| |
| |||||||
Log-Analyse und Auswertung: "System Progressive Protection" / "BDS/ZeroAccess.Gen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.01.2013, 16:54
| #1 |
| |  "System Progressive Protection" / "BDS/ZeroAccess.Gen" Hallo liebes Foren-Team, ich hatte heute, während ich im Internet gesurft habe, plötzlich eine Fehlermeldung von Avira. Den genauen Inhalt weiß ich nicht mehr, aber als ich auf "Details" geklickt habe, hat sich plötzlich "System Progressive Protection" geöffnet und einen Suchlauf durchgeführt. Es hat sich auch selbst installiert, insbesondere war ein Symbol auf dem Desktop. Da angeblich 38 auffällige Programme gefunden wurde und mir das Programm nicht bekannt war, bin ich sekptisch geworden und habe nichts weiter angeklickt. Außerdem habe ich sofort die Internet-Verbindung unterbrochen. Ich habe dann Malwarebytes installiert und einen Vollständigen Suchlauf gestartet. (Ergebnis: Log 1). Daraufhin wurden 5 infizierte Dateien gefunden, welche ich über Malwarebytes gelöscht habe (Log 2). Danach habe ich den PC neu gestartet, wie von Malwarebytes verlangt. Zusätzlich erschien parallel zum MalwareBytes-Suchlauf eine erneute Fehlermeldung von Avira, betreffend die Datei "BDS/ZeroAccess.GEN", hier habe ich auf "entfernen geklickt". Danach habe ich MalwareBytes, was zuvor nicht auf dem aktuellsten Stand war, aktualisiert und erneut einen Suchlauf durchgeführt, wobei eine infizierte Datei gefunden wurde (Log 3). Diesmal habe ich sie nicht gelöscht, da ich bereits auf das Forum gestoßen war. Danach habe ich, wie von ihnen vorgegeben "defogger" und OTL runtergeladen und OTL angewendet (Log 4 und Log 5). Den Gmer-Scan habe ich versucht durchzuführen, allerdings brach er zweimal dadurch ab, dass plötzlich ein blauer Bildschirm mit Text erschien, der verschwand jeweils recht schnell und ich habe beide Mal ausgewählt "Windows normal starten". Den Scan habe ich bisher deshalb nicht erfolgreich durchführen können. Ich hoffe Sie können mir weiterhelfen. Für Ihre Hilfe bedanke ich mich im Voraus. LOG 1 Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rebecca :: REBECCA-PC [Administrator] Schutz: Aktiviert 08.01.2013 11:30:07 mbam-log-2013-01-08 (11-30-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 396111 Laufzeit: 1 Stunde(n), 34 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|5E334178A2D21F2000005E32E34C2586 (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\5E334178A2D21F2000005E32E34C2586\5E334178A2D21F2000005E32E34C2586.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\Rebecca\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\5E334178A2D21F2000005E32E34C2586\5E334178A2D21F2000005E32E34C2586.exe (Trojan.FakeAlert.SSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) LOG 2 Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rebecca :: REBECCA-PC [Administrator] Schutz: Aktiviert 08.01.2013 11:30:07 MBAM-log-2013-01-08 (13-07-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 396111 Laufzeit: 1 Stunde(n), 34 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|5E334178A2D21F2000005E32E34C2586 (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\5E334178A2D21F2000005E32E34C2586\5E334178A2D21F2000005E32E34C2586.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Keine Aktion durchgeführt. Infizierte Dateien: 3 C:\Users\Rebecca\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Keine Aktion durchgeführt. C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Keine Aktion durchgeführt. C:\ProgramData\5E334178A2D21F2000005E32E34C2586\5E334178A2D21F2000005E32E34C2586.exe (Trojan.FakeAlert.SSGen) -> Keine Aktion durchgeführt. (Ende) LOG 3 Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.08.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rebecca :: REBECCA-PC [Administrator] Schutz: Aktiviert 08.01.2013 13:15:19 MBAM-log-2013-01-08 (14-46-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399077 Laufzeit: 1 Stunde(n), 26 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Rebecca\AppData\Local\Temp\1131.tmp (Trojan.FakeAlert) -> Keine Aktion durchgeführt. (Ende) LOG 4 - OLTOTL Logfile: Code:
ATTFilter OTL logfile created on: 08.01.2013 15:43:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rebecca\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 51,68% Memory free 7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,57 Gb Total Space | 371,09 Gb Free Space | 82,00% Space Free | Partition Type: NTFS Drive E: | 1,86 Gb Total Space | 1,76 Gb Free Space | 94,32% Space Free | Partition Type: FAT Computer Name: REBECCA-PC | User Name: Rebecca | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.01.08 15:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe PRC - [2012.12.23 16:15:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.08.13 07:59:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.19 12:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe PRC - [2012.06.18 20:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2012.05.08 18:58:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:58:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.26 19:23:16 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.07.25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2011.02.24 06:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011.02.08 07:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.12.03 15:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.03 15:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.12 16:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2011.07.25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.23 16:15:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.19 12:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service) SRV - [2012.06.18 20:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2012.05.08 18:58:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:58:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.01 12:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service) SRV - [2011.05.27 16:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2011.05.24 14:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2011.02.24 06:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011.02.17 08:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.01.20 17:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010.12.23 20:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.23 20:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) SRV - [2010.12.23 20:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.12.03 15:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.03 15:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.29 22:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2010.05.10 21:23:54 | 002,683,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.29 20:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.07.30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.08 18:58:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 18:58:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.11 23:39:42 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.11 23:39:42 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.11 22:01:32 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011.08.11 22:01:32 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.08.11 22:01:32 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.08.11 22:01:32 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.08.11 22:01:31 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler) DRV:64bit: - [2011.07.15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2011.06.10 17:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.04.05 09:36:46 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011.02.07 15:49:38 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR) DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010.12.21 20:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.03 16:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp) DRV:64bit: - [2010.04.09 15:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.04.07 17:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.03.25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 20:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009.02.13 07:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009.02.13 07:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009.02.13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.06.04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV:64bit: - [2006.06.18 15:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {44B11F54-393E-41D4-9286-3F7B644E8605} IE - HKCU\..\SearchScopes\{44B11F54-393E-41D4-9286-3F7B644E8605}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe File not found O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O4 - Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files (x86)\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rebecca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rebecca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF075888-03DF-415A-8635-1AB2107DB1C2}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA50E864-9A03-43FE-BDFA-EAA93080DC7C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk E:\ O33 - MountPoints2\{2df754c7-6db7-11e1-9427-c0f8dae91ae9}\Shell - "" = AutoRun O33 - MountPoints2\{2df754c7-6db7-11e1-9427-c0f8dae91ae9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2df754d5-6db7-11e1-9427-c0f8dae91ae9}\Shell - "" = AutoRun O33 - MountPoints2\{2df754d5-6db7-11e1-9427-c0f8dae91ae9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 15:41:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe [2013.01.08 11:29:10 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\AppData\Roaming\Malwarebytes [2013.01.08 11:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.08 11:29:02 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.08 11:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.08 11:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.08 11:28:04 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\AppData\Local\Programs [2013.01.08 11:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\5E334178A2D21F2000005E32E34C2586 [2012.12.16 16:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Rebecca\Desktop\*.tmp files -> C:\Users\Rebecca\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 15:41:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe [2013.01.08 15:39:41 | 000,050,477 | ---- | M] () -- C:\Users\Rebecca\Desktop\Defogger.exe [2013.01.08 15:38:46 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca\defogger_reenable [2013.01.08 15:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.08 15:01:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cd9e62977e9854.job [2013.01.08 13:19:08 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 13:19:08 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 13:16:57 | 001,745,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.08 13:16:57 | 000,750,034 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.08 13:16:57 | 000,690,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.08 13:16:57 | 000,168,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.08 13:16:57 | 000,138,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.08 13:11:30 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd9e6297065951.job [2013.01.08 13:11:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 13:10:19 | 3140,169,728 | -HS- | M] () -- C:\hiberfil.sys [2013.01.08 11:29:03 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.08 09:18:38 | 000,464,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.19 20:54:08 | 000,019,456 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\WebpageIcons.db [2012.12.16 16:04:39 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.12.16 16:04:39 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.14 08:25:20 | 000,002,372 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Rebecca\Desktop\*.tmp files -> C:\Users\Rebecca\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.08 15:39:41 | 000,050,477 | ---- | C] () -- C:\Users\Rebecca\Desktop\Defogger.exe [2013.01.08 15:38:46 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca\defogger_reenable [2013.01.08 11:29:03 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.16 16:04:39 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.12.16 16:04:39 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.12.12 14:49:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.09 14:42:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Equalizer [2012.06.09 14:42:55 | 000,000,268 | RH-- | C] () -- C:\Users\Rebecca\AppData\Roaming\Electric Clav [2012.06.09 14:42:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.06.09 14:42:55 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers [2012.06.09 14:42:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Error Handlers [2012.06.09 14:42:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Enhance Tuning [2012.06.09 14:42:13 | 000,000,268 | RH-- | C] () -- C:\Users\Rebecca\AppData\Roaming\Electric Piano [2012.06.09 14:42:13 | 000,000,268 | RH-- | C] () -- C:\Users\Rebecca\AppData\Roaming\Effects [2012.06.09 14:42:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.06.09 14:42:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.06.09 14:42:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Fonts [2012.06.09 14:42:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flowers [2011.08.20 08:05:40 | 000,019,456 | ---- | C] () -- C:\Users\Rebecca\AppData\Local\WebpageIcons.db [2011.08.20 07:56:19 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.08.20 07:56:19 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT [2011.08.15 18:53:51 | 000,000,017 | ---- | C] () -- C:\Users\Rebecca\AppData\Local\resmon.resmoncfg [2011.08.15 18:42:56 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.08.15 18:42:56 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.15 18:42:56 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.15 18:42:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.11 23:23:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.11 22:14:25 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2011.08.11 22:13:32 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.08.11 22:13:09 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2011.08.11 22:07:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe [2011.08.11 22:07:25 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.02.11 18:45:27 | 001,723,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-9981871-3159751912-3413882348-1000\$9e26e5d1e76d12eba6866202ba02288e\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.20 09:22:27 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.15 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\gnupg [2011.08.15 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\IrfanView [2012.06.09 14:44:56 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Nikon [2011.10.21 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\PersBackup5 [2012.01.05 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Samsung [2011.10.14 16:20:08 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Swiss Academic Software [2012.01.22 10:20:31 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Temp [2011.08.15 18:21:20 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\vetafab Software GmbH [2011.08.15 18:46:37 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Wave Systems Corp ========== Purity Check ========== < End of report > LOG 5 - ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 15:43:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rebecca\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 51,68% Memory free
7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,57 Gb Total Space | 371,09 Gb Free Space | 82,00% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 1,76 Gb Free Space | 94,32% Space Free | Partition Type: FAT
Computer Name: REBECCA-PC | User Name: Rebecca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BF7782-CE2D-48DB-833F-5274C4DC6810}" = rport=138 | protocol=17 | dir=out | app=system |
"{06229441-F1ED-4991-943F-2F0E1A8A6BFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08EDAB9C-C1F7-4A4D-B943-412A41F03313}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0916CC57-4F45-44AE-82D9-FB63077EE063}" = rport=139 | protocol=6 | dir=out | app=system |
"{0F355CFF-C455-4D08-B032-DF35184B11AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3B05101A-8868-403A-9A45-F9BDC24824FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44D3B395-BA87-4E9C-9C52-9D26301481B8}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{456B12FE-8F9B-46F7-8283-41C8B0AB9231}" = lport=2869 | protocol=6 | dir=in | app=system |
"{541E712F-0B9E-4EF2-98DD-F13385F2C714}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
"{597EF518-1D5A-407E-9062-8FCCE042D2C4}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{5AC77DCC-5E60-4088-826B-F5A459C693E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{644BB7DB-EAE8-4BA1-885C-BD6FB46EAD85}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{708E062F-EE39-4BAA-94B5-7117C2651037}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{88503AAC-F94F-4C51-9868-296818D99C40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{890D9966-AE4B-4FA8-B3E0-B397176745AE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8D36DE28-D8F6-43CC-BEC9-C69A0B45B5DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D4E4449-2FC1-4276-B14F-5260B1F8CA13}" = rport=445 | protocol=6 | dir=out | app=system |
"{9700A92F-86EC-4AA9-AFAF-362E1B5E462C}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B24096C-4AB2-4E40-85C1-140A4081C50A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3C33B8D-ABE0-4644-8517-198113D421FF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9CD8186-C6F2-4009-8F00-B84354A8F717}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE0D7D86-7982-4996-8241-95B771C31E1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0976C8C-5EA2-4F6E-844F-57F49E135F32}" = lport=445 | protocol=6 | dir=in | app=system |
"{B455DD8D-E050-4620-B79C-A51A4DB22F80}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{BB2CA25B-6828-4817-A638-FD6AA97A04AB}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{BBA3F736-10D8-4348-A31D-C4746CCEE747}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0A65E79-A35E-4D39-87F8-A71422BEAD38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9E93887-D174-4A57-8036-BDACEC2359D4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E4EE733E-E3A2-4F70-A656-EB1C6E8CC631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED2102EC-36A5-4E7E-A88D-06EBA83ECF1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED5BCFA6-D350-4C02-8FBD-18A7469E366C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F087BC9C-9A22-409A-AB39-E10330B3A454}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1807377-C01A-42E8-8C4E-6887EC27C335}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A01652-E4F9-4E61-AA2D-34CC0758814A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{08B609FD-2475-49A7-85E9-AB17D350FC43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08DFAA3F-13FE-41B1-9E6C-4CC159376E46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0EA5D6ED-5347-4B04-A141-D46031CC48FB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{15D5A548-052A-4104-ADB9-38DE591F0F5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{28F301E9-4914-4BAB-9662-6A4ED6CE6D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{299BB9E5-FDC3-450B-83FE-4D61BF11ECC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{2B5F3578-6269-44A5-AA3E-AAAD93C5821B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2EE2DDD6-1769-4746-8B76-AE01F98C49BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{3112839A-A8B7-44AF-BB6B-AC71E9DB9E60}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{31ED9B41-6355-42A9-99F9-E418143EB184}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{3B5960BE-8638-48DF-AD26-DABC12B31A22}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{45373F18-7F8C-4C6F-A0BD-2852525B7AD9}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4D31FEBA-0D86-4FCE-98E2-A7D0E17E2B93}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{52C63FB3-B7FA-45E7-A338-B28EDB5AD97F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{56BBC810-F9B2-4943-98FA-2F3834D4D3BB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BCE638E-34E9-4287-93C7-B8DA6E6D2435}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{5DF74F85-2FF7-4151-AF34-B65C8DF26623}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{62260BB0-C161-4D2B-8D8A-4375B8718B28}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{640419B6-B423-4414-BDE3-750375AF839C}" = protocol=6 | dir=out | app=system |
"{66D6E5D4-25AD-4729-A5A9-67A4AA6B6808}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{69DC7BE2-F369-4505-B825-693C193CD18B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{728DB910-ED0D-4AAA-A32B-7D9C0B463D3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{78A8971E-7C5D-4206-88C5-D12A85C3004E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{792BA1E2-44E3-4259-8326-4A1A3CC5C306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8061AC61-1040-4F2C-AAA7-E8A3DD2B7501}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{852286FE-D50F-4324-8635-7DCFC5217D53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{881B8F8B-08F7-4B4B-B50A-B98FA785B308}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{89628C45-45DF-4CF2-BB6D-27D7C26AC633}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{8B2E89DC-C3E5-4B1E-9038-B9663AA7B1AC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{900A4924-7C60-4D38-802D-5F6E838665ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{981A7CEE-CE58-4306-9CDA-565760543661}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{986AF5E0-F8C7-405A-8C89-A6FADD72DC05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9871FA4B-39DC-43C1-A07C-73E649737C5C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{998D6C1E-0E54-4C08-8D54-BBC582B5DF0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{A33FB1A7-0A7C-4783-BA75-6B2AB1C54BC3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A530BABC-BA98-4682-9B6E-93DB27108FEF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A8750F56-08C1-44A3-859A-03B4D13D881B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B1E18B87-B4FC-4209-8849-95E6714432E8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B20B2F28-102E-44FB-BC70-834FB2E59F31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B62E671B-7317-47A7-A20F-720781F81EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{B66DF464-10DB-4A27-B89F-1051DC054EA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B99E14C1-07D4-4D9A-9E3E-6E25B8B2FE98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{BB39D727-7648-4C72-8A55-1415687BD482}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{BE505B14-FBEA-42A9-96C0-9B7B81BDA9F4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C1012AA6-EC39-44EF-BA8B-6815F4C06B65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C45FE2A8-3F67-4984-AD85-E9DAED63FA74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C64ABB45-94CB-42B2-A433-FD34AF1A89C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CA58811F-DEDA-456F-B037-10D09025D8A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE446571-9F15-49E8-8F28-CA5F580EED7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF15D6B5-5369-4AC3-96F7-4ADF2B9CC0BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D3BAEEFA-CB8C-4571-A6F9-57911872EA80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{D5ED7C9F-F16E-47D2-8FA0-67427D8E8289}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1BE406B-ED7B-41DF-BDE7-7B5B09951AEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E32B68FC-30F6-4FBE-A6D1-F120AE805C03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1B05B13-9657-4B45-8113-6F3A069E3226}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F1DCEAAF-79E0-4F17-861A-E14429F44D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F75C9071-B41C-4B60-B1B2-797BE3AA5A4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F94EFFCF-7686-427F-8F5B-C788ADFDAFF4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE9B665E-CB62-45C9-B649-592036C18938}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"TCP Query User{2B0BF3E3-B034-4D52-A0E5-3619B32470F2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{0FB187DF-0003-48E5-A9BB-CFC7C2D6098B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2CA3495A-46E9-4E03-866F-8B9B0AD177CA}" = Microsoft Camera Codec Pack
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{560DCF39-61D1-43B0-86DA-5EFF8F7A5144}" = AuthenTec Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E7CB77-E445-4BB4-A836-67A447ABEAE6}" = lexiCan 3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Google Chrome" = Google Chrome
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"Office14.SingleImage" = Microsoft Office Professional 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"WinLiveSuite" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.11.2012 03:37:29 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7457
Error - 17.11.2012 03:37:29 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7457
Error - 17.11.2012 03:37:30 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.11.2012 03:37:30 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8580
Error - 17.11.2012 03:37:30 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
Error - 17.11.2012 05:14:53 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.11.2012 05:14:53 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061
Error - 17.11.2012 05:14:53 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061
Error - 17.11.2012 05:14:54 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.11.2012 05:14:54 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2153
Error - 17.11.2012 05:14:54 | Computer Name = Rebecca-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153
[ System Events ]
Error - 15.10.2012 13:19:03 | Computer Name = Rebecca-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 15.10.2012 13:19:03 | Computer Name = Rebecca-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 15.10.2012 13:19:07 | Computer Name = Rebecca-PC | Source = bowser | ID = 8003
Description =
Error - 16.10.2012 10:05:16 | Computer Name = Rebecca-PC | Source = DCOM | ID = 10016
Description =
Error - 20.10.2012 13:08:40 | Computer Name = Rebecca-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?10.?2012 um 19:06:58 unerwartet heruntergefahren.
Error - 20.10.2012 13:08:23 | Computer Name = Rebecca-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 20.10.2012 13:09:01 | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 20.10.2012 13:09:14 | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde mit folgendem Fehler
beendet: %%126
Error - 20.10.2012 13:10:13 | Computer Name = Rebecca-PC | Source = DCOM | ID = 10016
Description =
Error - 23.10.2012 04:42:20 | Computer Name = Rebecca-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
08.01.2013, 17:23
| #2 |
| /// TB-Ausbilder  | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast.  Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.Schritt 5: Scan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
__________________ |
|
08.01.2013, 18:54
| #3 |
| | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Vielen Dank für die Hilfe. Hier die gewünschten Angaben:
__________________Avira Fundmeldungen Code:
ATTFilter In der Datei 'C:\Users\Rebecca\AppData\Local\Temp\J5DSK.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Users\Rebecca\AppData\Local\Temp\J5DSK.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
In der Datei 'C:\$Recycle.Bin\S-1-5-21-9981871-3159751912-3413882348-1000\$9e26e5d1e76d12eba6866202ba02288e\n'
wurde ein Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\$Recycle.Bin\S-1-5-21-9981871-3159751912-3413882348-1000\$9e26e5d1e76d12eba6866202ba02288e\n'
wurde ein Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Die Datei 'C:\Users\Rebecca\AppData\Local\Temp\J5DSK.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57695e11.qua' verschoben!
In der Datei 'C:\$Recycle.Bin\S-1-5-21-9981871-3159751912-3413882348-1000\$9e26e5d1e76d12eba6866202ba02288e\n'
wurde ein Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Die Datei 'C:\$Recycle.Bin\S-1-5-21-9981871-3159751912-3413882348-1000\$9e26e5d1e76d12eba6866202ba02288e\n'
enthielt einen Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '577ca2fc.qua' verschoben!
Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:38 on 08/01/2013 (Rebecca)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Scan mit aswMBR Wurde zunächst abgebrochen. Bei Scan mit der Einstellung AV Scan: (none): Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-08 18:20:37
-----------------------------
18:20:37.135 OS Version: Windows x64 6.1.7601 Service Pack 1
18:20:37.135 Number of processors: 4 586 0x2A07
18:20:37.135 ComputerName: REBECCA-PC UserName: Rebecca
18:20:42.813 Initialize success
18:20:48.046 AVAST engine defs: 13010800
18:20:58.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:20:58.358 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
18:20:58.389 Disk 0 MBR read successfully
18:20:58.389 Disk 0 MBR scan
18:20:58.405 Disk 0 Windows VISTA default MBR code
18:20:58.405 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
18:20:58.420 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13468 MB offset 81920
18:20:58.436 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463428 MB offset 27664384
18:20:58.498 Disk 0 scanning C:\Windows\system32\drivers
18:21:13.942 Service scanning
18:21:54.830 Modules scanning
18:21:54.845 Disk 0 trace - called modules:
18:21:54.861 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
18:21:55.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062ef060]
18:21:55.391 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80061918d0]
18:21:55.407 5 stdcfltn.sys[fffff88001b88d12] -> nt!IofCallDriver -> [0xfffffa800508e8c0]
18:21:55.423 7 ACPI.sys[fffff88000d667a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005094050]
18:21:55.438 Scan finished successfully
18:22:05.110 Disk 0 MBR has been saved successfully to "C:\Users\Rebecca\Desktop\MBR.dat"
18:22:05.110 The log file has been saved successfully to "C:\Users\Rebecca\Desktop\aswMBR.txt"
Scan mit dem TDSS-Killer Kein Fund und sehr langer Bericht (23 Seiten im Word-Dokument). Kann bei Bedarf aber noch eingefügt werden. Scan mit DDS+ (mit attach) DSS DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Rebecca at 18:29:47 on 2013-01-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3993.1936 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Rebecca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Rebecca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PERSBA~1.LNK - C:\Program Files (x86)\Personal Backup 5\Persbackup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - C:\Users\Rebecca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{EF075888-03DF-415A-8635-1AB2107DB1C2} : NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{FA50E864-9A03-43FE-BDFA-EAA93080DC7C} : DHCPNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-11 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-8-15 22128]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2011-10-21 27760]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-11 89600]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-21 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-21 110032]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-5-10 2683712]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-10-21 98848]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-5-8 229376]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-8 398184]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-8 682344]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-8-11 8192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-11 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-8-11 27760]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-8-11 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-8-11 39464]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-8-11 292864]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-8-11 172960]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-3-14 76288]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-11 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-8 24176]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-8-11 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-8-11 83560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-3-14 114560]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-3-14 250368]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-8-11 72808]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-01-08 10:29:10 -------- d-----w- C:\Users\Rebecca\AppData\Roaming\Malwarebytes
2013-01-08 10:29:02 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-08 10:29:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-08 10:29:02 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2013-01-08 10:28:04 -------- d-----w- C:\Users\Rebecca\AppData\Local\Programs
2013-01-08 10:22:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EBD2C7C-20E7-4C8F-A28E-5141C4AFABF0}\offreg.dll
2013-01-08 10:10:49 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EBD2C7C-20E7-4C8F-A28E-5141C4AFABF0}\mpengine.dll
2013-01-08 10:09:54 -------- d-----w- C:\ProgramData\5E334178A2D21F2000005E32E34C2586
2013-01-03 08:41:12 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-03 08:41:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-03 08:41:11 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-03 08:41:10 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-13 07:43:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
==================== Find3M ====================
.
2012-12-23 15:15:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-23 15:15:59 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 18:30:42,16 ===============
--- --- --- Attach Code:
ATTFilter UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 15.08.2011 12:50:36
System Uptime: 08.01.2013 16:44:29 (2 hours ago)
.
Motherboard: Dell Inc. | | 0675PR
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU 1 | 975/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 371,869 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP141: 24.11.2012 18:49:33 - Windows Update
RP142: 01.12.2012 11:24:24 - Windows Update
RP143: 07.12.2012 12:17:07 - Windows Update
RP144: 11.12.2012 10:33:51 - Windows Update
RP145: 15.12.2012 16:52:38 - Windows Update
RP146: 23.12.2012 16:02:40 - Windows Update
RP147: 28.12.2012 14:52:00 - Windows Update
RP148: 01.01.2013 12:33:50 - Windows Update
RP149: 03.01.2013 09:40:17 - Windows Update
RP150: 08.01.2013 11:10:24 - Windows Update
RP152: 08.01.2013 11:22:14 - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
AccelerometerP11
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
Avira Free Antivirus
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BufferChm
C4USelfUpdater
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
center
Cisco Systems VPN Client 5.0.07.0290
Citavi
Conexant HDA D330 MDC V.92 Modem
Copy
Custom
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
Dell System Manager
Dell Touchpad
Dell Webcam Central
DellAccess
Destinations
DeviceDiscovery
Digital Line Detect
DirectX 9 Runtime
DJ_AIO_03_F2200_Software_Min
DocProc
EMBASSY Security Center
essentials
F2200
Free YouTube to MP3 Converter version 3.10.8.815
Gemalto
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi-Software
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 24 (64-bit)
Junk Mail filter update
Kodak AIO Printer
KODAK All-in-One Software
lexiCan 3
Malwarebytes Anti-Malware Version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x64) ENU
Microsoft Sync Framework 2.0 Provider Services (x64) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Partner
Modem Diagnostic Tool
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NAVIGON Fresh 3.3.2
Netwaiting
Nikon Message Center 2
Nikon Movie Editor
NTRU TCG Software Stack
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
ocr
OCR Software by I.R.I.S. 13.0
PC-CCID
PDF24 Creator 5.2.0
Personal Backup 5.3
PhotoShowExpress
Picasa 3
Picture Control Utility x64
Preboot Manager
PreReq
Private Information Manager
QuickTime
RBVirtualFolder64Inst
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
SPBA 5.9
Status
SyncToy 2.1 (x64)
Toolbox
TrayApp
Trusted Drive Manager
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Upek Touchchip Fingerprint Reader
ViewNX 2
Wave Infrastructure Installer
Wave Support Software Installer
WebReg
WIDCOMM Bluetooth Software
Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zattoo4 4.0.5
.
==== End Of File ===========================
GMER-Scan Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-08 18:43:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0001 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Rebecca\AppData\Local\Temp\pwliqfow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074ee2da4 5 bytes JMP 0000000164519eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074efcbf3 5 bytes JMP 0000000164668fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074efcfca 5 bytes JMP 0000000164471893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074f1cb0c 5 bytes JMP 0000000164668f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074f1ce64 5 bytes JMP 000000016466901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074f2fbd1 5 bytes JMP 0000000164668ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074f2fc9d 5 bytes JMP 0000000164668e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074f2fcd6 5 bytes JMP 0000000164668dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074f2fcfa 5 bytes JMP 0000000164668d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000746793ec 5 bytes JMP 00000001646691d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000070e1388e 5 bytes JMP 0000000164669080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070eb7922 5 bytes JMP 0000000164669128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5596] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000754a2694 5 bytes JMP 00000001646693c8
? C:\Windows\system32\mssprxy.dll [5596] entry point in ".rdata" section 00000000700e71e6
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000076ef25fd 6 bytes JMP 0000000164538042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000076f02a63 6 bytes JMP 00000001644d9805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000746c34b5 5 bytes JMP 00000001644d75db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a29 5 bytes JMP 00000001645403cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074edd22e 5 bytes JMP 00000001644e363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074ee291f 5 bytes JMP 00000001644bddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074ee2da4 5 bytes JMP 0000000164519eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074ee6285 5 bytes JMP 0000000164537fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ee7603 5 bytes JMP 00000001645125ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074eeb029 5 bytes JMP 0000000164669358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074eec63e 5 bytes JMP 0000000164669390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074ef50ed 5 bytes JMP 0000000164669a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074ef5246 5 bytes JMP 00000001646692e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074efb99c 5 bytes JMP 0000000164669d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074efc701 5 bytes JMP 0000000164669a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074efcbf3 5 bytes JMP 0000000164668fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074efcfca 5 bytes JMP 0000000164471893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074efeb96 5 bytes JMP 00000001644bded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074eff52b 5 bytes JMP 000000016455ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!SendInput 0000000074efff4a 5 bytes JMP 000000016466a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000074f010dc 5 bytes JMP 0000000164669320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000074f014b2 5 bytes JMP 000000016466a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074f19cfd 5 bytes JMP 000000016466a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074f1cb0c 5 bytes JMP 0000000164668f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074f1ce64 5 bytes JMP 000000016466901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074f2fbd1 5 bytes JMP 0000000164668ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074f2fc9d 5 bytes JMP 0000000164668e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074f2fcd6 5 bytes JMP 0000000164668dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074f2fcfa 5 bytes JMP 0000000164668d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074f302bf 5 bytes JMP 000000016466a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000747c6143 5 bytes JMP 0000000164669784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074613e59 5 bytes JMP 000000016466987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074613eae 5 bytes JMP 00000001646698fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074614731 5 bytes JMP 00000001646697ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074615dee 5 bytes JMP 000000016466989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000746793ec 5 bytes JMP 00000001646691d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000070e1388e 5 bytes JMP 0000000164669080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070eb7922 5 bytes JMP 0000000164669128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000754933a3 5 bytes JMP 000000016466946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000754a2694 5 bytes JMP 00000001646693c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3012] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000754ae8ff 5 bytes JMP 0000000164669538
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000076ef25fd 6 bytes JMP 0000000164538042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000076f02a63 6 bytes JMP 00000001644d9805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000746c34b5 5 bytes JMP 00000001644d75db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a29 5 bytes JMP 00000001645403cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074edd22e 5 bytes JMP 00000001644e363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074ee291f 5 bytes JMP 00000001644bddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074ee2da4 5 bytes JMP 0000000164519eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074ee6285 5 bytes JMP 0000000164537fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ee7603 5 bytes JMP 00000001645125ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000074eeb029 5 bytes JMP 0000000164669358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000074eec63e 5 bytes JMP 0000000164669390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000074ef50ed 5 bytes JMP 0000000164669a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000074ef5246 5 bytes JMP 00000001646692e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!EndDialog 0000000074efb99c 5 bytes JMP 0000000164669d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000074efc701 5 bytes JMP 0000000164669a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000074efcbf3 5 bytes JMP 0000000164668fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074efcfca 5 bytes JMP 0000000164471893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074efeb96 5 bytes JMP 00000001644bded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074eff52b 5 bytes JMP 000000016455ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!SendInput 0000000074efff4a 5 bytes JMP 000000016466a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000074f010dc 5 bytes JMP 0000000164669320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000074f014b2 5 bytes JMP 000000016466a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074f19cfd 5 bytes JMP 000000016466a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000074f1cb0c 5 bytes JMP 0000000164668f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000074f1ce64 5 bytes JMP 000000016466901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000074f2fbd1 5 bytes JMP 0000000164668ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000074f2fc9d 5 bytes JMP 0000000164668e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074f2fcd6 5 bytes JMP 0000000164668dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074f2fcfa 5 bytes JMP 0000000164668d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074f302bf 5 bytes JMP 000000016466a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000747c6143 5 bytes JMP 0000000164669784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074613e59 5 bytes JMP 000000016466987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074613eae 5 bytes JMP 00000001646698fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074614731 5 bytes JMP 00000001646697ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074615dee 5 bytes JMP 000000016466989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000746793ec 5 bytes JMP 00000001646691d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000070e1388e 5 bytes JMP 0000000164669080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070eb7922 5 bytes JMP 0000000164669128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000754933a3 5 bytes JMP 000000016466946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000754a2694 5 bytes JMP 00000001646693c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4812] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000754ae8ff 5 bytes JMP 0000000164669538
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000746c87b1 5 bytes JMP 000000016011856d
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000747c6143 5 bytes JMP 000000016064fa9a
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074613e59 5 bytes JMP 00000001601497d1
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074613eae 5 bytes JMP 0000000160157641
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074614731 5 bytes JMP 00000001601565d9
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074615dee 5 bytes JMP 000000016017da4f
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074601401 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074601419 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074601431 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007460144a 2 bytes [60, 74]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746014dd 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746014f5 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007460150d 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074601525 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007460153d 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074601555 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007460156d 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074601585 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007460159d 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746015b5 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746015cd 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746016b2 2 bytes [60, 74]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746016bd 2 bytes [60, 74]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2408:3600] 000000001000e2eb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2408:3800] 00000000014f66e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2408:3804] 00000000014f66e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2408:3816] 00000000014f66e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2408:3820] 00000000014f2560
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4516:4544] 0000000065318f84
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4516:3020] 000000006531925e
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4516:4520] 0000000065318bd0
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2408] 0000000075670000
Library ? (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2968] 00000000726c0000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1848] 000007fef7520000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [4764] 00000000726c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4516] 00000000737f0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6684] 000007fefc5a0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dae91ae9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dae91ae9 (not active ControlSet)
---- EOF - GMER 2.0 ----
|
|
08.01.2013, 19:08
| #4 | |
| /// TB-Ausbilder | "System Progressive Protection" / "BDS/ZeroAccess.Gen" In Ordnung, dann weiter: Schritt 1: Deinstallation von Programmen Schritt 2: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 3: AdwCleaner: Werbeprogramme suchen und löschen Schritt 4: Temporäre Dateien löschen mit TFC Schritt 5: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 20:57
| #5 |
| | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Ok, ich habe die Schritte alle ausgeführt. Hier die Logs: AdwCleaner Code:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 19:49:58 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Rebecca - REBECCA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rebecca\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [1118 octets] - [08/01/2013 19:49:58]
########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########
ComboFix Code:
ATTFilter ComboFix 13-01-08.01 - Rebecca 08.01.2013 20:36:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3993.2151 [GMT 1:00]
ausgeführt von:: c:\users\Rebecca\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Rebecca\4.0
c:\users\Rebecca\AppData\Local\assembly\tmp
c:\users\Rebecca\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\windows\SysWow64\instsrv.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-08 bis 2013-01-08 ))))))))))))))))))))))))))))))
.
.
2013-01-08 10:29 . 2013-01-08 10:29 -------- d-----w- c:\users\Rebecca\AppData\Roaming\Malwarebytes
2013-01-08 10:29 . 2013-01-08 10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 10:29 . 2013-01-08 10:29 -------- d-----w- c:\programdata\Malwarebytes
2013-01-08 10:29 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 10:28 . 2013-01-08 10:28 -------- d-----w- c:\users\Rebecca\AppData\Local\Programs
2013-01-08 10:22 . 2013-01-08 10:22 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EBD2C7C-20E7-4C8F-A28E-5141C4AFABF0}\offreg.dll
2013-01-08 10:10 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EBD2C7C-20E7-4C8F-A28E-5141C4AFABF0}\mpengine.dll
2013-01-08 10:09 . 2013-01-08 12:08 -------- d-----w- c:\programdata\5E334178A2D21F2000005E32E34C2586
2013-01-03 08:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-03 08:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-03 08:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-03 08:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 07:43 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 15:15 . 2012-05-09 14:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-23 15:15 . 2012-05-09 14:05 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-15 15:57 . 2011-08-15 16:44 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-12-01 10:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-01 10:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-01 10:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-07-26 958352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-07-26 3507088]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-07-26 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-18 2234840]
.
c:\users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
Persbackup.lnk - c:\program files (x86)\Personal Backup 5\Persbackup.exe [2011-10-21 4050944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-11 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-11 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-11 39464]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 250368]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-18 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 76288]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 15:15]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9e6297065951.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 17:20]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd9e62977e9854.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 15:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 15:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Rebecca\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{EF075888-03DF-415A-8635-1AB2107DB1C2}: NameServer = 193.189.244.225 193.189.244.206
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-08 20:50:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-08 19:50
.
Vor Suchlauf: 14 Verzeichnis(se), 404.763.545.600 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 404.127.625.216 Bytes frei
.
- - End Of File - - 865CA9DBF2497C71A89C5676137F69A2
|
|
08.01.2013, 21:13
| #6 |
| /// TB-Ausbilder | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Sehr schön. Bevor es weitergeht: Hast du noch Probleme mit dem Rechner?
__________________ --> "System Progressive Protection" / "BDS/ZeroAccess.Gen" |
|
08.01.2013, 21:18
| #7 |
| | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Nein, ich habe keine Probleme bemerkt. Allerdings hatte ich die ganze Zeit keine Probleme, wie andere leute sie hier gepostet haben (z.B. dass andere Programme blockiert werden). Bei mir haben alle Programme die ganze Zeit funktioniert. Ich habe nur durch die Avira-Meldung und durch das automatische Öffnen des "System Progressive Protection" gemerkt, dass etwas nicht stimmt. |
|
08.01.2013, 21:22
| #8 |
| /// TB-Ausbilder | "System Progressive Protection" / "BDS/ZeroAccess.Gen" ... und das öffnet sich jetzt nicht mehr?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
08.01.2013, 21:25
| #9 |
| | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Nein, das hatte sich nur ganz am Anfang geöffnet. Nachdem ich durch Malwarebytes mehrere infizierte Dateien gelöscht habe war auch das Symbol auf dem Desktop verschwunden, welches sich da selbst installiert hatte. |
|
08.01.2013, 21:33
| #10 |
| /// TB-Ausbilder | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Wichtig: Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.01.2013, 10:08
| #11 |
| | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Ok, habe die Scans durchgeführt. Hier die Logs: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rebecca :: REBECCA-PC [Administrator] Schutz: Aktiviert 09.01.2013 08:13:36 mbam-log-2013-01-09 (08-13-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214049 Laufzeit: 4 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Nichts gefunden SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.5.502.135 Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
09.01.2013, 16:27
| #12 |
| /// TB-Ausbilder | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Mache bitte ein Update deines Virenscanners auf die aktuelle Version. Abschließend noch Tipps zu folgenden Themen:
Lesestoff: Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff: Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff: Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff: Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.01.2013, 16:35
| #13 |
| /// TB-Ausbilder | "System Progressive Protection" / "BDS/ZeroAccess.Gen" Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu "System Progressive Protection" / "BDS/ZeroAccess.Gen" |
| 7-zip, antivir, autorun, bho, bildschirm, bonjour, converter, dell computer, entfernen, error, flash player, format, gmer-scan, install.exe, internet, logfile, plug-in, recycle.bin, registry, rogue.systemprogressiveprotection, rundll, server, software, svchost.exe, system, trojan.fakealert, trojan.fakealert.ssgen, udp, windows |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
