdxata
Service C:\Program Files\Avira\AntiVir Desktop\sched.exe [AUTO] AntiVirSchedulerService
Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe [AUTO] AntiVirService
Service C:\Windows\system32\drivers\appid.sys [MANUAL] AppID
Service C:\Windows\System32\appidsvc.dll [MANUAL] AppIDSvc
Service C:\Windows\System32\appinfo.dll [MANUAL] Appinfo
Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [AUTO] Apple Mobile Device
Service C:\Windows\system32\DRIVERS\arc.sys [MANUAL] arc
Service C:\Windows\system32\DRIVERS\arcsas.sys [MANUAL] arcsas
Service C:\Windows\system32\aspnet_counters.dll ASP.NET
Service C:\Windows\system32\aspnet_counters.dll ASP.NET_4.0.30319
Service C:\Windows\system32\aspnet_counters.dll [MANUAL] aspnet_state
Service C:\Windows\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys [BOOT] atapi
Service Atierecord
Service C:\Windows\system32\drivers\AtiHdmi.sys [MANUAL] AtiHdmiService
Service C:\Windows\system32\DRIVERS\AtiPcie.sys [BOOT] AtiPcie
Service C:\Windows\System32\Audiosrv.dll [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\Audiosrv.dll [AUTO] Audiosrv
Service C:\Windows\system32\DRIVERS\avgntflt.sys [AUTO] avgntflt
Service C:\Windows\system32\DRIVERS\avipbb.sys [SYSTEM] avipbb
Service C:\Windows\system32\DRIVERS\avkmgr.sys [SYSTEM] avkmgr
Service C:\Program Files\avmwlanstick\WlanNetService.exe [AUTO] AVM WLAN Connection Service
Service C:\Windows\system32\drivers\avmeject.sys [MANUAL] avmeject
Service C:\Windows\System32\AxInstSV.dll [MANUAL] AxInstSV
Service C:\Windows\system32\DRIVERS\bxvbdx.sys [MANUAL] b06bdrv
Service C:\Windows\system32\DRIVERS\b57nd60x.sys [MANUAL] b57nd60x
Service C:\Program Files\MyPC Backup\BackupStack.exe [AUTO] BackupStack
Service C:\Windows\system32\drivers\BattC.sys BattC
Service C:\Windows\System32\bdesvc.dll [MANUAL] BDESVC
Service C:\Windows\system32\drivers\Beep.sys [SYSTEM] Beep
Service C:\Windows\System32\bfe.dll [AUTO] BFE
Service C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [MANUAL] BgRaSvc
Service C:\Windows\System32\qmgr.dll [AUTO] BITS
Service C:\Windows\system32\DRIVERS\blbdrive.sys [SYSTEM] blbdrive
Service C:\Program Files\Bonjour\mDNSResponder.exe [AUTO] Bonjour Service
Service C:\Windows\system32\DRIVERS\bowser.sys [MANUAL] bowser
Service C:\Windows\system32\DRIVERS\BrFiltLo.sys [MANUAL] BrFiltLo
Service C:\Windows\system32\DRIVERS\BrFiltUp.sys [MANUAL] BrFiltUp
Service C:\Program Files\NCH Software\BroadCam\broadcam.exe [AUTO] BroadCamService
Service C:\Windows\System32\browser.dll [MANUAL] Browser
Service C:\Windows\System32\Drivers\Brserid.sys [MANUAL] Brserid
Service C:\Windows\System32\Drivers\BrSerWdm.sys [MANUAL] BrSerWdm
Service C:\Windows\System32\Drivers\BrUsbMdm.sys [MANUAL] BrUsbMdm
Service C:\Windows\System32\Drivers\BrUsbSer.sys [MANUAL] BrUsbSer
Service C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [AUTO] BsMain
Service C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [AUTO] BsUpdate
Service C:\Windows\system32\DRIVERS\bthmodem.sys [MANUAL] BTHMODEM
Service BTHPORT
Service C:\Windows\system32\bthserv.dll [MANUAL] bthserv
Service C:\Windows\system32\DRIVERS\cdfs.sys [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys [SYSTEM] cdrom
Service C:\Windows\System32\certprop.dll [MANUAL] CertPropSvc
Service C:\Windows\System32\Drivers\CH341SER.SYS [MANUAL] CH341SER
Service C:\Windows\system32\DRIVERS\circlass.sys [MANUAL] circlass
Service C:\Windows\System32\CLFS.sys [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\system32\DRIVERS\CmBatt.sys [MANUAL] CmBatt
Service C:\Windows\system32\drivers\cmdide.sys [MANUAL] cmdide
Service C:\Windows\System32\Drivers\cng.sys [BOOT] CNG
Service C:\Windows\system32\DRIVERS\compbatt.sys [MANUAL] Compbatt
Service C:\Windows\system32\drivers\CompositeBus.sys [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe [MANUAL] COMSysApp
Service C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [MANUAL] cpuz132
Service C:\Windows\system32\DRIVERS\crcdisk.sys [DISABLED] crcdisk
Service crypt32
Service C:\Windows\system32\cryptsvc.dll [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\rpcss.dll [AUTO] DcomLaunch
Service C:\Windows\System32\defragsvc.dll [MANUAL] defragsvc
Service C:\Windows\System32\Drivers\dfsc.sys [SYSTEM] DfsC
Service C:\Windows\system32\dhcpcore.dll [AUTO] Dhcp
Service C:\Windows\System32\drivers\discache.sys [SYSTEM] discache
Service C:\Windows\system32\DRIVERS\disk.sys [BOOT] Disk
Service C:\Windows\System32\dnsrslvr.dll [AUTO] Dnscache
Service C:\Windows\System32\dot3svc.dll [MANUAL] dot3svc
Service C:\Windows\system32\dps.dll [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys [MANUAL] DXGKrnl
Service C:\Windows\System32\eapsvc.dll [MANUAL] EapHost
Service C:\Windows\system32\DRIVERS\evbdx.sys [MANUAL] ebdrv
Service C:\Windows\System32\lsass.exe [MANUAL] EFS
Service C:\Windows\ehome\ehRecvr.exe [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe [MANUAL] ehSched
Service C:\Windows\system32\DRIVERS\elxstor.sys [MANUAL] elxstor
Service C:\Windows\system32\EscSvc.exe [AUTO] EpsonScanSvc
Service C:\Windows\system32\drivers\errdev.sys [MANUAL] ErrDev
Service C:\Windows\system32\esentprf.dll ESENT
Service C:\Windows\System32\wevtsvc.dll [AUTO] eventlog
Service C:\Windows\system32\es.dll [AUTO] EventSystem
Service C:\Windows\system32\drivers\exfat.sys [MANUAL] exfat
Service C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [AUTO] Fabs
Service C:\Windows\system32\drivers\fastfat.sys [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe [MANUAL] Fax
Service C:\Windows\system32\DRIVERS\fdc.sys [MANUAL] fdc
Service C:\Windows\system32\fdPHost.dll [MANUAL] fdPHost
Service C:\Windows\system32\fdrespub.dll [AUTO] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys [MANUAL] Filetrace
Service C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [MANUAL] FirebirdServerMAGIXInstance
Service C:\Windows\system32\DRIVERS\flpydisk.sys [MANUAL] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service C:\Windows\system32\FntCache.dll [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0
Service C:\Windows\System32\drivers\FsDepends.sys [MANUAL] FsDepends
Service C:\Windows\system32\DRIVERS\fssfltr.sys [MANUAL] fssfltr
Service C:\Program Files\Windows Live\Family Safety\fsssvc.exe [MANUAL] fsssvc
Service C:\Windows\system32\drivers\Fs_Rec.sys [BOOT] Fs_Rec
Service C:\Windows\System32\DRIVERS\fvevol.sys [BOOT] fvevol
Service C:\Windows\system32\DRIVERS\fwlanusb.sys [MANUAL] FWLANUSB
Service C:\Windows\system32\DRIVERS\gagp30kx.sys [MANUAL] gagp30kx
Service C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [MANUAL] GEARAspiWDM
Service C:\Windows\System32\gpsvc.dll [AUTO] gpsvc
Service C:\Program Files\Google\Update\GoogleUpdate.exe [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe [MANUAL] gupdatem
Service C:\Windows\system32\drivers\hcw85cir.sys [MANUAL] hcw85cir
Service C:\Windows\system32\drivers\HdAudio.sys [MANUAL] HdAudAddService
Service C:\Windows\system32\drivers\HDAudBus.sys [MANUAL] HDAudBus
Service C:\Windows\system32\DRIVERS\HidBatt.sys [MANUAL] HidBatt
Service C:\Windows\system32\DRIVERS\hidbth.sys [MANUAL] HidBth
Service C:\Windows\system32\DRIVERS\hidir.sys [MANUAL] HidIr
Service C:\Windows\system32\hidserv.dll [MANUAL] hidserv
Service C:\Windows\system32\drivers\hidusb.sys [MANUAL] HidUsb
Service C:\Windows\system32\kmsvc.dll [MANUAL] hkmsvc
Service C:\Windows\system32\ListSvc.dll [MANUAL] HomeGroupListener
Service C:\Windows\system32\provsvc.dll [MANUAL] HomeGroupProvider
Service C:\Windows\system32\drivers\HpSAMD.sys [MANUAL] HpSAMD
Service C:\Windows\system32\drivers\HTTP.sys [MANUAL] HTTP
Service C:\Windows\System32\drivers\hwpolicy.sys [BOOT] hwpolicy
Service C:\Windows\system32\drivers\i8042prt.sys [MANUAL] i8042prt
Service C:\Windows\system32\drivers\iaStorV.sys [MANUAL] iaStorV
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc
Service C:\Windows\system32\IEEtwCollector.exe [MANUAL] IEEtwCollectorService
Service C:\Windows\system32\DRIVERS\iirsp.sys [MANUAL] iirsp
Service C:\Windows\System32\ikeext.dll [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHDA.sys [MANUAL] IntcAzAudAddService
Service C:\Windows\system32\drivers\intelide.sys [MANUAL] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys [MANUAL] intelppm
Service C:\Windows\system32\ipbusenum.dll [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\Windows\System32\iphlpsvc.dll [AUTO] iphlpsvc
Service C:\Windows\system32\drivers\IPMIDrv.sys [MANUAL] IPMIDRV
Service C:\Windows\System32\drivers\ipnat.sys [MANUAL] IPNAT
Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPod Service
Service C:\Windows\system32\drivers\irenum.sys [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys [MANUAL] isapnp
Service C:\Windows\system32\drivers\msiscsi.sys [MANUAL] iScsiPrt
Service C:\Windows\system32\drivers\kbdclass.sys [MANUAL] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys [MANUAL] kbdhid
Service C:\Windows\system32\lsass.exe [MANUAL] KeyIso
Service C:\Windows\system32\srvany.exe [AUTO] KMService
Service C:\Windows\System32\Drivers\ksecdd.sys [BOOT] KSecDD
Service C:\Windows\System32\Drivers\ksecpkg.sys [BOOT] KSecPkg
Service C:\Windows\system32\msdtckrm.dll [MANUAL] KtmRm
Service C:\Windows\system32\srvsvc.dll [AUTO] LanmanServer
Service C:\Windows\System32\wkssvc.dll [AUTO] LanmanWorkstation
Service ldap
Service C:\Windows\system32\DRIVERS\lltdio.sys [AUTO] lltdio
Service C:\Windows\System32\lltdsvc.dll [MANUAL] lltdsvc
Service C:\Windows\System32\lmhsvc.dll [AUTO] lmhosts
Service C:\Windows\system32\Secur32.dll Lsa
Service C:\Windows\system32\DRIVERS\lsi_fc.sys [MANUAL] LSI_FC
Service C:\Windows\system32\DRIVERS\lsi_sas.sys [MANUAL] LSI_SAS
Service C:\Windows\system32\DRIVERS\lsi_sas2.sys [MANUAL] LSI_SAS2
Service C:\Windows\system32\DRIVERS\lsi_scsi.sys [MANUAL] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys [AUTO] luafv
Service C:\Program Files\Microsoft Fix it Center\Matsvc.exe [MANUAL] MatSvc
Service C:\Windows\system32\drivers\mbam.sys [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [AUTO] MBAMScheduler
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [AUTO] MBAMService
Service C:\Windows\system32\Mcx2Svc.dll [DISABLED] Mcx2Svc
Service C:\Windows\system32\DRIVERS\megasas.sys [MANUAL] megasas
Service C:\Windows\system32\DRIVERS\MegaSR.sys [MANUAL] MegaSR
Service C:\Windows\system32\B847.tmp [MANUAL] MEMSWEEP2
Service C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [MANUAL] Microsoft SharePoint Workspace Audit Service
Service C:\Windows\system32\mmcss.dll [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys [MANUAL] monitor
Service C:\Windows\system32\drivers\mouclass.sys [MANUAL] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys [BOOT] mountmgr
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [DISABLED] MozillaMaintenance
Service C:\Windows\system32\drivers\mpio.sys [MANUAL] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys [MANUAL] mpsdrv
Service C:\Windows\system32\mpssvc.dll [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mrxdav.sys [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys [MANUAL] msahci
Service C:\Windows\system32\drivers\msdsm.sys [MANUAL] msdsm
Service C:\Windows\system32\msdtcuiu.DLL [MANUAL] MSDTC
Service C:\Windows\system32\NETFXPerf.dll MSDTC Bridge 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\drivers\Msfs.sys [SYSTEM] Msfs
Service C:\Windows\System32\drivers\mshidkmdf.sys [MANUAL] mshidkmdf
Service C:\Windows\system32\drivers\msisadrv.sys [BOOT] msisadrv
Service C:\Windows\system32\iscsiexe.dll [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\Windows\system32\drivers\MsRPC.sys [MANUAL] MsRPC
Service C:\Windows\system32\msscntrs.dll MSSCNTRS
Service C:\Windows\system32\drivers\mssmbios.sys [SYSTEM] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service C:\Windows\system32\DRIVERS\MTConfig.sys [MANUAL] MTConfig
Service C:\Windows\System32\Drivers\mup.sys [BOOT] Mup
Service C:\Windows\system32\qagentRT.dll [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndiscap.sys [MANUAL] NdisCap
Service C:\Windows\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service C:\Windows\system32\drivers\NDProxy.sys [MANUAL] NDProxy
Service C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [AUTO] Nero BackItUp Scheduler 4.0
Service C:\Windows\system32\DRIVERS\netaapl.sys [MANUAL] Netaapl
Service C:\Windows\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe [MANUAL] Netlogon
Service C:\Windows\System32\netman.dll [MANUAL] Netman
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [DISABLED] NetMsmqActivator
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [DISABLED] NetPipeActivator
Service C:\Windows\System32\netprofm.dll [MANUAL] netprofm
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [DISABLED] NetTcpActivator
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\DRIVERS\nfrd960.sys [MANUAL] nfrd960
Service C:\Windows\System32\nlasvc.dll [AUTO] NlaSvc
Service C:\Windows\system32\drivers\npf.sys [AUTO] NPF
Service C:\Windows\system32\drivers\Npfs.sys [SYSTEM] Npfs
Service C:\Windows\system32\nsisvc.dll [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys [SYSTEM] nsiproxy
Service NTDS
Service C:\Windows\system32\drivers\Ntfs.sys [MANUAL] Ntfs
Service C:\Windows\system32\drivers\Null.sys [SYSTEM] Null
Service C:\Windows\system32\drivers\nvraid.sys [MANUAL] nvraid
Service C:\Windows\system32\drivers\nvstor.sys [MANUAL] nvstor
Service C:\Windows\system32\drivers\nv_agp.sys [MANUAL] nv_agp
Service C:\Windows\system32\drivers\ohci1394.sys [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [MANUAL] osppsvc
Service C:\Windows\system32\pnrpsvc.dll [MANUAL] p2pimsvc
Service C:\Windows\system32\p2psvc.dll [MANUAL] p2psvc
Service C:\Windows\system32\DRIVERS\parport.sys [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys [BOOT] partmgr
Service C:\Windows\system32\DRIVERS\parvdm.sys [AUTO] Parvdm
Service C:\Windows\system32\DRIVERS\PcaSp60.sys [MANUAL] PcaSp60
Service C:\Windows\System32\pcasvc.dll [MANUAL] PcaSvc
Service C:\Windows\system32\drivers\pci.sys [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys [MANUAL] pciide
Service C:\Windows\system32\DRIVERS\pcmcia.sys [MANUAL] pcmcia
Service C:\Windows\System32\drivers\pcw.sys [BOOT] pcw
Service C:\Windows\system32\drivers\peauth.sys [AUTO] PEAUTH
Service C:\Windows\System32\perfdisk.dll PerfDisk
Service C:\Windows\System32\perfnet.dll PerfNet
Service C:\Windows\System32\perfos.dll PerfOS
Service C:\Windows\System32\perfproc.dll PerfProc
Service C:\Windows\system32\pla.dll [MANUAL] pla
Service C:\Windows\system32\umpnpmgr.dll [AUTO] PlugPlay
Service C:\Windows\system32\pnrpauto.dll [MANUAL] PNRPAutoReg
Service C:\Windows\system32\pnrpsvc.dll [MANUAL] PNRPsvc
Service C:\Windows\System32\ipsecsvc.dll [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\system32\umpo.dll [AUTO] Power
Service C:\Windows\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\Windows\system32\DRIVERS\processr.sys [MANUAL] Processor
Service C:\Windows\system32\profsvc.dll [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\pacer.sys [SYSTEM] Psched
Service c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [AUTO] PSI_SVC_2
Service C:\Windows\system32\DRIVERS\ql2300.sys [MANUAL] ql2300
Service C:\Windows\system32\DRIVERS\ql40xx.sys [MANUAL] ql40xx
Service C:\Windows\system32\qwave.dll [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys [MANUAL] RasAcd
Service C:\Windows\system32\DRIVERS\AgileVpn.sys [MANUAL] RasAgileVpn
Service C:\Windows\System32\rasauto.dll [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\Windows\System32\rasmans.dll [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys [SYSTEM] rdbss
Service C:\Windows\system32\DRIVERS\rdpbus.sys [MANUAL] rdpbus
Service C:\Windows\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpencdd.sys [SYSTEM] RDPENCDD
Service RDPNP
Service C:\Windows\system32\drivers\rdprefmp.sys [SYSTEM] RDPREFMP
Service C:\Windows\system32\drivers\RDPWD.sys [MANUAL] RDPWD
Service C:\Windows\system32\sysmain.dll [BOOT] rdyboost
Service C:\Windows\System32\mprdim.dll [DISABLED] RemoteAccess
Service C:\Windows\system32\regsvc.dll [DISABLED] RemoteRegistry
Service C:\Program Files\WinPcap\rpcapd.exe [MANUAL] rpcapd
Service C:\Windows\System32\RpcEpMap.dll [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe [MANUAL] RpcLocator
Service C:\Windows\system32\rpcss.dll [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys [AUTO] rspndr
Service C:\Windows\system32\DRIVERS\Rt86win7.sys [MANUAL] RTL8167
Service C:\Windows\system32\DRIVERS\RTL8192su.sys [MANUAL] RTL8192su
Service C:\Windows\system32\lsass.exe [AUTO] SamSs
Service C:\Windows\system32\SAVRKBootTasks.sys [SYSTEM] SAVRKBootTasks
Service C:\Windows\system32\drivers\sbp2port.sys [MANUAL] sbp2port
Service C:\Windows\System32\SCardSvr.dll [MANUAL] SCardSvr
Service C:\Windows\System32\DRIVERS\scfilter.sys [MANUAL] scfilter
Service C:\Windows\system32\schedsvc.dll [AUTO] Schedule
Service C:\Windows\System32\certprop.dll [MANUAL] SCPolicySvc
Service C:\Windows\System32\SDRSVC.dll [MANUAL] SDRSVC
Service C:\Windows\system32\drivers\secdrv.sys [AUTO] secdrv
Service C:\Windows\system32\seclogon.dll [MANUAL] seclogon
Service C:\Windows\System32\sens.dll [AUTO] SENS
Service C:\Windows\system32\sensrsvc.dll [MANUAL] SensrSvc
Service C:\Windows\system32\DRIVERS\serenum.sys [MANUAL] Serenum
Service C:\Windows\system32\DRIVERS\serial.sys [MANUAL] Serial
Service C:\Windows\system32\DRIVERS\sermouse.sys [MANUAL] sermouse
Service C:\Windows\system32\NETFXPerf.dll ServiceModelEndpoint 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll ServiceModelOperation 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll ServiceModelService 3.0.0.0
Service C:\Windows\system32\sessenv.dll [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys [MANUAL] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys [MANUAL] sffp_sd
Service C:\Windows\system32\DRIVERS\sfloppy.sys [MANUAL] sfloppy
Service C:\Windows\System32\ipnathlp.dll [AUTO] SharedAccess
Service C:\Windows\System32\shsvcs.dll [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys [MANUAL] sisagp
Service C:\Windows\system32\DRIVERS\SiSRaid2.sys [MANUAL] SiSRaid2
Service C:\Windows\system32\DRIVERS\sisraid4.sys [MANUAL] SiSRaid4
Service C:\Program Files\Skype\Updater\Updater.exe [AUTO] SkypeUpdate
Service C:\Windows\system32\DRIVERS\smb.sys [MANUAL] Smb
Service C:\Windows\system32\NETFXPerf.dll SMSvcHost 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll SMSvcHost 4.0.0.0
Service C:\Windows\System32\snmptrap.exe [MANUAL] SNMPTRAP
Service C:\Windows\system32\drivers\spldr.sys [BOOT] spldr
Service C:\Windows\system32\winspool.drv [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe [AUTO] sppsvc
Service C:\Windows\system32\sppuinotify.dll [MANUAL] sppuinotify
Service C:\Windows\System32\DRIVERS\srv.sys [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys [MANUAL] srvnet
Service C:\Windows\System32\ssdpsrv.dll [MANUAL] SSDPSRV
Service C:\Windows\system32\DRIVERS\ssmdrv.sys [SYSTEM] ssmdrv
Service C:\Windows\system32\sstpsvc.dll [MANUAL] SstpSvc
Service C:\Windows\system32\DRIVERS\stexstor.sys [MANUAL] stexstor
Service C:\Windows\System32\wiaservc.dll [MANUAL] StiSvc
Service C:\Windows\system32\drivers\swenum.sys [MANUAL] swenum
Service C:\Windows\System32\swprv.dll [MANUAL] swprv
Service C:\Windows\system32\sysmain.dll [AUTO] SysMain
Service C:\Windows\System32\TabSvc.dll [AUTO] TabletInputService
Service C:\Windows\System32\tapisrv.dll [MANUAL] TapiSrv
Service C:\Windows\System32\tbssvc.dll [MANUAL] TBS
Service C:\Windows\System32\Perfctrs.dll [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service C:\Windows\System32\drivers\tcpipreg.sys [AUTO] tcpipreg
Service TCPIPTUNNEL
Service C:\Windows\system32\drivers\tdpipe.sys [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys [SYSTEM] tdx
Service C:\Windows\system32\drivers\termdd.sys [SYSTEM] TermDD
Service C:\Windows\System32\termsrv.dll [MANUAL] TermService
Service C:\Windows\system32\themeservice.dll [AUTO] Themes
Service C:\Windows\system32\mmcss.dll [MANUAL] THREADORDER
Service C:\Windows\System32\trkwks.dll [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys [MANUAL] tssecsrv
Service C:\Windows\System32\drivers\tsusbflt.sys [MANUAL] TsUsbFlt
Service C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [AUTO] TuneUp.UtilitiesSvc
Service C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [MANUAL] TuneUpUtilitiesDrv
Service C:\Windows\system32\DRIVERS\tunnel.sys [MANUAL] tunnel
Service C:\Windows\system32\DRIVERS\uagp35.sys [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys [DISABLED] udfs
Service C:\Windows\system32\msscntrs.dll UGatherer
Service C:\Windows\system32\msscntrs.dll UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\umbus.sys [MANUAL] umbus
Service C:\Windows\system32\DRIVERS\umpass.sys [MANUAL] UmPass
Service C:\Windows\System32\upnphost.dll [MANUAL] upnphost
Service C:\Windows\System32\Drivers\usbaapl.sys [MANUAL] USBAAPL
Service C:\Windows\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys [MANUAL] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbfilter.sys [MANUAL] usbfilter
Service C:\Windows\system32\usbperf.dll [MANUAL] usbhub
Service C:\Windows\system32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys [MANUAL] usbscan
Service C:\Program Files\ASUS\Printer Utilities\UsbService.exe [AUTO] UsbService
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\Windows\system32\drivers\usbuhci.sys [MANUAL] usbuhci
Service C:\Windows\System32\uxsms.dll [AUTO] UxSms
Service C:\Windows\System32\uxtuneup.dll [AUTO] UxTuneUp
Service C:\Windows\system32\lsass.exe [MANUAL] VaultSvc
Service C:\Windows\system32\drivers\vdrvroot.sys [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\vhdmp.sys [MANUAL] vhdmp
Service C:\Windows\system32\drivers\viaagp.sys [MANUAL] viaagp
Service C:\Windows\system32\DRIVERS\viac7.sys [MANUAL] ViaC7
Service C:\Windows\system32\drivers\viaide.sys [MANUAL] viaide
Service C:\Windows\system32\drivers\volmgr.sys [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys [BOOT] volsnap
Service C:\Windows\system32\DRIVERS\vpchbus.sys [MANUAL] vpcbus
Service C:\Windows\system32\DRIVERS\vpcnfltr.sys [SYSTEM] vpcnfltr
Service C:\Windows\system32\DRIVERS\vpcusb.sys [MANUAL] vpcusb
Service C:\Windows\system32\drivers\vpcvmm.sys [SYSTEM] vpcvmm
Service C:\Windows\system32\DRIVERS\vsmraid.sys [MANUAL] vsmraid
Service C:\Windows\system32\vssvc.exe [MANUAL] VSS
Service C:\Windows\system32\DRIVERS\vuhub.sys [MANUAL] vuhub
Service C:\Windows\system32\DRIVERS\vwifibus.sys [MANUAL] vwifibus
Service C:\Windows\system32\DRIVERS\vwififlt.sys [SYSTEM] vwififlt
Service C:\Windows\system32\w32time.dll [MANUAL] W32Time
Service W3SVC
Service C:\Windows\system32\DRIVERS\wacompen.sys [MANUAL] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys [MANUAL] WANARP
Service C:\Windows\system32\DRIVERS\wanarp.sys [SYSTEM] Wanarpv6
Service C:\Windows\system32\Wat\WatAdminSvc.exe [MANUAL] WatAdminSvc
Service C:\Windows\system32\wbengine.exe [MANUAL] wbengine
Service C:\Windows\System32\wbiosrvc.dll [MANUAL] WbioSrvc
Service C:\Windows\System32\wcncsvc.dll [MANUAL] wcncsvc
Service C:\Windows\System32\WcsPlugInService.dll [MANUAL] WcsPlugInService
Service C:\Windows\system32\DRIVERS\wd.sys [MANUAL] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys [BOOT] Wdf01000
Service C:\Windows\system32\wdi.dll [MANUAL] WdiServiceHost
Service C:\Windows\system32\wdi.dll [MANUAL] WdiSystemHost
Service C:\Windows\System32\webclnt.dll [MANUAL] WebClient
Service C:\Windows\system32\wecsvc.dll [MANUAL] Wecsvc
Service C:\Windows\System32\wercplsupport.dll [MANUAL] wercplsupport
Service C:\Windows\System32\WerSvc.dll [MANUAL] WerSvc
Service C:\Windows\system32\DRIVERS\wfplwf.sys [SYSTEM] WfpLwf
Service C:\Windows\system32\drivers\wimmount.sys [MANUAL] WIMMount
Service C:\Program Files\Windows Defender\mpsvc.dll [MANUAL] WinDefend
Service C:\Windows\system32\netfxperf.dll Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll Windows Workflow Foundation 4.0.0.0
Service C:\Windows\system32\winhttp.dll [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\wbem\WMIsvc.dll [MANUAL] Winmgmt
Service C:\Windows\system32\WsmSvc.dll [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\DRIVERS\WinUsb.sys [MANUAL] WinUsb
Service C:\Windows\System32\wlansvc.dll [AUTO] Wlansvc
Service C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [AUTO] wlidsvc
Service C:\Windows\system32\drivers\wmiacpi.sys [MANUAL] WmiAcpi
Service C:\Windows\system32\wbem\wmiaprpl.dll WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
Service C:\Windows\System32\wpcsvc.dll [MANUAL] WPCSvc
Service C:\Windows\system32\wpdbusenum.dll [MANUAL] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys [DISABLED] ws2ifsl
Service C:\Windows\System32\wscsvc.dll [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe [DISABLED] WSearch
Service C:\Windows\system32\tquery.dll WSearchIdxPi
Service C:\Windows\system32\wuaueng.dll [AUTO] wuauserv
Service C:\Windows\system32\drivers\WudfPf.sys [MANUAL] WudfPf
Service C:\Windows\system32\DRIVERS\WUDFRd.sys [MANUAL] WUDFRd
Service C:\Windows\System32\WUDFSvc.dll [MANUAL] wudfsvc
Service C:\Windows\System32\wwansvc.dll [MANUAL] WwanSvc
Service xmlprov
Service {0420064C-0971-486F-9DEC-80272A7F3332}
Service {2BB933EF-BF03-4F0B-BF1D-04CF6B11BF60}
Service {77D8DDEA-3A27-4300-A77F-8353A7230C25}
Service {BA5BF633-74F9-465F-8E03-C03101CCFA98}
Service {C32EEBFD-D1AB-4BA3-BB47-168BC82B1AD8}
Service {DF2FC86A-4CFC-4270-B1A9-C3EB9A924D8D}
---- EOF - GMER 2.1 ----
Vielen Dank noch mal.! |
|
09.03.2014, 08:33
| #2 |
| /// the machine /// TB-Ausbilder    | Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.03.2014, 12:48
| #3 |
| | Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles Hallo Schrauber , danke für deine Antwort
__________________anbai scann mit RST 32 bit FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01
Ran by Tomek (administrator) on TOMEK-PC on 09-03-2014 12:36:35
Running from C:\Users\Tomek\AppData\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIJHE.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Farbar) C:\Users\Tomek\AppData\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {e9e5f5b4-9a38-11df-a438-806e6f6e6963} - E:\InstallNavi.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]
CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]
CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)
R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL
2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 22:52 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 20:30 - 2014-03-09 12:36 - 00000000 ____D () C:\FRST
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 17:17 - 2014-03-09 12:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
==================== One Month Modified Files and Folders =======
2014-03-09 12:36 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST
2014-03-09 12:34 - 2012-08-05 12:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-09 12:34 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype
2014-03-09 12:32 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log
2014-03-09 12:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 12:32 - 2009-07-14 05:39 - 00010805 _____ () C:\Windows\setupact.log
2014-03-09 12:30 - 2010-07-28 13:21 - 01454115 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 12:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-09 12:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2014-03-09 11:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 11:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url
2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-09 09:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 09:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:52 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP
2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek
2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software
2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder
2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner
2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt
2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout
2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit
2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus
2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus
2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg
2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno
2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel
2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG
2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine
2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore
2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software
2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor
2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live
2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
Some content of TEMP:
====================
C:\Users\Tomek\AppData\Local\Temp\avgnt.exe
C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll
C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tomek\AppData\Local\Temp\Java.exe
C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe
C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomek\AppData\Local\Temp\Uni000.exe
C:\Users\Tomek\AppData\Local\Temp\uninst1.exe
C:\Users\Tomek\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-28 00:37
==================== End Of Log ============================
--- --- --- Vielen Dank für deine Antwort im Voraus Hallo Schrauber Hier noch mal nach # Eingabe FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01
Ran by Tomek (administrator) on TOMEK-PC on 09-03-2014 12:46:33
Running from C:\Users\Tomek\AppData\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIJHE.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Farbar) C:\Users\Tomek\AppData\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {e9e5f5b4-9a38-11df-a438-806e6f6e6963} - E:\InstallNavi.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]
CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]
CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)
R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL
2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 22:52 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 20:30 - 2014-03-09 12:46 - 00000000 ____D () C:\FRST
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 17:17 - 2014-03-09 12:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
==================== One Month Modified Files and Folders =======
2014-03-09 12:46 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST
2014-03-09 12:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 12:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 12:34 - 2012-08-05 12:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-09 12:34 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype
2014-03-09 12:32 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log
2014-03-09 12:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 12:32 - 2009-07-14 05:39 - 00010805 _____ () C:\Windows\setupact.log
2014-03-09 12:30 - 2010-07-28 13:21 - 01460553 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 12:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-09 12:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2014-03-09 11:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-09 11:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url
2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:52 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP
2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek
2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software
2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder
2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner
2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt
2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout
2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit
2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus
2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus
2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg
2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno
2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel
2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG
2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine
2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore
2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software
2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor
2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live
2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
Some content of TEMP:
====================
C:\Users\Tomek\AppData\Local\Temp\avgnt.exe
C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll
C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tomek\AppData\Local\Temp\Java.exe
C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe
C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomek\AppData\Local\Temp\Uni000.exe
C:\Users\Tomek\AppData\Local\Temp\uninst1.exe
C:\Users\Tomek\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-28 00:37
==================== End Of Log ============================
--- --- --- |
|
10.03.2014, 12:55
| #4 |
| /// the machine /// TB-Ausbilder | Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles Additional.txt fehlt noch 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2014, 22:29
| #5 |
| | Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles Hallo Schrauber, OK hier noch mal von heute: FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by Tomek (administrator) on TOMEK-PC on 10-03-2014 22:01:30
Running from C:\Users\Tomek\AppData\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375
FF Homepage: hxxp://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]
CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]
CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)
R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL
2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-10 18:00 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 20:30 - 2014-03-10 22:01 - 00000000 ____D () C:\FRST
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 17:17 - 2014-03-10 21:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
==================== One Month Modified Files and Folders =======
2014-03-10 22:01 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST
2014-03-10 22:01 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype
2014-03-10 21:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 21:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 21:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-10 21:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2014-03-10 21:04 - 2012-08-05 12:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-10 20:58 - 2010-07-28 13:21 - 01474900 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 18:00 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 00:52 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 23:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 23:12 - 2009-07-14 05:39 - 00010861 _____ () C:\Windows\setupact.log
2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url
2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP
2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek
2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software
2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder
2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner
2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt
2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout
2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit
2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus
2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus
2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg
2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno
2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel
2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG
2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine
2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore
2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software
2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor
2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live
2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
Some content of TEMP:
====================
C:\Users\Tomek\AppData\Local\Temp\avgnt.exe
C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll
C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tomek\AppData\Local\Temp\Java.exe
C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe
C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomek\AppData\Local\Temp\Uni000.exe
C:\Users\Tomek\AppData\Local\Temp\uninst1.exe
C:\Users\Tomek\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 00:06
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- und hier Additional.tx Gut so? FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by Tomek (administrator) on TOMEK-PC on 10-03-2014 22:01:30
Running from C:\Users\Tomek\AppData\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375
FF Homepage: hxxp://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]
CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]
CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)
R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL
2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-10 18:00 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 20:30 - 2014-03-10 22:01 - 00000000 ____D () C:\FRST
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 17:17 - 2014-03-10 21:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
==================== One Month Modified Files and Folders =======
2014-03-10 22:01 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST
2014-03-10 22:01 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype
2014-03-10 21:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 21:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 21:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-10 21:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2014-03-10 21:04 - 2012-08-05 12:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-10 20:58 - 2010-07-28 13:21 - 01474900 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 18:00 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 00:52 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 23:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 23:12 - 2009-07-14 05:39 - 00010861 _____ () C:\Windows\setupact.log
2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url
2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP
2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek
2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software
2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder
2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner
2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt
2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout
2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit
2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus
2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus
2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg
2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno
2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel
2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG
2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine
2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore
2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software
2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor
2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live
2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
Some content of TEMP:
====================
C:\Users\Tomek\AppData\Local\Temp\avgnt.exe
C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll
C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tomek\AppData\Local\Temp\Java.exe
C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe
C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomek\AppData\Local\Temp\Uni000.exe
C:\Users\Tomek\AppData\Local\Temp\uninst1.exe
C:\Users\Tomek\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 00:06
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Falls nicht wie soll ich den Additional.txerstellen,habe keine Ahnung FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by Tomek (administrator) on TOMEK-PC on 10-03-2014 22:01:30
Running from C:\Users\Tomek\AppData\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\ASUS\Printer Utilities\UsbService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe
HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375
FF Homepage: hxxp://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]
CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]
CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)
R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)
R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()
S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL
2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-10 18:00 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 20:30 - 2014-03-10 22:01 - 00000000 ____D () C:\FRST
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 17:17 - 2014-03-10 21:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
==================== One Month Modified Files and Folders =======
2014-03-10 22:01 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST
2014-03-10 22:01 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype
2014-03-10 21:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 21:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 21:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-10 21:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2014-03-10 21:04 - 2012-08-05 12:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-10 20:58 - 2010-07-28 13:21 - 01474900 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 18:00 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 00:52 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 23:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 23:12 - 2009-07-14 05:39 - 00010861 _____ () C:\Windows\setupact.log
2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log
2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk
2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url
2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url
2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan
2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword
2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos
2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure
2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp
2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP
2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek
2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software
2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder
2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner
2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt
2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout
2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software
2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload
2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit
2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo
2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo
2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo
2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo
2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus
2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus
2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg
2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno
2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel
2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG
2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine
2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore
2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software
2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor
2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live
2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
Some content of TEMP:
====================
C:\Users\Tomek\AppData\Local\Temp\avgnt.exe
C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll
C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tomek\AppData\Local\Temp\Java.exe
C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe
C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tomek\AppData\Local\Temp\Uni000.exe
C:\Users\Tomek\AppData\Local\Temp\uninst1.exe
C:\Users\Tomek\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 00:06
==================== End Of Log ============================
--- --- --- |
|
11.03.2014, 14:01
| #6 |
| /// the machine /// TB-Ausbilder | Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles hi, Scan mit Combofix
__________________ --> Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles |
|
| Themen zu Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles |
| adobe, antivir, asus, auswertung, avira, bonjour, crypt, defender, desktop, dllhost.exe, down, explorer.exe, gmer log auswertung, google, harddisk, i8042prt.sys, logfile, logfiles, lsass.exe, malwarebytes, microsoft fix it, mozilla, msiexec.exe, scan, software, stick, system, temp, wmp |
WARNUNG an die MITLESER: 
Linear-Darstellung
