Karonoob | 22.11.2012 19:20 | unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] gefunden Heute hat Avira zum ersten mal auf diesem Computer einen Fund angezeigt:
In der Datei 'C:\Program Files\Steam\SteamApps\***\half-life 2\bin\FileSystemOpenDialog.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen8' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Eigentlich glaube ich, dass es eine Fehlmeldung ist, aber ich frage lieber die Experten.
Jetzt kommen die langen Logfiles: Code:
OTL logfile created on: 22.11.2012 18:25:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,52% Memory free
6,99 Gb Paging File | 5,93 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,32 Gb Total Space | 24,13 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive D: | 270,44 Gb Total Space | 270,34 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Computer Name: KARO-PC | User Name: Karo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.22 18:17:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karo\Desktop\OTL.exe
PRC - [2012.09.14 07:39:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:13:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:13:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:13:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.08.23 14:55:54 | 000,030,608 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe
PRC - [2010.06.14 08:28:12 | 001,310,720 | ---- | M] () -- C:\Programme\SPEEDLINK Ferret Gaming Mouse\GMouse.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.01.22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2010.06.14 08:28:12 | 001,310,720 | ---- | M] () -- C:\Programme\SPEEDLINK Ferret Gaming Mouse\GMouse.exe
========== Services (SafeList) ==========
SRV - [2012.10.24 12:26:38 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 16:13:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 16:13:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.08.23 14:55:54 | 000,030,608 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Programme\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe -- (Response Hardware)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - [2012.05.08 16:13:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 16:13:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.08.23 15:01:40 | 000,018,960 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2010.08.23 15:01:30 | 000,014,224 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010.08.23 15:01:06 | 000,011,152 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008.05.15 12:07:00 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 8D 6E 1A F4 9D CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.89
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 10:09:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.29 22:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.24 14:49:33 | 000,000,000 | ---D | M]
[2011.01.10 17:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Extensions
[2010.01.26 07:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.07 19:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Firefox\Profiles\nb15k6pu.default\extensions
[2012.11.07 19:01:38 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Karo\AppData\Roaming\mozilla\Firefox\Profiles\nb15k6pu.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.02.08 16:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.08 16:31:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.07.29 10:09:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.29 10:09:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.29 10:09:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.29 10:09:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.29 10:09:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.29 10:09:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.29 10:09:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Classroom Teacher\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SMART Sync) - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Programme\SMART Technologies\Classroom Teacher\Sync Teacher\SyncIEToolbar.dll (SMART Technologies ULC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe File not found
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [Ferret Gaming Mouse] C:\Program Files\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" File not found
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Classroom Teacher\SMARTBoardService.exe File not found
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe -e File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Karo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Karo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 145.253.2.11 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75F04CC2-27E5-4721-ABDA-78E7EA4AD5C5}: DhcpNameServer = 145.253.2.11 192.168.123.254
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12435f5a-0be1-11df-81a0-6cf0490f13fd}\Shell - "" = AutoRun
O33 - MountPoints2\{12435f5a-0be1-11df-81a0-6cf0490f13fd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.22 18:17:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karo\Desktop\OTL.exe
[2012.11.22 16:38:44 | 000,000,000 | R--D | C] -- C:\Users\Karo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.22 18:17:52 | 000,302,592 | ---- | M] () -- C:\Users\Karo\Desktop\l2th62gz.exe
[2012.11.22 18:17:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karo\Desktop\OTL.exe
[2012.11.22 18:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Karo\defogger_reenable
[2012.11.22 18:13:15 | 000,050,477 | ---- | M] () -- C:\Users\Karo\Desktop\Defogger.exe
[2012.11.22 16:46:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 16:46:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 16:45:34 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.22 16:45:34 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.22 16:45:34 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.22 16:45:34 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.22 16:38:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 16:38:31 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 19:51:06 | 000,004,675 | ---- | M] () -- C:\Users\Karo\.recently-used.xbel
[2012.11.14 20:07:46 | 000,005,142 | ---- | M] () -- C:\Users\Karo\Desktop\sem3.qti~
[2012.11.14 20:07:46 | 000,005,142 | ---- | M] () -- C:\Users\Karo\Desktop\sem3.qti
[2012.11.14 16:54:25 | 000,015,835 | ---- | M] () -- C:\Users\Karo\Desktop\sem.qti
[2012.10.29 19:59:17 | 000,047,038 | ---- | M] () -- C:\Users\Karo\Documents\c02.qti
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.22 18:17:52 | 000,302,592 | ---- | C] () -- C:\Users\Karo\Desktop\l2th62gz.exe
[2012.11.22 18:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Karo\defogger_reenable
[2012.11.22 18:13:15 | 000,050,477 | ---- | C] () -- C:\Users\Karo\Desktop\Defogger.exe
[2012.11.19 19:51:06 | 000,004,675 | ---- | C] () -- C:\Users\Karo\.recently-used.xbel
[2012.11.14 20:07:46 | 000,005,142 | ---- | C] () -- C:\Users\Karo\Desktop\sem3.qti~
[2012.11.14 20:07:46 | 000,005,142 | ---- | C] () -- C:\Users\Karo\Desktop\sem3.qti
[2012.11.14 16:54:25 | 000,015,835 | ---- | C] () -- C:\Users\Karo\Desktop\sem.qti
[2012.10.29 19:59:17 | 000,047,038 | ---- | C] () -- C:\Users\Karo\Documents\c02.qti
[2012.04.13 18:44:08 | 000,005,120 | ---- | C] () -- C:\Users\Karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 22:18:51 | 000,307,815 | ---- | C] () -- C:\Users\Karo\pvhud_v207_2012-02-14.zip
[2012.02.15 16:11:46 | 087,262,320 | ---- | C] () -- C:\Users\Karo\avira_free_antivirus_de.exe
[2011.12.02 17:53:15 | 000,011,545 | ---- | C] () -- C:\Users\Karo\gsview32.ini
[2011.11.22 19:58:38 | 961,585,152 | ---- | C] () -- C:\Users\Karo\Mathematica_WIN.iso
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.20 17:42:21 | 000,000,555 | ---- | C] () -- C:\Users\Karo\cinderella2-user.properties
[2011.08.16 12:53:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.07.31 19:25:11 | 000,185,928 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011.07.31 19:25:11 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011.02.08 16:35:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.07.17 16:34:12 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\.minecraft
[2011.02.09 14:39:48 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\.smarttech-webinterface
[2010.02.22 21:37:38 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Audacity
[2010.11.28 15:40:27 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Beat Hazard
[2011.08.07 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Blender Foundation
[2012.11.22 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Dropbox
[2010.07.09 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\FOG Downloader
[2012.01.05 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\GetRightToGo
[2012.10.22 18:33:26 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\gtk-2.0
[2011.02.19 10:22:25 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Ideas From the Deep
[2011.08.15 23:52:11 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Mumble
[2010.01.26 06:52:18 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\OpenOffice.org
[2010.01.25 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Opera
[2011.12.24 13:47:51 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Polynomial
[2010.04.19 19:12:42 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\runic games
[2010.01.28 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\ScanSoft
[2010.08.29 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\SMART Technologies
[2010.08.29 09:56:03 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\SMART Technologies Inc
[2010.01.26 07:45:12 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Thunderbird
[2012.04.20 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Trine2
[2012.10.01 17:26:16 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Tryst
[2012.11.01 19:27:24 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\XnView
========== Purity Check ==========
< End of report > Code:
OTL Extras logfile created on: 22.11.2012 18:25:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 75,52% Memory free
6,99 Gb Paging File | 5,93 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,32 Gb Total Space | 24,13 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive D: | 270,44 Gb Total Space | 270,34 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Computer Name: KARO-PC | User Name: Karo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3127C6DF-A1F4-4D33-9B8C-3F2422CD0800}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{48DE0BC7-68FA-4D6F-83FC-B074FC5A9084}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F6C099F-C81B-41FD-8D42-7802644485A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51A3D76B-99A2-4CEE-82B0-49CF614AD112}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963A8627-CB4C-49D7-AEF8-089D902E65D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{964B5619-7D75-4062-841E-53318BBFD7E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{BD662485-2984-433B-B15B-D204B6F9C76E}" = lport=137 | protocol=17 | dir=in | app=system |
"{C3327522-55B5-4597-A0C5-B1E33A0D7FA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C503D613-B698-4E78-BF4D-EEDE792443EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC85D6E8-4677-49B9-A094-64AF7806CCC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DCDE6C5D-0B99-4803-9BE7-E5324FEBAE61}" = rport=138 | protocol=17 | dir=out | app=system |
"{E003AF19-C242-4012-AE74-343DB7B6AE14}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3738D-371E-4284-8C79-BEE89BE5AB03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0DFE4F28-5F1E-4AF5-A74F-6067E74F4104}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13648C3F-3503-47DC-9BC8-E6816A0A8DA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tryst demo\gameclient\tryst.exe |
"{1583D137-1AEF-450A-8070-429C0D7C9E2F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip beat\beat.exe |
"{18FCAA90-588E-4060-85E2-F1667CB54023}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{1BEB3E26-E3B2-48D8-968D-308662FBFA00}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{1E4D47ED-F1D4-450A-8294-43B5BA3641DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BDB2119-3886-4F92-BECF-AE548C9E8B12}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe |
"{322760EB-2BED-47D3-A5E7-266745AB804F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{38C43D56-FA18-4899-86F1-A66E0AABDBDE}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |
"{3DB322D2-63BD-4A0D-AB57-A9FE2CE05F2D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{3DC2E6AF-5C87-433A-9C97-C7DD0C4AFA48}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\sync teacher\smartsyncteacher.exe |
"{41E360C4-E7D8-4335-8911-B69AB8589928}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{454AB504-2508-4FC1-A06E-6EC272F32DD1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\thepolynomial\polynomial.exe |
"{4F46ACA4-1FBE-49A5-A6A2-ED6AB0544657}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{51F01522-646B-4AD0-8B19-1BB76B85055F}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\responsesoftwareservice.exe |
"{58DCF549-1C36-4A00-A4B2-75C75B48A1B5}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\sync teacher\smartsyncteacher.exe |
"{68D0F1DB-A938-4C67-8911-DBB333E94002}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A1E7EF2-C095-4D40-A9F0-8ACCFA37BAFF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\thepolynomial\polynomial.exe |
"{6C410626-5168-4FDE-A71D-8734903D34AF}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6C69B4BA-D8C8-4F24-8FE6-5DF292D2247E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CE0C508-37FE-4519-90DE-057D126421E4}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{7024D076-214E-4FD1-A725-FB2D32A66CE3}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |
"{70A914BA-8890-4202-815D-97A12393A669}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7475B1A2-82D8-40C1-A1B2-47765FC9CA7F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79C5437A-B344-4091-90A3-2BB556C3997A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{79E2FEA5-B518-4C36-952C-BE3F1D1DC7BC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucgui.exe |
"{7D46275B-F5CA-4FB1-A0A1-A3A4A3A27021}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F984EE2-AEC0-40C6-AC1D-FBF1F0323578}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |
"{8142AC11-846B-430B-97D9-51227303A298}" = protocol=6 | dir=in | app=c:\users\karo\appdata\roaming\dropbox\bin\dropbox.exe |
"{82B2DC2D-7E77-4A3C-BDEC-8DBEAB7F99BF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{85163D84-D08B-4661-AC28-B59CD78CE1A6}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |
"{86C35234-E285-4862-B222-E40DECECDDB1}" = protocol=17 | dir=in | app=c:\users\karo\appdata\roaming\dropbox\bin\dropbox.exe |
"{882E0CCE-0FE3-437F-B3F7-A9C93D1E160B}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{88C4855A-5D92-47CB-96D6-FF4D613787C9}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\responsesoftwareservice.exe |
"{9AA140A8-1822-4BC1-AFED-99C1E8703525}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{9AF01B65-767F-444F-BBAF-44FD2E13A38E}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucgui.exe |
"{AF7D869B-9CFA-46C3-B21B-120719763DB4}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |
"{B1A07A09-A0B0-4818-875A-A6863ED17593}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C03762AE-BD19-482D-AD1A-967D300DA60C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucservice.exe |
"{C22621FB-8D14-4F41-9780-6A566D658E5E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tryst demo\gameclient\tryst.exe |
"{CBD47241-9811-4E79-92ED-F02B45A3FF94}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip beat\beat.exe |
"{CEF1AF5A-4834-4754-BB1F-28BE60787C60}" = protocol=17 | dir=in | app=c:\program files\smart technologies\classroom teacher\ucservice.exe |
"{DC8D9F59-6A98-4382-B918-941E575950F6}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |
"{E3807BC3-5465-42D6-A849-C3270551BFEB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{E4371B63-37A6-4AED-AF8A-7754E1224244}" = protocol=6 | dir=in | app=c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe |
"{E46D6E0C-480D-491B-8063-1B85356BC44E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{4184C224-050D-46BC-8DFA-D553C8D87E72}C:\users\karo\documents\yuleech-runes_of_magic_4_0_0_2360_full_eu_new.exe" = protocol=6 | dir=in | app=c:\users\karo\documents\yuleech-runes_of_magic_4_0_0_2360_full_eu_new.exe |
"TCP Query User{6217537C-6F59-4A06-9711-A9B342303288}C:\program files\steam\steamapps\nore_ply\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nore_ply\team fortress 2\hl2.exe |
"TCP Query User{A973F791-03AB-416F-B209-38D687581DF4}C:\users\karo\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe" = protocol=6 | dir=in | app=c:\users\karo\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe |
"TCP Query User{D4695F47-D76A-4B83-A8E0-5A45C0EB40E8}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{D4A60F3C-A99F-4CCE-92FC-553B555EDD31}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{D8565A5A-A498-4D2D-9499-FBFAB74CD189}C:\users\karo\documents\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\karo\documents\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{D9CA00F9-52F9-44FF-891A-DED117EEA2E5}C:\program files\steam\steamapps\nore_ply\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\nore_ply\team fortress 2 beta\hl2.exe |
"UDP Query User{7D4142BA-3D66-4048-995D-D3FDF749B237}C:\users\karo\documents\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\karo\documents\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{83D81598-50AD-4A2B-ACE6-53C58CCBF6B6}C:\program files\steam\steamapps\nore_ply\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nore_ply\team fortress 2 beta\hl2.exe |
"UDP Query User{9C2350E6-25A6-4562-ABD4-A5A78741A4D8}C:\program files\steam\steamapps\nore_ply\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\nore_ply\team fortress 2\hl2.exe |
"UDP Query User{A3216BC0-48AC-4874-848D-053CEA26F4F2}C:\users\karo\documents\yuleech-runes_of_magic_4_0_0_2360_full_eu_new.exe" = protocol=17 | dir=in | app=c:\users\karo\documents\yuleech-runes_of_magic_4_0_0_2360_full_eu_new.exe |
"UDP Query User{CCEB5165-F790-4AA4-A9A4-7E1F8F4708A1}C:\users\karo\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe" = protocol=17 | dir=in | app=c:\users\karo\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe |
"UDP Query User{EF123C55-6419-4E87-A6B7-BBE4578CD450}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{F2ABE5F3-6260-430E-82D8-3976DA4E6538}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01008201-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Enzyklopädie 2002
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = Mythos
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B14EF863-8E62-4577-99E3-5B8C358E8D0F}" = SMART Classroom Suite Teacher
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B539E69D-DD59-457D-A926-CF01ACA6D04C}" = Microsoft Image Composite Editor
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"230Patiencen+Editor" = 230Patiencen+Editor
"2385-9868-7018-1536" = Cinderella2 2.6
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"Blender" = Blender
"CamStudio" = CamStudio
"DivX Setup.divx.com" = DivX-Setup
"Ferret Gaming Mouse" = Ferret Gaming Mouse driver
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"Inkscape" = Inkscape 0.46
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"MAGIX music cleaning lab 2005 deLuxe" = MAGIX music cleaning lab 2005 deLuxe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"M-WIN-L 8.0.4 2615665_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.4 2615665)
"Mythos" = Mythos
"Nanosaur Extreme" = Nanosaur Extreme v2.03
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.11.1661" = Opera 12.11
"QtiPlot_is1" = QtiPlot 0.9.8.10
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"Shockwave" = Shockwave
"Steam App 12910" = Audiosurf Demo
"Steam App 17520" = Synergy
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 67000" = The Polynomial
"VLC media player" = VLC media player 1.0.0-git-20090113-0005
"WinDjView" = WinDjView 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.6
"XnView_is1" = XnView 1.97
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.11.2012 13:37:19 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\Drivers\DPInstx64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.11.2012 13:38:16 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\SMARTDocumentCamera\DPInstx64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 14:01:05 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\Drivers\DPInstx64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 14:02:08 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\SMARTDocumentCamera\DPInstx64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.11.2012 14:05:13 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\Drivers\DPInstx64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.11.2012 14:06:12 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\SMARTDocumentCamera\DPInstx64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.11.2012 12:28:37 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\Drivers\DPInstx64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.11.2012 12:29:43 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\SMARTDocumentCamera\DPInstx64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.11.2012 12:33:47 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\Drivers\DPInstx64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.11.2012 12:35:01 | Computer Name = Karo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SMART
Technologies\Classroom Teacher\SMARTDocumentCamera\DPInstx64.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 19.11.2012 09:31:54 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 19.11.2012 11:50:43 | Computer Name = Karo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 20.11.2012 05:38:51 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 20.11.2012 14:51:38 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 20.11.2012 18:00:08 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 21.11.2012 06:25:44 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 21.11.2012 11:52:08 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 22.11.2012 03:26:01 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 22.11.2012 11:38:48 | Computer Name = Karo-PC | Source = DCOM | ID = 10000
Description =
Error - 22.11.2012 12:15:52 | Computer Name = Karo-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report > Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-22 19:00:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 WDC_WD5000AAKS-00V1A0 rev.05.01D05
Running: l2th62gz.exe; Driver: C:\Users\Karo\AppData\Local\Temp\kxldqpog.sys
---- System - GMER 1.0.15 ----
SSDT 8FD28FC6 ZwCreateSection
SSDT 8FD28FD0 ZwRequestWaitReplyPort
SSDT 8FD28FCB ZwSetContextThread
SSDT 8FD28FD5 ZwSetSecurityObject
SSDT 8FD28FDA ZwSystemDebugControl
SSDT 8FD28F67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E96579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82EC2840 4 Bytes [C6, 8F, D2, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 82EC2B9C 4 Bytes [D0, 8F, D2, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82EC2BE0 4 Bytes [CB, 8F, D2, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 82EC2C5C 4 Bytes [D5, 8F, D2, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 82EC2CB0 4 Bytes [DA, 8F, D2, 8F]
.text ...
C:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in "" section [0x97FAB41C]
.clc C:\Program Files\CyberLink\PowerDVD8\000.fcl unknown last code section [0x97FAC000, 0x1000, 0xE0000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ---- |