Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Groupon Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2013, 19:34   #1
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hallo allerseits,

ich habe gestern auch diese Email bekommen und habe innerhalb von Outlook den zip-Ordner geöffnet. Ich bin mir aber nicht mehr sicher, ob ich die auszuführende Datei geöffnet habe oder nicht.

Ich habe mit Avira gescant und einige Funde gehabt. Ich habe auch mit Malwarebytes, OTL und GMER gescannt.

Ich bitte euch um Hilfe.

MfG

Igor

Hier ist das Ergebnis von Avira:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 8. März 2013  17:50


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : IGOR-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.3185    47702 Bytes  30.01.2013 10:05:00
AVSCAN.EXE     : 13.6.0.584    640224 Bytes  12.02.2013 16:14:21
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  11.12.2012 22:03:56
LUKE.DLL       : 13.6.0.602     67808 Bytes  12.02.2013 16:14:30
AVSCPLR.DLL    : 13.6.0.628     94432 Bytes  06.02.2013 06:33:13
AVREG.DLL      : 13.6.0.600    250592 Bytes  06.02.2013 06:33:13
avlode.dll     : 13.6.2.624    434912 Bytes  06.02.2013 06:33:14
avlode.rdf     : 13.0.0.38      15231 Bytes  13.02.2013 15:22:53
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 16:55:29
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 20:51:05
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 20:51:05
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 20:51:05
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 20:51:05
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 20:51:05
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 20:51:05
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 04:19:09
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 08:12:10
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 15:22:50
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 14:54:54
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 15:32:12
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 21:31:30
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 16:42:50
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 17:56:46
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 10:37:52
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 16:33:25
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 19:11:11
VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 15:41:24
VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 17:09:40
VBASE027.VDF   : 7.11.63.211   212480 Bytes  06.03.2013 12:42:47
VBASE028.VDF   : 7.11.64.21    198656 Bytes  08.03.2013 13:30:37
VBASE029.VDF   : 7.11.64.22      2048 Bytes  08.03.2013 13:30:38
VBASE030.VDF   : 7.11.64.23      2048 Bytes  08.03.2013 13:30:38
VBASE031.VDF   : 7.11.64.32     10752 Bytes  08.03.2013 13:30:39
Engineversion  : 8.2.12.14 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL   : 8.1.4.96      471420 Bytes  08.03.2013 13:30:55
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 20:14:27
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 21:30:25
AEPACK.DLL     : 8.3.2.0       827767 Bytes  08.03.2013 13:30:55
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 13:30:54
AEHEUR.DLL     : 8.1.4.236    5833081 Bytes  08.03.2013 13:30:54
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 14:52:32
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 17:50:22
AEEXP.DLL      : 8.4.0.10      192886 Bytes  08.03.2013 13:30:55
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 16:42:50
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  12.02.2013 16:14:15
AVPREF.DLL     : 13.6.0.480     51056 Bytes  12.02.2013 16:14:21
AVREP.DLL      : 13.6.0.480    178544 Bytes  06.02.2013 06:33:13
AVARKT.DLL     : 13.6.0.624    260832 Bytes  12.02.2013 16:14:19
AVEVTLOG.DLL   : 13.6.0.600    167648 Bytes  12.02.2013 16:14:20
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  12.02.2013 16:14:22
NETNT.DLL      : 13.6.0.480     16240 Bytes  12.02.2013 16:14:30
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  11.12.2012 22:03:53
RCTEXT.DLL     : 13.6.0.480     68976 Bytes  12.02.2013 16:14:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Freitag, 8. März 2013  17:50

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_287.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_287.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_FATIGBU.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMARTInk.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMARTBoardService.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'FUFAXSTM.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'sm56hlpr.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpAgent.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMARTHelperService.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSVC.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpHostW.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WacomTouchService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AtService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3126' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2b01f41d-6cf702c2
    [0] Archivtyp: ZIP
    --> hw.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
    --> test.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
    --> test2.class
        [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.OS
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7e390107-486ac018
    [0] Archivtyp: ZIP
    --> ewjvaiwebvhtuai124a.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
    --> test.class
        [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden

Beginne mit der Desinfektion:
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7e390107-486ac018
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d39e01.qua' verschoben!
C:\Users\Igor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2b01f41d-6cf702c2
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.OS
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e43b1a3.qua' verschoben!


Ende des Suchlaufs: Freitag, 8. März 2013  19:48
Benötigte Zeit:  1:54:28 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  26490 Verzeichnisse wurden überprüft
 1039728 Dateien wurden geprüft
      5 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1039723 Dateien ohne Befall
  11695 Archive wurden durchsucht
      5 Warnungen
      3 Hinweise
 695692 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         

Hier ist das Ergebnis von

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.08.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Igor :: IGOR-PC [Administrator]

Schutz: Aktiviert

08.03.2013 20:06:35
mbam-log-2013-03-08 (20-06-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203296
Laufzeit: 6 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Hier ist das Ergebnis von OTL:

Code:
ATTFilter
OTL logfile created on: 08.03.2013 20:18:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Igor\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,37% Memory free
5,87 Gb Paging File | 4,37 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 133,69 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
 
Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Igor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
PRC - C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies)
PRC - C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WacomTouchService.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SMARTHelperService) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (WacomTouchService) -- C:\Windows\System32\WacomTouchService.exe ()
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (StarOpen) --  File not found
DRV - (a904vk49) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (wacomhidfilter) -- C:\Windows\System32\drivers\wacomhidfilter.sys (Wacom Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes,DefaultScope = {C1A4511A-C963-4E44-A47E-977FBE201AA4}
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{C1A4511A-C963-4E44-A47E-977FBE201AA4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{F6BAB714-EFC8-4CCA-A045-5564D39015F8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.10.23 17:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.28 18:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.28 18:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 20:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 20:28:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.10.23 17:01:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 20:28:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 20:28:20 | 000,000,000 | ---D | M]
 
[2010.05.09 16:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Extensions
[2013.03.07 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Firefox\Profiles\xsu45c8k.default\extensions
[2013.03.07 19:20:47 | 000,013,878 | ---- | M] () (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2011.08.03 19:02:41 | 000,083,618 | ---- | M] () -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\searchplugins\canoonet.xml
[2013.02.27 20:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.27 20:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.27 20:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.27 20:28:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.28 16:32:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 19:53:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.03.28 16:32:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.28 16:32:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.28 16:32:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.28 16:32:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [EPSON BX620FWD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [Epson Stylus Office BX620FWD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093BF58E-1AED-4338-B93C-59B3F257B0D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA3D1E6-CC7F-4DD5-9C4E-53539239BEFF}: DhcpNameServer = 10.101.226.2 195.37.105.57 195.37.105.58
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4aec2c18-699a-11df-85fc-001e37e60a30}\Shell - "" = AutoRun
O33 - MountPoints2\{4aec2c18-699a-11df-85fc-001e37e60a30}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{51a660a8-bfdf-11de-81ed-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{51a660a8-bfdf-11de-81ed-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe "start.pdf"
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 20:16:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe
[2013.03.08 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Roaming\Malwarebytes
[2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.08 18:31:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.08 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.02 16:42:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.02 16:42:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.02 16:42:00 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.02 16:42:00 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.02 16:42:00 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.02 16:41:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.02 16:41:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.02 16:41:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.02 16:41:55 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.02 16:41:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.02 16:41:54 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.02 16:41:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.02 16:41:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.02 16:41:52 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.02 16:41:52 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.02 16:41:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.02 16:41:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.02 16:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.02 16:41:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.02 16:41:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.02 16:41:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.01 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\Igor\Documents\Command and Conquer Generals Data
[2013.02.27 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.19 07:14:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.19 07:14:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.19 07:14:12 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.19 07:13:54 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.19 07:13:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.17 20:50:03 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.17 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.02.17 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.02.17 20:47:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2013.02.17 20:47:31 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2013.02.17 20:47:31 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2013.02.17 20:47:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2013.02.17 20:46:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2013.02.17 20:45:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013.02.17 20:43:36 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Local\Windows Live
[2013.02.17 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.08 20:16:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe
[2013.03.08 17:39:55 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 17:39:55 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.08 17:32:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.08 17:32:08 | 2364,493,824 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 06:14:35 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 06:14:35 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 06:14:35 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 06:14:35 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.24 22:27:11 | 000,003,077 | ---- | M] () -- C:\Users\Igor\.recently-used.xbel
[2013.02.19 17:37:46 | 000,445,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.17 20:49:26 | 000,000,020 | ---- | M] () -- C:\Windows\´ó
[2013.02.07 18:48:19 | 000,001,013 | ---- | M] () -- C:\Users\Igor\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.24 22:27:11 | 000,003,077 | ---- | C] () -- C:\Users\Igor\.recently-used.xbel
[2013.02.17 20:49:48 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.17 20:49:32 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.17 20:49:25 | 000,000,020 | ---- | C] () -- C:\Windows\´ó
[2013.01.06 21:11:43 | 000,000,092 | ---- | C] () -- C:\Users\Igor\de.pws
[2013.01.06 21:11:43 | 000,000,025 | ---- | C] () -- C:\Users\Igor\de.prepl
[2012.11.17 21:02:24 | 000,000,728 | ---- | C] () -- C:\Users\Igor\.tracker.prefs
[2012.11.17 21:02:24 | 000,000,158 | ---- | C] () -- C:\Users\Igor\.tracker_starter.prefs
[2012.04.10 14:22:33 | 000,004,096 | -H-- | C] () -- C:\Users\Igor\AppData\Local\keyfile3.drm
[2011.11.11 20:54:50 | 000,077,216 | ---- | C] () -- C:\ProgramData\dudenbib.wav
[2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.01 13:03:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.14 19:18:15 | 000,000,173 | ---- | C] () -- C:\Users\Igor\AppData\Local\msmathematics.qat.Igor
[2011.03.27 20:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2010.12.12 23:18:12 | 000,006,238 | ---- | C] () -- C:\Users\Igor\.emacs
[2010.12.12 12:37:02 | 000,004,752 | ---- | C] () -- C:\Users\Igor\%backup%~
[2010.11.27 15:02:12 | 000,011,376 | ---- | C] () -- C:\Users\Igor\gsview32.ini
[2009.11.22 13:46:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.23 17:41:33 | 000,007,597 | ---- | C] () -- C:\Users\Igor\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 08.03.2013 20:18:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Igor\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,37% Memory free
5,87 Gb Paging File | 4,37 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 133,69 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
 
Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F85F9-F6C2-489E-B5F6-F059582E205B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0AA4DB48-8344-48F7-AAAF-746E6F6B204C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D29FD02-2170-4510-988C-4432F2ECFE28}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0D3FB491-AE9F-4A1A-97DE-0F41A621021C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1202045F-1670-42B8-BDC5-4390D4F43CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1447A0D3-D3A0-4294-AD91-E132D662BFEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{19CA0F7B-EF88-4D05-A5AB-08C02FB26DF5}" = lport=57564 | protocol=6 | dir=in | name=pando media booster | 
"{1BD286D5-DBE8-4C30-8EE7-A3E6082EDF7A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1FC037D1-993A-45E9-ABD4-D64FF9EF1156}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3A239A87-19E0-4E2D-8F5C-039604C8F260}" = lport=57564 | protocol=17 | dir=in | name=pando media booster | 
"{3AEDD7A0-1658-4362-A64C-5C62C47DED1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{43090ACE-CBCE-44D7-B636-B323A9394FA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44173BC3-4361-4AE2-AD4A-3D5A86500F61}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5769F108-41DE-4B9F-905D-41E2CDB16338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B0E2238-1C56-4AF5-A3C3-461BB9E20045}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5E6EA0A3-4152-440E-92E2-97A56CFAE187}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6241E64B-9D0A-4AB6-83CC-E15A88852A2B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6760D11F-C7AE-4176-BC39-139E919C26E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EC0457B-9F65-488A-91B2-56280D1A8382}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73E57006-B439-45B0-9525-24D5F46B5288}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78B96770-22BC-43DD-AEC8-A25D1C183765}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7FB31C95-A88E-4117-BCD4-575B116FA2E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B9EAE3C-C259-462F-8727-F6A1676400E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1C9BBD1-DFB3-4526-B559-4DAE25FA3F0F}" = lport=57564 | protocol=6 | dir=in | name=pando media booster | 
"{B6E0F417-F2F0-4BFB-8923-14008B180101}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C38D9235-6984-4DAD-AF62-9C3FBDC3B411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4D23DFE-E827-4B36-AD16-3E1885D1C4FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5DDC500-E7F1-4BBA-A60F-BC39D10F674F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DF08E3B9-BF5C-4491-9B43-1C662E6992C5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0ADB5E8-2273-45CF-B4B9-7B5B8AEF56CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E28E3BF1-E553-4412-88F9-B2A87B102F51}" = lport=57564 | protocol=17 | dir=in | name=pando media booster | 
"{E4D36BDC-9A4B-4D8A-8D19-7C28B976634F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8262ACF-1751-4772-ABFE-CD6A4BFE747C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F679990A-86BB-4467-A911-3C8ED04F926C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6ED9EE7-A789-4F3D-AD79-5214A3E1D789}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FD4F0353-8549-4E0A-BA66-4A12FCBF7FF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDD139F-E63A-47C4-AF3F-E7F37F6D43E7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FFADB0A4-6BE0-4BFC-AED4-DA92218B77BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2AB06-045E-4BDB-B399-FF43B8F15CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{09DCCF43-6262-4829-A4A7-1AE84C2ACC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D0C3B50-3D12-405E-BE2D-561778FD4B8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{186A868F-86C8-420F-8E55-0532B0694351}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{190EDF58-1F1B-414F-B890-EF702C1D015C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{22314404-3E01-41C6-8D4E-688C6335A8D8}" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37B4D08A-9922-440E-BD60-FCB367AA9A15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B4852A3-3597-4688-902A-7C51410164AC}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{3C4DCFA1-899C-4C46-9962-45F056431CAC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{44625ADC-0E0C-4800-B315-21641C8A3256}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4490890B-5D69-431E-8006-915DDC303F12}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{44CC8D88-A984-4D8E-B512-6B0A5F1D87A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4551E1FB-BBC3-450E-BCE2-D277D1567979}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5171A404-C177-4121-BD90-899F1FBFC010}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{5C455617-CEEF-4C32-8188-887991DF1B80}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{675B006A-3150-4323-8965-6016A1E2B4B3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{6F155868-3659-452C-A8AD-13C2FC6BA0E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F68DB9F-7681-43CE-B099-59B9C95EA749}" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71631A15-B5D7-43EF-BB12-9CDCAD6B994F}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{7F796A07-1FDE-4DCD-A80E-981962C7B30C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{872CC69D-31E2-4113-8380-95B16E4305A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F73A066-985E-4091-8003-700D9A6CF324}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9928BEE0-CE22-4DF5-857B-519D4DD38E95}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A21CF4AF-C77D-4DFA-81ED-62896DB9021B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3DCEC63-CC45-4F61-800E-0B40AA5821EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4BD0E16-A564-45E4-90E6-5725F7B5C13C}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{C61EEE58-EFB8-4FEF-8594-88E4961A00CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CA25BD42-339F-4821-8BF3-AEE06F255E65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D4801106-4164-4E72-8537-3D8DEC877290}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{D6B01AB3-A777-49B1-A4E0-CB820220DC58}" = protocol=6 | dir=out | app=system | 
"{D955A1C8-6306-4092-88DE-5B009120221B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6126F2F-2547-46E8-B564-239D5B7A61B6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E9608FBC-5A66-4FE4-AAC1-6055FC80F988}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EC84660A-2584-4885-B5A2-AF5EF03A6E8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8C579E2-AE8A-44B9-8F38-3A29CE4AA687}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F9AB2436-6B05-4007-BE31-2AED5B94FB7D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{072F5813-3DEC-4513-BA29-A841BE2206C9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{091A6AE5-9A20-4A2D-90EF-A127933963E0}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{2AF4A1DC-9541-483D-98C2-1BE9DDE5C0E8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{7D48AF3B-DC0D-4AA7-9CB3-1A92C12C317F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{9528AEA3-5D1D-4FF8-879C-C0AE1D0BB0C3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{953015BA-F94C-4FA0-94BD-C94EED6A8B38}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=6 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe | 
"TCP Query User{9A289E63-0482-4DA4-87FB-FA3DC447547F}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat | 
"TCP Query User{9EA6B18C-97D5-4808-BDC6-59629E01B420}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat | 
"TCP Query User{9F771E8B-A6C0-4956-A8EF-6BEF500951B5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A190202C-9E3B-469A-8711-78E9639FEAA4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{BE20BA8C-241F-4CF6-B4DA-E434543A7942}C:\program files\smart technologies\education software\ucgui.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"TCP Query User{BF0CB885-A42D-482D-AB8B-0B3F40DABAB9}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C2BCB147-8B51-4EB6-BBE4-56F07993506E}C:\program files\smart technologies\education software\ucservice.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"TCP Query User{EEC0C0F9-4D0E-4B13-8C1C-11FDE515452C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{010400A7-2DFB-4272-B1D9-664E791CABB9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1EA94CF8-9984-46C1-937A-51D491A2A14F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{36330053-17EA-48E3-B087-D05B016C268D}C:\program files\smart technologies\education software\ucgui.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"UDP Query User{378AF4B2-4B1E-4166-8332-CF3F1A834AF7}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat | 
"UDP Query User{3F359682-E718-401F-8BA3-DD6D7BB9AA4C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4B8CC75A-1EC1-416A-876F-7C3ADD7DB68A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{4F49CA8E-2953-4691-9004-444593412713}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{500E311C-BFC0-4450-8F30-434270E188D5}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=17 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe | 
"UDP Query User{5037AF2A-D88D-4429-981B-A5D108A58AF4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{9B05C9E4-FE89-4CEA-93F9-4CD41179B5CE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{B0420676-43FD-48BB-BCCB-93370DC16805}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{BCA7018A-E411-4075-99E3-185AE478A83F}C:\program files\smart technologies\education software\ucservice.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"UDP Query User{D7AB14EB-AE64-4934-B7C7-A691547F4973}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FA04828C-8C1F-4DE9-8456-C29751153F5B}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}" = Adobe Flash Player 10 ActiveX
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D7C895F6-7BD7-41F9-94F8-4FCD50F2F771}_is1" = myFuNe 2.0
"{D9D5A07A-F299-4741-BFE6-302324CC0BD7}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.12 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Derive 6" = Derive 6
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"GeoGebra 4.2" = GeoGebra 4.2
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OSP Tracker" = Tracker
"Pen Tablet Driver" = Stifttablett
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Inkscape" = Inkscape 0.48.1 
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2011 05:49:30 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2011 05:49:30 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2011 06:16:49 | Computer Name = Igor-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Fingerprint
 Sensor\Drivers\DPinst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.06.2011 06:18:50 | Computer Name = Igor-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\fingerprint
 sensor\Drivers\DPinst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.06.2011 15:31:00 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.06.2011 15:31:00 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.06.2011 03:29:41 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.06.2011 03:29:41 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.06.2011 03:28:23 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.06.2011 03:28:23 | Computer Name = Igor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ DigitalPersona Pro Events ]
Error - 08.04.2012 10:00:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:35:54 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:35:58 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:36:05 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:36:09 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 17.07.2012 03:21:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ OSession Events ]
Error - 19.12.2012 22:27:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 22:31:16 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 22:34:14 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 22:35:22 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 48
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 23:01:25 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.01.2013 08:09:31 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.01.2013 08:11:06 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 65
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 08.01.2013 04:49:12 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 480
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 08.01.2013 04:55:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 356
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 15.01.2013 11:24:46 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 67
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.01.2013 02:46:41 | Computer Name = Igor-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 21.01.2013 13:20:09 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SSDP-Suche erreicht.
 
Error - 21.01.2013 13:20:09 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 08.02.2013 19:13:39 | Computer Name = Igor-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.02.2013 11:08:42 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ATService erreicht.
 
Error - 22.02.2013 07:36:27 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 22.02.2013 09:55:24 | Computer Name = Igor-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ATService erreicht.
 
Error - 27.02.2013 08:18:56 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 01.03.2013 04:35:51 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 01.03.2013 06:47:25 | Computer Name = Igor-PC | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >
         
Hier ist das Ergebnis von gmer:

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 21:06:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000078 WDC_WD25 rev.01.0 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Igor\AppData\Local\Temp\kxldrpob.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                            830879E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              830C11C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spjb.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x91E03340, 0x3EE217, 0xE8000020]

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              865CF1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{093BF58E-1AED-4338-B93C-59B3F257B0D2}                                            86BFC500

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys

Device          \Driver\volmgr \Device\VolMgrControl                                                                                859141F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{ECA3D1E6-CC7F-4DD5-9C4E-53539239BEFF}                                            86BFC500
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86C971F8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    86C671F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              859141F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              859141F8
Device          \Driver\cdrom \Device\CdRom0                                                                                        86B901F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         865CC1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  865CC1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  865CC1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             86BFC500
Device          \Driver\nvstor \Device\00000078                                                                                     865CD1F8
Device          \Driver\nvstor \Device\RaidPort0                                                                                    865CD1F8
Device          \Driver\PCI_PNP5504 \Device\0000006a                                                                                spjb.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86C971F8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    86C671F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{5B7C4E9E-2284-4DE2-A89D-B29246B9CD88}                                            86BFC500
Device          \Driver\a904vk49 \Device\Scsi\a904vk491                                                                             86D691F8
Device          \Driver\sptd \Device\1952413504                                                                                     spjb.sys

---- Trace I/O - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x865cd1f8]<<                                   865cd1f8
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868aa030]                                                             868aa030
Trace           3 CLASSPNP.SYS[8b98559e] -> nt!IofCallDriver -> [0x866bf738]                                                        866bf738
Trace           5 ACPI.sys[8b35b3d4] -> nt!IofCallDriver -> \Device\00000078[0x8664f030]                                            8664f030
Trace           \Driver\nvstor[0x866631d0] -> IRP_MJ_CREATE -> 0x865cd1f8                                                           865cd1f8

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e37e60a30                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e37e60a30@001a1b1c1bfe                            0x02 0x32 0x71 0x77 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA7 0x15 0xFE 0x80 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x62 0x92 0x2F 0x23 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x37 0xD0 0xC2 0x30 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x82 0x9E 0x60 0xD3 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e37e60a30 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e37e60a30@001a1b1c1bfe                                0x02 0x32 0x71 0x77 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC2 0x6E 0xF5 0x95 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x62 0x92 0x2F 0x23 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x37 0xD0 0xC2 0x30 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x82 0x9E 0x60 0xD3 ...

---- EOF - GMER 2.1 ----
         

Geändert von IgorS (08.03.2013 um 20:18 Uhr)

Alt 10.03.2013, 08:40   #2
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Es würde mich sehr interessieren, ob ich den Trojaner überhaupt aktiviert habe. Bislang habe ich nämlich keine Aktivitäten des Trojaners gemerkt.

Ich danke schon mal im Voraus für die Hilfe.
__________________


Alt 11.03.2013, 19:39   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Hallo und

Zitat:
Plattform : Windows 7 Professional
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
__________________

Alt 11.03.2013, 20:30   #4
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hallo und danke für deine Antwort!

Zitat:
Zitat von cosinus Beitrag anzeigen
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
Das ist mein privater Laptop, den ich auch für meine Arbeit benutze. Ich hatte früher Vista drauf und konnte zur Studienzeit kostenlos über die Uni diese Version von Windows 7 erhalten. Ich habe mir dabei nichts gedacht.


Zitat:
Zitat von cosinus Beitrag anzeigen
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520
Der letzte Malwarebytes-Log ist oben angezeigt. Die früheren Malwarebytes-Logs haben auch nichts angezeigt gehabt. Nur Avira zeigt irgendwelche 5 Funde in dem oben gezeigten Log an.

Ansonsten habe ich keine weiteren Logs außer die schon oben geposteten.

Wie gesagt, ich habe den zip-Ordner der Fake-Groupon-Email geöffnet, kann mich aber nicht mehr erinnern, ob ich die darin befindliche DOS-...-Datei, wie bei der auftauchenden Warnung (glaube ich) genannt, tatsächlich geöffnet habe.

Ich mache gerne weitere Log mit anderen Virenscaner (Empfehlung?), wenn das helfen kann, den "Schädling" zu finden bzw. evtl. sicher zu gehen, dass keiner da ist.

Alt 12.03.2013, 09:01   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 16:31   #6
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hier ist der Log von MBAR (kein Fund gewesen):

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Igor :: IGOR-PC [administrator]

12.03.2013 16:25:53
mbar-log-2013-03-12 (16-25-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29190
Time elapsed: 13 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
---------------------------------------------

Der Scan von aswMBR wurde unterbrochen. Hier die Fehlermeldung:
(siehe Anhang)

Nach Trennung von Internetverbindung und dem Abschalten von Antiviren-Programmen habe ich erneut versucht, zu scanen. Es tauchte aber nach einer Zeit wieder diese Fehlermeldung auf.

---------------------------------------------

Die Log-Datei von TDSS-Killer:

Code:
ATTFilter
17:11:26.0014 4672  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:11:26.0294 4672  ============================================================
17:11:26.0294 4672  Current date / time: 2013/03/12 17:11:26.0294
17:11:26.0294 4672  SystemInfo:
17:11:26.0294 4672  
17:11:26.0294 4672  OS Version: 6.1.7601 ServicePack: 1.0
17:11:26.0294 4672  Product type: Workstation
17:11:26.0294 4672  ComputerName: IGOR-PC
17:11:26.0294 4672  UserName: Igor
17:11:26.0294 4672  Windows directory: C:\Windows
17:11:26.0294 4672  System windows directory: C:\Windows
17:11:26.0294 4672  Processor architecture: Intel x86
17:11:26.0294 4672  Number of processors: 2
17:11:26.0294 4672  Page size: 0x1000
17:11:26.0294 4672  Boot type: Normal boot
17:11:26.0294 4672  ============================================================
17:11:28.0004 4672  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:11:28.0004 4672  ============================================================
17:11:28.0004 4672  \Device\Harddisk0\DR0:
17:11:28.0004 4672  MBR partitions:
17:11:28.0004 4672  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:11:28.0004 4672  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
17:11:28.0004 4672  ============================================================
17:11:28.0024 4672  C: <-> \Device\Harddisk0\DR0\Partition2
17:11:28.0024 4672  ============================================================
17:11:28.0024 4672  Initialize success
17:11:28.0024 4672  ============================================================
17:13:42.0713 5992  ============================================================
17:13:42.0713 5992  Scan started
17:13:42.0713 5992  Mode: Manual; SigCheck; TDLFS; 
17:13:42.0713 5992  ============================================================
17:13:43.0056 5992  ================ Scan system memory ========================
17:13:43.0056 5992  System memory - ok
17:13:43.0056 5992  ================ Scan services =============================
17:13:43.0352 5992  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:13:43.0493 5992  1394ohci - ok
17:13:43.0555 5992  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:13:43.0586 5992  ACPI - ok
17:13:43.0633 5992  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:13:43.0695 5992  AcpiPmi - ok
17:13:43.0836 5992  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:13:43.0851 5992  AdobeARMservice - ok
17:13:43.0914 5992  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:43.0945 5992  adp94xx - ok
17:13:43.0976 5992  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:13:44.0007 5992  adpahci - ok
17:13:44.0023 5992  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:13:44.0054 5992  adpu320 - ok
17:13:44.0085 5992  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:13:44.0163 5992  AeLookupSvc - ok
17:13:44.0226 5992  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:13:44.0319 5992  AFD - ok
17:13:44.0351 5992  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:13:44.0382 5992  agp440 - ok
17:13:44.0413 5992  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:13:44.0444 5992  aic78xx - ok
17:13:44.0491 5992  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:13:44.0538 5992  ALG - ok
17:13:44.0585 5992  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:13:44.0616 5992  aliide - ok
17:13:44.0647 5992  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:13:44.0694 5992  amdagp - ok
17:13:44.0756 5992  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:13:44.0787 5992  amdide - ok
17:13:44.0834 5992  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:13:44.0881 5992  AmdK8 - ok
17:13:44.0912 5992  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:13:44.0959 5992  AmdPPM - ok
17:13:45.0021 5992  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:13:45.0037 5992  amdsata - ok
17:13:45.0084 5992  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:45.0099 5992  amdsbs - ok
17:13:45.0131 5992  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:13:45.0146 5992  amdxata - ok
17:13:45.0240 5992  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:13:45.0255 5992  AntiVirSchedulerService - ok
17:13:45.0302 5992  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:13:45.0333 5992  AntiVirService - ok
17:13:45.0380 5992  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:13:45.0411 5992  AppID - ok
17:13:45.0443 5992  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:13:45.0505 5992  AppIDSvc - ok
17:13:45.0536 5992  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:13:45.0583 5992  Appinfo - ok
17:13:45.0630 5992  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:13:45.0677 5992  AppMgmt - ok
17:13:45.0708 5992  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:13:45.0723 5992  arc - ok
17:13:45.0739 5992  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:13:45.0770 5992  arcsas - ok
17:13:45.0801 5992  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:45.0957 5992  AsyncMac - ok
17:13:46.0004 5992  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:13:46.0035 5992  atapi - ok
17:13:46.0145 5992  [ 4FEE29D288226C9252E49A3277F025C3 ] ATService       C:\Program Files\Fingerprint Sensor\AtService.exe
17:13:46.0285 5992  ATService - ok
17:13:46.0316 5992  [ 53FF3096D5D9AE2A75C16703A9819965 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
17:13:46.0394 5992  ATSwpWDF - ok
17:13:46.0457 5992  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:13:46.0519 5992  AudioEndpointBuilder - ok
17:13:46.0535 5992  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:13:46.0581 5992  Audiosrv - ok
17:13:46.0628 5992  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:13:46.0659 5992  avgntflt - ok
17:13:46.0706 5992  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:13:46.0722 5992  avipbb - ok
17:13:46.0769 5992  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:13:46.0784 5992  avkmgr - ok
17:13:46.0847 5992  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:13:46.0940 5992  AxInstSV - ok
17:13:47.0003 5992  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:13:47.0081 5992  b06bdrv - ok
17:13:47.0112 5992  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:13:47.0143 5992  b57nd60x - ok
17:13:47.0252 5992  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
17:13:47.0315 5992  BCM43XX - ok
17:13:47.0346 5992  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:13:47.0377 5992  BDESVC - ok
17:13:47.0408 5992  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:13:47.0455 5992  Beep - ok
17:13:47.0517 5992  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:13:47.0595 5992  BFE - ok
17:13:47.0658 5992  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:13:47.0767 5992  BITS - ok
17:13:47.0814 5992  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:47.0845 5992  blbdrive - ok
17:13:47.0876 5992  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:13:47.0939 5992  bowser - ok
17:13:47.0970 5992  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:48.0048 5992  BrFiltLo - ok
17:13:48.0063 5992  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:48.0095 5992  BrFiltUp - ok
17:13:48.0141 5992  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:13:48.0188 5992  Browser - ok
17:13:48.0204 5992  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:13:48.0266 5992  Brserid - ok
17:13:48.0297 5992  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:48.0344 5992  BrSerWdm - ok
17:13:48.0360 5992  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:48.0391 5992  BrUsbMdm - ok
17:13:48.0407 5992  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:48.0438 5992  BrUsbSer - ok
17:13:48.0485 5992  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:13:48.0594 5992  BthEnum - ok
17:13:48.0625 5992  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:48.0656 5992  BTHMODEM - ok
17:13:48.0687 5992  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:13:48.0703 5992  BthPan - ok
17:13:48.0750 5992  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:13:48.0843 5992  BTHPORT - ok
17:13:48.0875 5992  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:13:48.0937 5992  bthserv - ok
17:13:48.0968 5992  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:13:48.0999 5992  BTHUSB - ok
17:13:49.0031 5992  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:13:49.0077 5992  cdfs - ok
17:13:49.0124 5992  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:13:49.0155 5992  cdrom - ok
17:13:49.0218 5992  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:13:49.0311 5992  CertPropSvc - ok
17:13:49.0343 5992  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:13:49.0374 5992  circlass - ok
17:13:49.0405 5992  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:13:49.0436 5992  CLFS - ok
17:13:49.0499 5992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:49.0530 5992  clr_optimization_v2.0.50727_32 - ok
17:13:49.0623 5992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:49.0655 5992  clr_optimization_v4.0.30319_32 - ok
17:13:49.0686 5992  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:49.0701 5992  CmBatt - ok
17:13:49.0748 5992  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:13:49.0764 5992  cmdide - ok
17:13:49.0811 5992  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:13:49.0889 5992  CNG - ok
17:13:49.0951 5992  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:13:50.0029 5992  Com4QLBEx - ok
17:13:50.0060 5992  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:13:50.0076 5992  Compbatt - ok
17:13:50.0123 5992  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:13:50.0138 5992  CompositeBus - ok
17:13:50.0169 5992  COMSysApp - ok
17:13:50.0185 5992  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:50.0201 5992  crcdisk - ok
17:13:50.0247 5992  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:13:50.0310 5992  CryptSvc - ok
17:13:50.0341 5992  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
17:13:50.0403 5992  CSC - ok
17:13:50.0466 5992  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
17:13:50.0559 5992  CscService - ok
17:13:50.0591 5992  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:13:50.0637 5992  DcomLaunch - ok
17:13:50.0669 5992  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:13:50.0715 5992  defragsvc - ok
17:13:50.0762 5992  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:13:50.0809 5992  DfsC - ok
17:13:50.0887 5992  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:13:50.0934 5992  Dhcp - ok
17:13:50.0949 5992  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:13:50.0996 5992  discache - ok
17:13:51.0027 5992  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:13:51.0059 5992  Disk - ok
17:13:51.0090 5992  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:13:51.0137 5992  Dnscache - ok
17:13:51.0183 5992  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:13:51.0246 5992  dot3svc - ok
17:13:51.0293 5992  [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
17:13:51.0386 5992  DpHost ( UnsignedFile.Multi.Generic ) - warning
17:13:51.0386 5992  DpHost - detected UnsignedFile.Multi.Generic (1)
17:13:51.0433 5992  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:13:51.0495 5992  DPS - ok
17:13:51.0527 5992  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:13:51.0558 5992  drmkaud - ok
17:13:51.0620 5992  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:13:51.0683 5992  DXGKrnl - ok
17:13:51.0729 5992  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:13:51.0776 5992  EapHost - ok
17:13:51.0932 5992  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:13:52.0104 5992  ebdrv - ok
17:13:52.0135 5992  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:13:52.0182 5992  EFS - ok
17:13:52.0244 5992  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:13:52.0322 5992  ehRecvr - ok
17:13:52.0353 5992  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:13:52.0431 5992  ehSched - ok
17:13:52.0509 5992  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:13:52.0587 5992  elxstor - ok
17:13:52.0681 5992  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
17:13:52.0697 5992  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
17:13:52.0697 5992  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
17:13:52.0728 5992  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:13:52.0759 5992  ErrDev - ok
17:13:52.0790 5992  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:13:52.0853 5992  EventSystem - ok
17:13:52.0884 5992  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:13:52.0931 5992  exfat - ok
17:13:52.0946 5992  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:13:52.0977 5992  fastfat - ok
17:13:53.0040 5992  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:13:53.0165 5992  Fax - ok
17:13:53.0211 5992  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:13:53.0227 5992  fdc - ok
17:13:53.0243 5992  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:13:53.0289 5992  fdPHost - ok
17:13:53.0305 5992  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:13:53.0352 5992  FDResPub - ok
17:13:53.0383 5992  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:13:53.0399 5992  FileInfo - ok
17:13:53.0414 5992  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:13:53.0461 5992  Filetrace - ok
17:13:53.0570 5992  [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:13:53.0695 5992  FLEXnet Licensing Service - ok
17:13:53.0726 5992  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:53.0757 5992  flpydisk - ok
17:13:53.0789 5992  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:13:53.0820 5992  FltMgr - ok
17:13:53.0898 5992  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
17:13:53.0991 5992  FontCache - ok
17:13:54.0054 5992  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:13:54.0069 5992  FontCache3.0.0.0 - ok
17:13:54.0101 5992  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:13:54.0116 5992  FsDepends - ok
17:13:54.0163 5992  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:13:54.0179 5992  Fs_Rec - ok
17:13:54.0241 5992  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:13:54.0288 5992  fvevol - ok
17:13:54.0319 5992  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:54.0350 5992  gagp30kx - ok
17:13:54.0413 5992  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:13:54.0491 5992  gpsvc - ok
17:13:54.0506 5992  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:13:54.0553 5992  hcw85cir - ok
17:13:54.0615 5992  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:13:54.0662 5992  HdAudAddService - ok
17:13:54.0693 5992  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:13:54.0725 5992  HDAudBus - ok
17:13:54.0756 5992  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:54.0787 5992  HidBatt - ok
17:13:54.0803 5992  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:13:54.0849 5992  HidBth - ok
17:13:54.0881 5992  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:13:54.0896 5992  HidIr - ok
17:13:54.0927 5992  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:13:54.0974 5992  hidserv - ok
17:13:55.0037 5992  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:13:55.0052 5992  HidUsb - ok
17:13:55.0099 5992  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:13:55.0146 5992  hkmsvc - ok
17:13:55.0177 5992  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:13:55.0239 5992  HomeGroupListener - ok
17:13:55.0286 5992  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:13:55.0333 5992  HomeGroupProvider - ok
17:13:55.0380 5992  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:13:55.0411 5992  HpqKbFiltr - ok
17:13:55.0473 5992  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
17:13:55.0505 5992  HpqRemHid - ok
17:13:55.0551 5992  [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
17:13:55.0567 5992  hpqwmiex - ok
17:13:55.0598 5992  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:13:55.0629 5992  HpSAMD - ok
17:13:55.0692 5992  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:13:55.0754 5992  HTTP - ok
17:13:55.0801 5992  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:13:55.0817 5992  hwpolicy - ok
17:13:55.0848 5992  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:13:55.0879 5992  i8042prt - ok
17:13:55.0910 5992  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:13:55.0957 5992  iaStorV - ok
17:13:56.0051 5992  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:13:56.0160 5992  idsvc - ok
17:13:56.0191 5992  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:13:56.0222 5992  iirsp - ok
17:13:56.0285 5992  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:13:56.0363 5992  IKEEXT - ok
17:13:56.0503 5992  [ 202350C0055A39CFCA30B2942F7B10D2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:13:56.0581 5992  IntcAzAudAddService - ok
17:13:56.0612 5992  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:13:56.0643 5992  intelide - ok
17:13:56.0659 5992  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:13:56.0690 5992  intelppm - ok
17:13:56.0706 5992  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:13:56.0753 5992  IPBusEnum - ok
17:13:56.0784 5992  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:56.0831 5992  IpFilterDriver - ok
17:13:56.0893 5992  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:13:57.0018 5992  iphlpsvc - ok
17:13:57.0049 5992  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:13:57.0080 5992  IPMIDRV - ok
17:13:57.0096 5992  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:13:57.0158 5992  IPNAT - ok
17:13:57.0189 5992  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:13:57.0236 5992  IRENUM - ok
17:13:57.0267 5992  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:13:57.0283 5992  isapnp - ok
17:13:57.0330 5992  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:13:57.0361 5992  iScsiPrt - ok
17:13:57.0423 5992  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:13:57.0439 5992  kbdclass - ok
17:13:57.0470 5992  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:13:57.0501 5992  kbdhid - ok
17:13:57.0517 5992  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:13:57.0533 5992  KeyIso - ok
17:13:57.0579 5992  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:13:57.0595 5992  KSecDD - ok
17:13:57.0626 5992  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:13:57.0657 5992  KSecPkg - ok
17:13:57.0689 5992  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:13:57.0751 5992  KtmRm - ok
17:13:57.0767 5992  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:13:57.0845 5992  LanmanServer - ok
17:13:57.0876 5992  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:13:57.0923 5992  LanmanWorkstation - ok
17:13:58.0001 5992  [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:13:58.0032 5992  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:13:58.0032 5992  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:13:58.0063 5992  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:13:58.0125 5992  lltdio - ok
17:13:58.0157 5992  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:13:58.0203 5992  lltdsvc - ok
17:13:58.0219 5992  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:13:58.0250 5992  lmhosts - ok
17:13:58.0297 5992  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:13:58.0313 5992  LSI_FC - ok
17:13:58.0328 5992  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:13:58.0359 5992  LSI_SAS - ok
17:13:58.0375 5992  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:13:58.0391 5992  LSI_SAS2 - ok
17:13:58.0406 5992  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:13:58.0437 5992  LSI_SCSI - ok
17:13:58.0453 5992  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:13:58.0500 5992  luafv - ok
17:13:58.0547 5992  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:13:58.0562 5992  MBAMProtector - ok
17:13:58.0625 5992  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:13:58.0718 5992  MBAMScheduler - ok
17:13:58.0765 5992  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:13:58.0812 5992  MBAMService - ok
17:13:58.0843 5992  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:13:58.0874 5992  Mcx2Svc - ok
17:13:58.0890 5992  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:13:58.0905 5992  megasas - ok
17:13:58.0937 5992  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:13:58.0952 5992  MegaSR - ok
17:13:58.0983 5992  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:13:59.0030 5992  MMCSS - ok
17:13:59.0061 5992  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:13:59.0108 5992  Modem - ok
17:13:59.0171 5992  [ 25483F9D590D5F00BD951E1181453EC2 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
17:13:59.0202 5992  MODEMCSA - ok
17:13:59.0233 5992  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:13:59.0280 5992  monitor - ok
17:13:59.0311 5992  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:13:59.0327 5992  mouclass - ok
17:13:59.0358 5992  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:13:59.0389 5992  mouhid - ok
17:13:59.0436 5992  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:13:59.0451 5992  mountmgr - ok
17:13:59.0545 5992  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:13:59.0623 5992  MozillaMaintenance - ok
17:13:59.0654 5992  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:13:59.0685 5992  mpio - ok
17:13:59.0717 5992  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:13:59.0763 5992  mpsdrv - ok
17:13:59.0810 5992  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:13:59.0873 5992  MpsSvc - ok
17:13:59.0904 5992  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:13:59.0935 5992  MRxDAV - ok
17:13:59.0982 5992  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:00.0044 5992  mrxsmb - ok
17:14:00.0091 5992  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:00.0185 5992  mrxsmb10 - ok
17:14:00.0216 5992  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:00.0247 5992  mrxsmb20 - ok
17:14:00.0294 5992  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:14:00.0325 5992  msahci - ok
17:14:00.0372 5992  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:14:00.0403 5992  msdsm - ok
17:14:00.0419 5992  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:14:00.0465 5992  MSDTC - ok
17:14:00.0512 5992  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:14:00.0543 5992  Msfs - ok
17:14:00.0559 5992  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:14:00.0606 5992  mshidkmdf - ok
17:14:00.0637 5992  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:14:00.0668 5992  msisadrv - ok
17:14:00.0699 5992  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:14:00.0746 5992  MSiSCSI - ok
17:14:00.0746 5992  msiserver - ok
17:14:00.0777 5992  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:14:00.0809 5992  MSKSSRV - ok
17:14:00.0824 5992  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:00.0871 5992  MSPCLOCK - ok
17:14:00.0887 5992  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:14:00.0933 5992  MSPQM - ok
17:14:00.0965 5992  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:14:00.0980 5992  MsRPC - ok
17:14:01.0027 5992  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:14:01.0058 5992  mssmbios - ok
17:14:01.0074 5992  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:14:01.0105 5992  MSTEE - ok
17:14:01.0136 5992  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:01.0152 5992  MTConfig - ok
17:14:01.0167 5992  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:14:01.0199 5992  Mup - ok
17:14:01.0245 5992  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:14:01.0323 5992  napagent - ok
17:14:01.0370 5992  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:14:01.0448 5992  NativeWifiP - ok
17:14:01.0511 5992  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:14:01.0573 5992  NDIS - ok
17:14:01.0620 5992  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:01.0667 5992  NdisCap - ok
17:14:01.0682 5992  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:01.0729 5992  NdisTapi - ok
17:14:01.0776 5992  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:01.0823 5992  Ndisuio - ok
17:14:01.0869 5992  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:01.0916 5992  NdisWan - ok
17:14:01.0963 5992  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:14:01.0994 5992  NDProxy - ok
17:14:02.0010 5992  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:14:02.0057 5992  NetBIOS - ok
17:14:02.0103 5992  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:14:02.0166 5992  NetBT - ok
17:14:02.0181 5992  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:14:02.0197 5992  Netlogon - ok
17:14:02.0228 5992  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:14:02.0291 5992  Netman - ok
17:14:02.0322 5992  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:14:02.0369 5992  netprofm - ok
17:14:02.0415 5992  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:14:02.0447 5992  NetTcpPortSharing - ok
17:14:02.0478 5992  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:02.0509 5992  nfrd960 - ok
17:14:02.0556 5992  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:14:02.0649 5992  NlaSvc - ok
17:14:02.0696 5992  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:14:02.0743 5992  Npfs - ok
17:14:02.0743 5992  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:14:02.0790 5992  nsi - ok
17:14:02.0805 5992  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:14:02.0852 5992  nsiproxy - ok
17:14:02.0930 5992  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:14:03.0008 5992  Ntfs - ok
17:14:03.0039 5992  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:14:03.0086 5992  Null - ok
17:14:03.0117 5992  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
17:14:03.0164 5992  NVENETFD - ok
17:14:03.0414 5992  [ 05B288B25C2EBD9A4E9E5114AE790876 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:14:03.0632 5992  nvlddmkm - ok
17:14:03.0679 5992  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:14:03.0710 5992  nvraid - ok
17:14:03.0741 5992  [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
17:14:03.0804 5992  nvsmu - ok
17:14:03.0851 5992  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:14:03.0897 5992  nvstor - ok
17:14:03.0913 5992  [ E937A615D4289E83E234C3EC26092431 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:14:03.0960 5992  nvsvc - ok
17:14:03.0991 5992  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:14:04.0022 5992  nv_agp - ok
17:14:04.0131 5992  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:04.0178 5992  odserv - ok
17:14:04.0209 5992  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:14:04.0241 5992  ohci1394 - ok
17:14:04.0287 5992  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:04.0303 5992  ose - ok
17:14:04.0350 5992  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:14:04.0412 5992  p2pimsvc - ok
17:14:04.0443 5992  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:14:04.0521 5992  p2psvc - ok
17:14:04.0553 5992  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:14:04.0584 5992  Parport - ok
17:14:04.0631 5992  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:14:04.0646 5992  partmgr - ok
17:14:04.0662 5992  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:14:04.0677 5992  Parvdm - ok
17:14:04.0709 5992  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:14:04.0740 5992  PcaSvc - ok
17:14:04.0787 5992  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:14:04.0802 5992  pci - ok
17:14:04.0865 5992  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:14:04.0911 5992  pciide - ok
17:14:04.0943 5992  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:04.0974 5992  pcmcia - ok
17:14:05.0005 5992  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:14:05.0036 5992  pcw - ok
17:14:05.0099 5992  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:14:05.0177 5992  PEAUTH - ok
17:14:05.0239 5992  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:14:05.0333 5992  PeerDistSvc - ok
17:14:05.0411 5992  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:14:05.0504 5992  pla - ok
17:14:05.0567 5992  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:14:05.0645 5992  PlugPlay - ok
17:14:05.0660 5992  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:14:05.0691 5992  PNRPAutoReg - ok
17:14:05.0723 5992  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:14:05.0738 5992  PNRPsvc - ok
17:14:05.0769 5992  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:14:05.0816 5992  PolicyAgent - ok
17:14:05.0863 5992  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:14:05.0972 5992  Power - ok
17:14:06.0003 5992  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:14:06.0066 5992  PptpMiniport - ok
17:14:06.0081 5992  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:14:06.0113 5992  Processor - ok
17:14:06.0159 5992  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:14:06.0206 5992  ProfSvc - ok
17:14:06.0222 5992  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:14:06.0237 5992  ProtectedStorage - ok
17:14:06.0284 5992  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:14:06.0315 5992  Psched - ok
17:14:06.0378 5992  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:14:06.0425 5992  ql2300 - ok
17:14:06.0440 5992  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:06.0471 5992  ql40xx - ok
17:14:06.0503 5992  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:14:06.0534 5992  QWAVE - ok
17:14:06.0565 5992  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:14:06.0581 5992  QWAVEdrv - ok
17:14:06.0612 5992  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:14:06.0659 5992  RasAcd - ok
17:14:06.0705 5992  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:06.0752 5992  RasAgileVpn - ok
17:14:06.0768 5992  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:14:06.0815 5992  RasAuto - ok
17:14:06.0830 5992  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:06.0877 5992  Rasl2tp - ok
17:14:06.0955 5992  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:14:07.0064 5992  RasMan - ok
17:14:07.0095 5992  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:07.0158 5992  RasPppoe - ok
17:14:07.0189 5992  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:14:07.0236 5992  RasSstp - ok
17:14:07.0283 5992  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:14:07.0329 5992  rdbss - ok
17:14:07.0361 5992  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:07.0392 5992  rdpbus - ok
17:14:07.0423 5992  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:07.0532 5992  RDPCDD - ok
17:14:07.0595 5992  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:14:07.0626 5992  RDPDR - ok
17:14:07.0657 5992  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:14:07.0704 5992  RDPENCDD - ok
17:14:07.0735 5992  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:14:07.0782 5992  RDPREFMP - ok
17:14:07.0844 5992  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:14:07.0891 5992  RdpVideoMiniport - ok
17:14:07.0938 5992  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:14:07.0969 5992  RDPWD - ok
17:14:08.0016 5992  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:14:08.0094 5992  rdyboost - ok
17:14:08.0141 5992  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:14:08.0187 5992  RemoteAccess - ok
17:14:08.0219 5992  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:14:08.0281 5992  RemoteRegistry - ok
17:14:08.0312 5992  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:14:08.0343 5992  RFCOMM - ok
17:14:08.0375 5992  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:14:08.0421 5992  RpcEptMapper - ok
17:14:08.0453 5992  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:14:08.0484 5992  RpcLocator - ok
17:14:08.0515 5992  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:14:08.0546 5992  RpcSs - ok
17:14:08.0577 5992  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:14:08.0624 5992  rspndr - ok
17:14:08.0655 5992  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:14:08.0687 5992  s3cap - ok
17:14:08.0702 5992  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:14:08.0718 5992  SamSs - ok
17:14:08.0765 5992  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:14:08.0796 5992  sbp2port - ok
17:14:08.0827 5992  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:14:08.0858 5992  SCardSvr - ok
17:14:08.0874 5992  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:14:08.0921 5992  scfilter - ok
17:14:08.0983 5992  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:14:09.0123 5992  Schedule - ok
17:14:09.0155 5992  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:14:09.0170 5992  SCPolicySvc - ok
17:14:09.0217 5992  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:14:09.0264 5992  SDRSVC - ok
17:14:09.0311 5992  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:14:09.0342 5992  secdrv - ok
17:14:09.0373 5992  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:14:09.0420 5992  seclogon - ok
17:14:09.0435 5992  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:14:09.0482 5992  SENS - ok
17:14:09.0513 5992  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:14:09.0576 5992  SensrSvc - ok
17:14:09.0607 5992  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:14:09.0669 5992  Serenum - ok
17:14:09.0701 5992  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:14:09.0732 5992  Serial - ok
17:14:09.0763 5992  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:14:09.0810 5992  sermouse - ok
17:14:09.0857 5992  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:14:09.0919 5992  SessionEnv - ok
17:14:09.0966 5992  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:14:10.0013 5992  sffdisk - ok
17:14:10.0028 5992  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:14:10.0059 5992  sffp_mmc - ok
17:14:10.0075 5992  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:14:10.0106 5992  sffp_sd - ok
17:14:10.0137 5992  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:10.0169 5992  sfloppy - ok
17:14:10.0215 5992  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:14:10.0278 5992  SharedAccess - ok
17:14:10.0309 5992  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:14:10.0371 5992  ShellHWDetection - ok
17:14:10.0434 5992  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:14:10.0449 5992  sisagp - ok
17:14:10.0481 5992  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:10.0496 5992  SiSRaid2 - ok
17:14:10.0527 5992  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:10.0543 5992  SiSRaid4 - ok
17:14:10.0637 5992  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:14:10.0761 5992  SkypeUpdate - ok
17:14:10.0871 5992  [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
17:14:10.0964 5992  SMARTHelperService - ok
17:14:11.0027 5992  [ A4C659F9692E7695CFDD23B9EF9F035D ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
17:14:11.0042 5992  SMARTMouseFilterx86 - ok
17:14:11.0105 5992  [ 45954C46F3FCAE82AC7ACF58F2B421BD ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
17:14:11.0120 5992  SMARTVHidMini2000x86 - ok
17:14:11.0136 5992  [ BD6F2C43F591A93D3D987A404DB3D62D ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
17:14:11.0151 5992  SMARTVTabletPCx86 - ok
17:14:11.0183 5992  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:14:11.0229 5992  Smb - ok
17:14:11.0276 5992  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
17:14:11.0339 5992  smserial - ok
17:14:11.0385 5992  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:14:11.0417 5992  SNMPTRAP - ok
17:14:11.0510 5992  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:14:11.0573 5992  Sony PC Companion - ok
17:14:11.0604 5992  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:14:11.0635 5992  spldr - ok
17:14:11.0666 5992  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:14:11.0744 5992  Spooler - ok
17:14:11.0853 5992  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:14:12.0041 5992  sppsvc - ok
17:14:12.0087 5992  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:14:12.0181 5992  sppuinotify - ok
17:14:12.0259 5992  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
17:14:12.0259 5992  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
17:14:12.0275 5992  sptd ( LockedFile.Multi.Generic ) - warning
17:14:12.0275 5992  sptd - detected LockedFile.Multi.Generic (1)
17:14:12.0321 5992  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:14:12.0368 5992  srv - ok
17:14:12.0415 5992  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:14:12.0462 5992  srv2 - ok
17:14:12.0493 5992  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:14:12.0524 5992  srvnet - ok
17:14:12.0555 5992  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:14:12.0618 5992  SSDPSRV - ok
17:14:12.0680 5992  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:14:12.0696 5992  ssmdrv - ok
17:14:12.0711 5992  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:14:12.0743 5992  SstpSvc - ok
17:14:12.0758 5992  StarOpen - ok
17:14:12.0789 5992  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:14:12.0805 5992  stexstor - ok
17:14:12.0852 5992  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:14:12.0914 5992  StiSvc - ok
17:14:12.0930 5992  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:14:12.0945 5992  storflt - ok
17:14:12.0977 5992  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
17:14:13.0023 5992  StorSvc - ok
17:14:13.0055 5992  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:14:13.0101 5992  storvsc - ok
17:14:13.0148 5992  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:14:13.0179 5992  swenum - ok
17:14:13.0211 5992  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:14:13.0257 5992  swprv - ok
17:14:13.0320 5992  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:14:13.0351 5992  SynTP - ok
17:14:13.0429 5992  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:14:13.0476 5992  SysMain - ok
17:14:13.0523 5992  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:14:13.0554 5992  TabletInputService - ok
17:14:13.0616 5992  [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
17:14:13.0725 5992  TabletServicePen - ok
17:14:13.0772 5992  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:14:13.0835 5992  TapiSrv - ok
17:14:13.0850 5992  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:14:13.0913 5992  TBS - ok
17:14:13.0991 5992  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:14:14.0131 5992  Tcpip - ok
17:14:14.0178 5992  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:14:14.0225 5992  TCPIP6 - ok
17:14:14.0271 5992  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:14:14.0303 5992  tcpipreg - ok
17:14:14.0349 5992  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:14:14.0396 5992  TDPIPE - ok
17:14:14.0427 5992  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:14:14.0459 5992  TDTCP - ok
17:14:14.0505 5992  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:14:14.0537 5992  tdx - ok
17:14:14.0568 5992  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:14:14.0583 5992  TermDD - ok
17:14:14.0646 5992  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:14:14.0771 5992  TermService - ok
17:14:14.0802 5992  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:14:14.0849 5992  Themes - ok
17:14:14.0880 5992  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:14:14.0911 5992  THREADORDER - ok
17:14:14.0927 5992  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:14:14.0989 5992  TrkWks - ok
17:14:15.0036 5992  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:14:15.0098 5992  TrustedInstaller - ok
17:14:15.0145 5992  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:15.0192 5992  tssecsrv - ok
17:14:15.0239 5992  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:14:15.0270 5992  TsUsbFlt - ok
17:14:15.0332 5992  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:14:15.0363 5992  tunnel - ok
17:14:15.0395 5992  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:14:15.0410 5992  uagp35 - ok
17:14:15.0441 5992  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:14:15.0504 5992  udfs - ok
17:14:15.0535 5992  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:14:15.0566 5992  UI0Detect - ok
17:14:15.0613 5992  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:14:15.0644 5992  uliagpkx - ok
17:14:15.0707 5992  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
17:14:15.0722 5992  umbus - ok
17:14:15.0753 5992  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:14:15.0785 5992  UmPass - ok
17:14:15.0816 5992  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:14:15.0863 5992  UmRdpService - ok
17:14:15.0878 5992  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:14:15.0956 5992  upnphost - ok
17:14:16.0003 5992  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:14:16.0050 5992  usbaudio - ok
17:14:16.0097 5992  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:16.0128 5992  usbccgp - ok
17:14:16.0175 5992  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:14:16.0221 5992  usbcir - ok
17:14:16.0268 5992  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:14:16.0284 5992  usbehci - ok
17:14:16.0315 5992  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:14:16.0346 5992  usbhub - ok
17:14:16.0362 5992  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:14:16.0393 5992  usbohci - ok
17:14:16.0440 5992  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:14:16.0455 5992  usbprint - ok
17:14:16.0502 5992  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:14:16.0549 5992  usbscan - ok
17:14:16.0643 5992  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
17:14:16.0689 5992  usbser - ok
17:14:16.0689 5992  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:16.0752 5992  USBSTOR - ok
17:14:16.0783 5992  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:14:16.0814 5992  usbuhci - ok
17:14:16.0861 5992  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:14:16.0892 5992  usbvideo - ok
17:14:16.0923 5992  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:14:16.0986 5992  UxSms - ok
17:14:17.0017 5992  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:14:17.0033 5992  VaultSvc - ok
17:14:17.0064 5992  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:14:17.0095 5992  vdrvroot - ok
17:14:17.0142 5992  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:14:17.0267 5992  vds - ok
17:14:17.0313 5992  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:17.0329 5992  vga - ok
17:14:17.0376 5992  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:14:17.0407 5992  VgaSave - ok
17:14:17.0438 5992  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:14:17.0469 5992  vhdmp - ok
17:14:17.0501 5992  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:14:17.0532 5992  viaagp - ok
17:14:17.0547 5992  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:14:17.0579 5992  ViaC7 - ok
17:14:17.0594 5992  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:14:17.0625 5992  viaide - ok
17:14:17.0672 5992  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:14:17.0750 5992  vmbus - ok
17:14:17.0766 5992  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:14:17.0797 5992  VMBusHID - ok
17:14:17.0813 5992  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:14:17.0844 5992  volmgr - ok
17:14:17.0875 5992  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:14:17.0906 5992  volmgrx - ok
17:14:17.0922 5992  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:14:17.0953 5992  volsnap - ok
17:14:17.0984 5992  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:18.0015 5992  vsmraid - ok
17:14:18.0062 5992  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:14:18.0171 5992  VSS - ok
17:14:18.0203 5992  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:14:18.0234 5992  vwifibus - ok
17:14:18.0265 5992  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:14:18.0296 5992  vwififlt - ok
17:14:18.0312 5992  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:14:18.0343 5992  vwifimp - ok
17:14:18.0374 5992  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:14:18.0437 5992  W32Time - ok
17:14:18.0499 5992  [ A4293CE975419A9D139355B3E7A98B62 ] wacomhidfilter  C:\Windows\system32\DRIVERS\wacomhidfilter.sys
17:14:18.0515 5992  wacomhidfilter - ok
17:14:18.0515 5992  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:14:18.0546 5992  wacommousefilter - ok
17:14:18.0577 5992  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:14:18.0608 5992  WacomPen - ok
17:14:18.0624 5992  [ EAA61E9010C21A1C12BFE5B9E3160C59 ] WacomTouchService C:\Windows\system32\WacomTouchService.exe
17:14:18.0655 5992  WacomTouchService - ok
17:14:18.0686 5992  [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
17:14:18.0702 5992  wacomvhid - ok
17:14:18.0717 5992  [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid      C:\Windows\system32\DRIVERS\WacomVKHid.sys
17:14:18.0733 5992  WacomVKHid - ok
17:14:18.0749 5992  [ 423ABF94D9D0A2EA1AD104E3519D4FEA ] WacomVTHid      C:\Windows\system32\DRIVERS\WacomVTHid.sys
17:14:18.0764 5992  WacomVTHid - ok
17:14:18.0827 5992  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:14:18.0858 5992  WANARP - ok
17:14:18.0858 5992  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:14:18.0889 5992  Wanarpv6 - ok
17:14:18.0983 5992  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:14:19.0139 5992  wbengine - ok
17:14:19.0170 5992  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:14:19.0217 5992  WbioSrvc - ok
17:14:19.0263 5992  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:14:19.0326 5992  wcncsvc - ok
17:14:19.0341 5992  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:19.0388 5992  WcsPlugInService - ok
17:14:19.0419 5992  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:14:19.0451 5992  Wd - ok
17:14:19.0513 5992  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
17:14:19.0513 5992  WDC_SAM ( UnsignedFile.Multi.Generic ) - warning
17:14:19.0513 5992  WDC_SAM - detected UnsignedFile.Multi.Generic (1)
17:14:19.0575 5992  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:14:19.0622 5992  Wdf01000 - ok
17:14:19.0638 5992  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:14:19.0716 5992  WdiServiceHost - ok
17:14:19.0731 5992  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:14:19.0747 5992  WdiSystemHost - ok
17:14:19.0794 5992  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:14:19.0841 5992  WebClient - ok
17:14:19.0856 5992  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:14:19.0903 5992  Wecsvc - ok
17:14:19.0919 5992  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:14:19.0981 5992  wercplsupport - ok
17:14:20.0012 5992  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:14:20.0059 5992  WerSvc - ok
17:14:20.0106 5992  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:20.0137 5992  WfpLwf - ok
17:14:20.0153 5992  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:14:20.0184 5992  WIMMount - ok
17:14:20.0231 5992  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:14:20.0309 5992  WinDefend - ok
17:14:20.0324 5992  WinHttpAutoProxySvc - ok
17:14:20.0387 5992  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:14:20.0449 5992  Winmgmt - ok
17:14:20.0511 5992  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:14:20.0667 5992  WinRM - ok
17:14:20.0745 5992  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:14:20.0777 5992  WinUsb - ok
17:14:20.0839 5992  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:14:20.0886 5992  Wlansvc - ok
17:14:20.0995 5992  [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:14:21.0182 5992  wlidsvc - ok
17:14:21.0245 5992  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:14:21.0260 5992  WmiAcpi - ok
17:14:21.0307 5992  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:14:21.0354 5992  wmiApSrv - ok
17:14:21.0447 5992  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:14:21.0525 5992  WMPNetworkSvc - ok
17:14:21.0557 5992  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:14:21.0588 5992  WPCSvc - ok
17:14:21.0635 5992  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:14:21.0713 5992  WPDBusEnum - ok
17:14:21.0759 5992  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:14:21.0806 5992  ws2ifsl - ok
17:14:21.0837 5992  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:14:21.0869 5992  wscsvc - ok
17:14:21.0884 5992  WSearch - ok
17:14:21.0962 5992  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:14:22.0056 5992  wuauserv - ok
17:14:22.0103 5992  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:14:22.0134 5992  WudfPf - ok
17:14:22.0181 5992  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:22.0212 5992  WUDFRd - ok
17:14:22.0243 5992  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:14:22.0274 5992  wudfsvc - ok
17:14:22.0305 5992  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:14:22.0337 5992  WwanSvc - ok
17:14:22.0399 5992  ================ Scan global ===============================
17:14:22.0446 5992  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:14:22.0508 5992  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:14:22.0571 5992  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:14:22.0602 5992  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:14:22.0649 5992  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:14:22.0680 5992  [Global] - ok
17:14:22.0680 5992  ================ Scan MBR ==================================
17:14:22.0695 5992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:14:22.0992 5992  \Device\Harddisk0\DR0 - ok
17:14:22.0992 5992  ================ Scan VBR ==================================
17:14:22.0992 5992  [ EB6C30FAD276855E5CDCAC0656285A62 ] \Device\Harddisk0\DR0\Partition1
17:14:23.0007 5992  \Device\Harddisk0\DR0\Partition1 - ok
17:14:23.0039 5992  [ F0051B3136D6FEF39A9F39105E42B67A ] \Device\Harddisk0\DR0\Partition2
17:14:23.0039 5992  \Device\Harddisk0\DR0\Partition2 - ok
17:14:23.0039 5992  ============================================================
17:14:23.0039 5992  Scan finished
17:14:23.0039 5992  ============================================================
17:14:23.0070 4676  Detected object count: 5
17:14:23.0070 4676  Actual detected object count: 5
17:15:26.0671 4676  DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676  DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:15:26.0671 4676  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:15:26.0671 4676  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:15:26.0671 4676  sptd ( LockedFile.Multi.Generic ) - skipped by user
17:15:26.0671 4676  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:15:26.0687 4676  WDC_SAM ( UnsignedFile.Multi.Generic ) - skipped by user
17:15:26.0687 4676  WDC_SAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:15:39.0338 3536  Deinitialize success
         
Angehängte Grafiken
Dateityp: png aswMBR.png (114,0 KB, 126x aufgerufen)

Alt 12.03.2013, 16:53   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 23:15   #8
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hier ist der aswMBR-Log:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 00:08:25
-----------------------------
00:08:25.807    OS Version: Windows 6.1.7601 Service Pack 1
00:08:25.807    Number of processors: 2 586 0x6802
00:08:25.811    ComputerName: IGOR-PC  UserName: Igor
00:08:26.889    Initialize success
00:08:42.773    AVAST engine defs: 13031200
00:09:46.110    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000079
00:09:46.115    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
00:09:46.143    Disk 0 MBR read successfully
00:09:46.147    Disk 0 MBR scan
00:09:46.179    Disk 0 Windows 7 default MBR code
00:09:46.203    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:09:46.271    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238373 MB offset 206848
00:09:46.287    Disk 0 scanning sectors +488394752
00:09:46.398    Disk 0 scanning C:\Windows\system32\drivers
00:10:11.611    Service scanning
00:10:36.398    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:10:45.948    Modules scanning
00:11:05.787    Disk 0 trace - called modules:
00:11:05.821    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x865cd1f8]<<
00:11:05.830    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868aa380]
00:11:05.838    3 CLASSPNP.SYS[8b98959e] -> nt!IofCallDriver -> [0x866c5698]
00:11:05.847    5 ACPI.sys[8b36a3d4] -> nt!IofCallDriver -> \Device\00000079[0x8664d030]
00:11:05.855    \Driver\nvstor[0x8664f948] -> IRP_MJ_CREATE -> 0x865cd1f8
00:11:05.865    Scan finished successfully
00:11:33.810    Disk 0 MBR has been saved successfully to "C:\Users\Igor\Desktop\MBR.dat"
00:11:33.821    The log file has been saved successfully to "C:\Users\Igor\Desktop\aswMBR.txt"
         

Alt 13.03.2013, 07:57   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 13:32   #10
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hier ist die Log-Datei von ComboFix:

Code:
ATTFilter
ComboFix 13-03-12.02 - Igor 13.03.2013  14:06:26.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3007.1960 [GMT 1:00]
ausgeführt von:: c:\users\Igor\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Igor\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\system32\sm56co85.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-13 bis 2013-03-13  ))))))))))))))))))))))))))))))
.
.
2013-03-13 13:14 . 2013-03-13 13:14	--------	d-----w-	c:\users\Igor\AppData\Local\temp
2013-03-13 13:14 . 2013-03-13 13:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 17:31 . 2013-03-08 17:31	--------	d-----w-	c:\users\Igor\AppData\Roaming\Malwarebytes
2013-03-08 17:31 . 2013-03-08 17:31	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-08 17:31 . 2013-03-08 17:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-08 17:31 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-02 15:42 . 2013-01-13 19:53	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-03-02 15:42 . 2013-01-13 19:02	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-02 15:42 . 2013-01-13 21:17	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-02 15:42 . 2013-01-13 21:17	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-02 15:42 . 2013-01-13 21:16	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-19 06:14 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-19 06:14 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-02-19 06:14 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-19 06:14 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-19 06:13 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-19 06:13 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-17 19:50 . 2013-02-17 19:50	--------	d-----w-	c:\windows\de
2013-02-17 19:49 . 2013-02-17 19:49	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2013-02-17 19:48 . 2013-02-17 19:49	--------	d-----w-	c:\program files\Windows Live
2013-02-17 19:47 . 2010-06-02 03:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-02-17 19:47 . 2010-06-02 03:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-02-17 19:47 . 2010-05-26 10:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-02-17 19:47 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-02-17 19:46 . 2009-09-04 16:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2013-02-17 19:45 . 2006-11-29 12:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2013-02-17 19:43 . 2013-02-17 19:51	--------	d-----w-	c:\users\Igor\AppData\Local\Windows Live
2013-02-17 19:42 . 2013-02-17 19:42	--------	d-----w-	c:\program files\Common Files\Windows Live
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:13 . 2012-12-24 19:00	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 19:00	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-03-10 08:28 . 2013-03-10 08:28	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Igor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Igor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Igor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-04 332432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
S3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [x]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\xsu45c8k.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2009-10-23 18:01; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(528)
c:\windows\system32\DPPWDFLT.DLL
.
Zeit der Fertigstellung: 2013-03-13  14:16:00
ComboFix-quarantined-files.txt  2013-03-13 13:16
.
Vor Suchlauf: 11 Verzeichnis(se), 142.423.691.264 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 142.469.148.672 Bytes frei
.
- - End Of File - - 02C47AB62B752581C58FF204B34D70FC
         

Alt 13.03.2013, 13:38   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 16:11   #12
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hier ist das Ergebnis von JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Professional x86
Ran by Igor on 13.03.2013 at 16:28:07,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Igor\appdata\locallow\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\minidumps [55 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 16:31:06,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Hier ist das Ergebnis von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 13/03/2013 um 16:39:54 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Igor - IGOR-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Igor\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\xsu45c8k.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [721 octets] - [13/03/2013 16:39:54]

########## EOF - C:\AdwCleaner[S1].txt - [780 octets] ##########
         

Hier ist das Ergebnis von OTL:

Code:
ATTFilter
OTL logfile created on: 13.03.2013 16:48:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Igor\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,42% Memory free
5,87 Gb Paging File | 4,57 Gb Available in Paging File | 77,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 132,39 Gb Free Space | 56,87% Space Free | Partition Type: NTFS
 
Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Igor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
PRC - C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies)
PRC - C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WacomTouchService.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SMARTHelperService) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe (SMART Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (WacomTouchService) -- C:\Windows\System32\WacomTouchService.exe ()
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (StarOpen) --  File not found
DRV - (catchme) -- C:\Users\Igor\AppData\Local\Temp\catchme.sys File not found
DRV - (aujeff7a) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (wacomhidfilter) -- C:\Windows\System32\drivers\wacomhidfilter.sys (Wacom Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{C1A4511A-C963-4E44-A47E-977FBE201AA4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\..\SearchScopes\{F6BAB714-EFC8-4CCA-A045-5564D39015F8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.10.23 17:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.28 18:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.28 18:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.10 09:28:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:28:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.10.23 17:01:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.10 09:28:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:28:06 | 000,000,000 | ---D | M]
 
[2010.05.09 16:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Extensions
[2013.03.11 06:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\Firefox\Profiles\xsu45c8k.default\extensions
[2013.03.11 06:18:41 | 000,013,968 | ---- | M] () (No name found) -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2011.08.03 19:02:41 | 000,083,618 | ---- | M] () -- C:\Users\Igor\AppData\Roaming\mozilla\firefox\profiles\xsu45c8k.default\searchplugins\canoonet.xml
[2013.03.10 09:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.10 09:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.10 09:28:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.10 09:28:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.28 16:32:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 19:53:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.03.28 16:32:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.28 16:32:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.28 16:32:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.28 16:32:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.13 14:14:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093BF58E-1AED-4338-B93C-59B3F257B0D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA3D1E6-CC7F-4DD5-9C4E-53539239BEFF}: DhcpNameServer = 10.101.226.2 195.37.105.57 195.37.105.58
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 16:28:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 16:27:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 16:24:29 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Igor\Desktop\JRT.exe
[2013.03.13 14:16:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.13 14:16:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.13 14:16:02 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Local\temp
[2013.03.13 14:03:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.13 14:03:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.13 14:03:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.13 14:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.13 14:02:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.13 13:59:13 | 005,037,887 | R--- | C] (Swearware) -- C:\Users\Igor\Desktop\ComboFix.exe
[2013.03.12 17:09:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Igor\Desktop\tdsskiller.exe
[2013.03.12 16:29:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Igor\Desktop\aswMBR.exe
[2013.03.12 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Igor\Desktop\mbar-1.01.0.1021
[2013.03.10 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.08 20:16:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe
[2013.03.08 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Roaming\Malwarebytes
[2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.08 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.08 18:31:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.08 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.02 16:42:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.02 16:42:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.02 16:42:00 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.02 16:42:00 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.02 16:42:00 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.02 16:41:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.02 16:41:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.02 16:41:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.02 16:41:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.02 16:41:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.02 16:41:55 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.02 16:41:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.02 16:41:54 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.02 16:41:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.02 16:41:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.02 16:41:52 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.02 16:41:52 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.02 16:41:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.02 16:41:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.02 16:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.02 16:41:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.02 16:41:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.02 16:41:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.01 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\Igor\Documents\Command and Conquer Generals Data
[2013.02.19 07:14:16 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.19 07:14:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.19 07:14:12 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.19 07:13:54 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.19 07:13:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.17 20:50:03 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.17 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.02.17 20:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.02.17 20:47:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2013.02.17 20:47:31 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2013.02.17 20:47:31 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2013.02.17 20:47:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2013.02.17 20:46:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2013.02.17 20:45:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013.02.17 20:43:36 | 000,000,000 | ---D | C] -- C:\Users\Igor\AppData\Local\Windows Live
[2013.02.17 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 16:50:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 16:50:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 16:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 16:42:16 | 2364,493,824 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 16:25:19 | 000,597,667 | ---- | M] () -- C:\Users\Igor\Desktop\adwcleaner.exe
[2013.03.13 16:24:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Igor\Desktop\JRT.exe
[2013.03.13 14:14:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.13 13:59:29 | 005,037,887 | R--- | M] (Swearware) -- C:\Users\Igor\Desktop\ComboFix.exe
[2013.03.13 00:11:33 | 000,000,512 | ---- | M] () -- C:\Users\Igor\Desktop\MBR.dat
[2013.03.12 17:20:31 | 000,116,694 | ---- | M] () -- C:\Users\Igor\Desktop\aswMBR.png
[2013.03.12 17:09:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Igor\Desktop\tdsskiller.exe
[2013.03.12 16:30:55 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Igor\Desktop\aswMBR.exe
[2013.03.12 15:56:25 | 013,786,977 | ---- | M] () -- C:\Users\Igor\Desktop\mbar-1.01.0.1021.zip
[2013.03.11 19:20:34 | 322,961,408 | ---- | M] () -- C:\Users\Igor\Desktop\pmagic_2013_02_28.iso
[2013.03.08 20:49:59 | 000,377,856 | ---- | M] () -- C:\Users\Igor\Desktop\gmer_2.1.19155.exe
[2013.03.08 20:16:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Igor\Desktop\OTL.exe
[2013.03.04 06:14:35 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 06:14:35 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 06:14:35 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 06:14:35 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.24 22:27:11 | 000,003,077 | ---- | M] () -- C:\Users\Igor\.recently-used.xbel
[2013.02.19 17:37:46 | 000,445,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.17 20:49:26 | 000,000,020 | ---- | M] () -- C:\Windows\´ó
 
========== Files Created - No Company Name ==========
 
[2013.03.13 16:25:19 | 000,597,667 | ---- | C] () -- C:\Users\Igor\Desktop\adwcleaner.exe
[2013.03.13 14:03:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.13 14:03:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.13 14:03:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.13 14:03:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.13 14:03:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.13 00:11:33 | 000,000,512 | ---- | C] () -- C:\Users\Igor\Desktop\MBR.dat
[2013.03.12 16:47:16 | 000,116,694 | ---- | C] () -- C:\Users\Igor\Desktop\aswMBR.png
[2013.03.12 15:56:23 | 013,786,977 | ---- | C] () -- C:\Users\Igor\Desktop\mbar-1.01.0.1021.zip
[2013.03.11 19:11:41 | 322,961,408 | ---- | C] () -- C:\Users\Igor\Desktop\pmagic_2013_02_28.iso
[2013.03.08 20:49:58 | 000,377,856 | ---- | C] () -- C:\Users\Igor\Desktop\gmer_2.1.19155.exe
[2013.02.24 22:27:11 | 000,003,077 | ---- | C] () -- C:\Users\Igor\.recently-used.xbel
[2013.02.17 20:49:48 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.17 20:49:32 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.17 20:49:25 | 000,000,020 | ---- | C] () -- C:\Windows\´ó
[2013.01.06 21:11:43 | 000,000,092 | ---- | C] () -- C:\Users\Igor\de.pws
[2013.01.06 21:11:43 | 000,000,025 | ---- | C] () -- C:\Users\Igor\de.prepl
[2012.11.17 21:02:24 | 000,000,728 | ---- | C] () -- C:\Users\Igor\.tracker.prefs
[2012.11.17 21:02:24 | 000,000,158 | ---- | C] () -- C:\Users\Igor\.tracker_starter.prefs
[2012.04.10 14:22:33 | 000,004,096 | -H-- | C] () -- C:\Users\Igor\AppData\Local\keyfile3.drm
[2011.11.11 20:54:50 | 000,077,216 | ---- | C] () -- C:\ProgramData\dudenbib.wav
[2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.01 13:03:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.14 19:18:15 | 000,000,173 | ---- | C] () -- C:\Users\Igor\AppData\Local\msmathematics.qat.Igor
[2011.03.27 20:31:20 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2010.12.12 23:18:12 | 000,006,238 | ---- | C] () -- C:\Users\Igor\.emacs
[2010.12.12 12:37:02 | 000,004,752 | ---- | C] () -- C:\Users\Igor\%backup%~
[2010.11.27 15:02:12 | 000,011,376 | ---- | C] () -- C:\Users\Igor\gsview32.ini
[2009.11.22 13:46:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.23 17:41:33 | 000,007,597 | ---- | C] () -- C:\Users\Igor\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2013 16:48:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Igor\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,42% Memory free
5,87 Gb Paging File | 4,57 Gb Available in Paging File | 77,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 132,39 Gb Free Space | 56,87% Space Free | Partition Type: NTFS
 
Computer Name: IGOR-PC | User Name: Igor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F85F9-F6C2-489E-B5F6-F059582E205B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0AA4DB48-8344-48F7-AAAF-746E6F6B204C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0D29FD02-2170-4510-988C-4432F2ECFE28}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0D3FB491-AE9F-4A1A-97DE-0F41A621021C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1202045F-1670-42B8-BDC5-4390D4F43CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1447A0D3-D3A0-4294-AD91-E132D662BFEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{19CA0F7B-EF88-4D05-A5AB-08C02FB26DF5}" = lport=57564 | protocol=6 | dir=in | name=pando media booster | 
"{1BD286D5-DBE8-4C30-8EE7-A3E6082EDF7A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1FC037D1-993A-45E9-ABD4-D64FF9EF1156}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3A239A87-19E0-4E2D-8F5C-039604C8F260}" = lport=57564 | protocol=17 | dir=in | name=pando media booster | 
"{3AEDD7A0-1658-4362-A64C-5C62C47DED1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{43090ACE-CBCE-44D7-B636-B323A9394FA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44173BC3-4361-4AE2-AD4A-3D5A86500F61}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5769F108-41DE-4B9F-905D-41E2CDB16338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B0E2238-1C56-4AF5-A3C3-461BB9E20045}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5E6EA0A3-4152-440E-92E2-97A56CFAE187}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6241E64B-9D0A-4AB6-83CC-E15A88852A2B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6760D11F-C7AE-4176-BC39-139E919C26E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EC0457B-9F65-488A-91B2-56280D1A8382}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73E57006-B439-45B0-9525-24D5F46B5288}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78B96770-22BC-43DD-AEC8-A25D1C183765}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7FB31C95-A88E-4117-BCD4-575B116FA2E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B9EAE3C-C259-462F-8727-F6A1676400E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1C9BBD1-DFB3-4526-B559-4DAE25FA3F0F}" = lport=57564 | protocol=6 | dir=in | name=pando media booster | 
"{B6E0F417-F2F0-4BFB-8923-14008B180101}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C38D9235-6984-4DAD-AF62-9C3FBDC3B411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4D23DFE-E827-4B36-AD16-3E1885D1C4FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5DDC500-E7F1-4BBA-A60F-BC39D10F674F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DF08E3B9-BF5C-4491-9B43-1C662E6992C5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0ADB5E8-2273-45CF-B4B9-7B5B8AEF56CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E28E3BF1-E553-4412-88F9-B2A87B102F51}" = lport=57564 | protocol=17 | dir=in | name=pando media booster | 
"{E4D36BDC-9A4B-4D8A-8D19-7C28B976634F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8262ACF-1751-4772-ABFE-CD6A4BFE747C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F679990A-86BB-4467-A911-3C8ED04F926C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6ED9EE7-A789-4F3D-AD79-5214A3E1D789}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FD4F0353-8549-4E0A-BA66-4A12FCBF7FF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDD139F-E63A-47C4-AF3F-E7F37F6D43E7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FFADB0A4-6BE0-4BFC-AED4-DA92218B77BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2AB06-045E-4BDB-B399-FF43B8F15CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{09DCCF43-6262-4829-A4A7-1AE84C2ACC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D0C3B50-3D12-405E-BE2D-561778FD4B8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{186A868F-86C8-420F-8E55-0532B0694351}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{190EDF58-1F1B-414F-B890-EF702C1D015C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{22314404-3E01-41C6-8D4E-688C6335A8D8}" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37B4D08A-9922-440E-BD60-FCB367AA9A15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B4852A3-3597-4688-902A-7C51410164AC}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{3C4DCFA1-899C-4C46-9962-45F056431CAC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{44625ADC-0E0C-4800-B315-21641C8A3256}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4490890B-5D69-431E-8006-915DDC303F12}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{44CC8D88-A984-4D8E-B512-6B0A5F1D87A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4551E1FB-BBC3-450E-BCE2-D277D1567979}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5171A404-C177-4121-BD90-899F1FBFC010}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{5C455617-CEEF-4C32-8188-887991DF1B80}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{675B006A-3150-4323-8965-6016A1E2B4B3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{6F155868-3659-452C-A8AD-13C2FC6BA0E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F68DB9F-7681-43CE-B099-59B9C95EA749}" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71631A15-B5D7-43EF-BB12-9CDCAD6B994F}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{7F796A07-1FDE-4DCD-A80E-981962C7B30C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{872CC69D-31E2-4113-8380-95B16E4305A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F73A066-985E-4091-8003-700D9A6CF324}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9928BEE0-CE22-4DF5-857B-519D4DD38E95}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A21CF4AF-C77D-4DFA-81ED-62896DB9021B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3DCEC63-CC45-4F61-800E-0B40AA5821EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4BD0E16-A564-45E4-90E6-5725F7B5C13C}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{C61EEE58-EFB8-4FEF-8594-88E4961A00CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CA25BD42-339F-4821-8BF3-AEE06F255E65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D4801106-4164-4E72-8537-3D8DEC877290}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{D6B01AB3-A777-49B1-A4E0-CB820220DC58}" = protocol=6 | dir=out | app=system | 
"{D955A1C8-6306-4092-88DE-5B009120221B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6126F2F-2547-46E8-B564-239D5B7A61B6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E9608FBC-5A66-4FE4-AAC1-6055FC80F988}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EC84660A-2584-4885-B5A2-AF5EF03A6E8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8C579E2-AE8A-44B9-8F38-3A29CE4AA687}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F9AB2436-6B05-4007-BE31-2AED5B94FB7D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{072F5813-3DEC-4513-BA29-A841BE2206C9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{091A6AE5-9A20-4A2D-90EF-A127933963E0}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{2AF4A1DC-9541-483D-98C2-1BE9DDE5C0E8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{7D48AF3B-DC0D-4AA7-9CB3-1A92C12C317F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{9528AEA3-5D1D-4FF8-879C-C0AE1D0BB0C3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{953015BA-F94C-4FA0-94BD-C94EED6A8B38}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=6 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe | 
"TCP Query User{9A289E63-0482-4DA4-87FB-FA3DC447547F}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat | 
"TCP Query User{9EA6B18C-97D5-4808-BDC6-59629E01B420}C:\spiele\cc3\game.dat" = protocol=6 | dir=in | app=c:\spiele\cc3\game.dat | 
"TCP Query User{9F771E8B-A6C0-4956-A8EF-6BEF500951B5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A190202C-9E3B-469A-8711-78E9639FEAA4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{BE20BA8C-241F-4CF6-B4DA-E434543A7942}C:\program files\smart technologies\education software\ucgui.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"TCP Query User{BF0CB885-A42D-482D-AB8B-0B3F40DABAB9}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C2BCB147-8B51-4EB6-BBE4-56F07993506E}C:\program files\smart technologies\education software\ucservice.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"TCP Query User{EEC0C0F9-4D0E-4B13-8C1C-11FDE515452C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{010400A7-2DFB-4272-B1D9-664E791CABB9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1EA94CF8-9984-46C1-937A-51D491A2A14F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{36330053-17EA-48E3-B087-D05B016C268D}C:\program files\smart technologies\education software\ucgui.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"UDP Query User{378AF4B2-4B1E-4166-8332-CF3F1A834AF7}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat | 
"UDP Query User{3F359682-E718-401F-8BA3-DD6D7BB9AA4C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4B8CC75A-1EC1-416A-876F-7C3ADD7DB68A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{4F49CA8E-2953-4691-9004-444593412713}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{500E311C-BFC0-4450-8F30-434270E188D5}C:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe" = protocol=17 | dir=in | app=c:\program files\newsoft\presto! pagemanager 9 for ep\licensecheck.exe | 
"UDP Query User{5037AF2A-D88D-4429-981B-A5D108A58AF4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{9B05C9E4-FE89-4CEA-93F9-4CD41179B5CE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{B0420676-43FD-48BB-BCCB-93370DC16805}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{BCA7018A-E411-4075-99E3-185AE478A83F}C:\program files\smart technologies\education software\ucservice.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"UDP Query User{D7AB14EB-AE64-4934-B7C7-A691547F4973}C:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\igor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FA04828C-8C1F-4DE9-8456-C29751153F5B}C:\spiele\cc3\game.dat" = protocol=17 | dir=in | app=c:\spiele\cc3\game.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}" = Adobe Flash Player 10 ActiveX
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D7C895F6-7BD7-41F9-94F8-4FCD50F2F771}_is1" = myFuNe 2.0
"{D9D5A07A-F299-4741-BFE6-302324CC0BD7}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.12 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Derive 6" = Derive 6
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"GeoGebra 4.2" = GeoGebra 4.2
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OSP Tracker" = Tracker
"Pen Tablet Driver" = Stifttablett
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2525576673-4006502489-792790386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Inkscape" = Inkscape 0.48.1 
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:23 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:24 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:24 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:25 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:25 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:26 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 13.03.2013 11:43:26 | Computer Name = Igor-PC | Source = TabletServicePen | ID = 0
Description = 
 
[ DigitalPersona Pro Events ]
Error - 08.04.2012 10:00:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:35:54 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:35:58 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:36:05 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 15.04.2012 12:36:09 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 17.07.2012 03:21:45 | Computer Name = Igor-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ OSession Events ]
Error - 19.12.2012 22:27:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 66
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 22:31:16 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 22:34:14 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 22:35:22 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 48
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2012 23:01:25 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.01.2013 08:09:31 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.01.2013 08:11:06 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 65
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 08.01.2013 04:49:12 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 480
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 08.01.2013 04:55:26 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 356
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 15.01.2013 11:24:46 | Computer Name = Igor-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 67
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         

Alt 13.03.2013, 19:26   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 23:34   #14
IgorS
 
Groupon Trojaner - Standard

Groupon Trojaner



Hier ist die Log-Datei von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.13.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Igor :: IGOR-PC [Administrator]

Schutz: Aktiviert

13.03.2013 20:33:46
mbam-log-2013-03-13 (20-33-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208264
Laufzeit: 8 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Hier ist die Log-Datei von ESET Online Scanner:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=87ecd3e5a7a9f0448c34a720f93c8e92
# engine=13375
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-13 10:58:25
# local_time=2013-03-13 11:58:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 17567 228638795 10338 0
# compatibility_mode=5893 16776574 100 94 10371321 114846696 0 0
# scanned=176475
# found=0
# cleaned=0
# scan_time=9124
         

Alt 14.03.2013, 14:38   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner - Standard

Groupon Trojaner



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Groupon Trojaner
7-zip, adobe reader xi, avira, classpnp.sys, datei, dllhost.exe, email, funde, gestern, groupon, groupon trojaner, innerhalb, install.exe, launch, malwarebytes, nicht mehr, ntdll.dll, office 2007, outlook, pando media booster, taskhost.exe, troja, trojane, trojaner, visual studio



Ähnliche Themen: Groupon Trojaner


  1. Groupon Virus/Trojaner
    Log-Analyse und Auswertung - 29.05.2013 (74)
  2. Von Trojaner in Groupon Mail erwischt!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (19)
  3. Groupon Trojaner
    Log-Analyse und Auswertung - 30.03.2013 (28)
  4. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  5. Groupon Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (29)
  6. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  7. Groupon Trojaner, die Hundertste...
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (23)
  8. Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (10)
  9. Groupon Rechnung - versteckte Trojaner
    Log-Analyse und Auswertung - 15.03.2013 (16)
  10. Groupon AG Abrechnung - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (2)
  11. Groupon Trojaner-Bereinigung
    Log-Analyse und Auswertung - 14.03.2013 (72)
  12. Nochmal Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (1)
  13. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  14. Groupon Nachricht mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (5)
  15. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (24)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  17. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (5)

Zum Thema Groupon Trojaner - Hallo allerseits, ich habe gestern auch diese Email bekommen und habe innerhalb von Outlook den zip-Ordner geöffnet. Ich bin mir aber nicht mehr sicher, ob ich die auszuführende Datei geöffnet - Groupon Trojaner...
Archiv
Du betrachtest: Groupon Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.