| |
| |||||||
Log-Analyse und Auswertung: Yahoo Account macht sich selbstständig - Virensuche erfolglosWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2013, 16:52
| #1 |
| |  Yahoo Account macht sich selbstständig - Virensuche erfolglos Hallo, heute morgen hat sich mein Yahoo-Account verselbstständigt und E-Mails mit einem Link an mein komplettes Adressbuch verschickt. Die Mails sind auf meinem PC im gesendet-Ordner, ich hab mein PW geändert und vorsichtshalber das Adressbuch gelöscht, auch wenn das wohl jetzt nicht mehr viel bringt. Ich greife auf meinen Account mit dem Firefoxbrowser zu, außerdem von verschiedenen Computern und übers Handy. (Da die Mails aber auf meinem Heim-PC im Gesendet-Ordner sind, verdächtige ich diesen als Übeltäter) Ich habe mein Norton-Anti-Virus und Malwarebytes Anti-Malware drüber laufen lassen. Beide haben nichts Verdächtiges finden können. Ich sichere gerade meine Daten auf eine externe Festplatte, da die aber auch jetzt an meinem Heim-PC hängt, bringt das auch net viel wenn ich den PC neu aufsetze... Deswegen würde ich gerne versuchen den Übeltäter auf andere Weise zu finden. Bei meiner Internetsuche bin ich dann auf dieses Forum gestoßen. (Quelle: Google  )Andere verdächtige Aktivitäten sind mir keine aufgefallen. System läuft normal. Ich bin eigentlich auch immer sehr vorsichtig aber irgendetwas muss die Mails ja verschickt haben. Ich bitte um Hilfe!  Vielen Dank im Voraus! lg Myriam PS: Ich war zwar fest der Meinung im Forum "Plagegeister ..." meinen Thread zu eröffnen... aber anscheinend bin ich da verrutscht. Kann den Beitrag aber auch net löschen oder verschieben? Ich hab inzwischen auch die OTL & GMER Anweisungen gesehen und durchgeführt. Sorry aber ich habe vor meinem ersten Post auf der Hinweisseite nicht weit genug runtergescrollt ^^ Also nachfolgend die drei Log-Dateien: OTL Code:
ATTFilter OTL logfile created on: 12.04.2013 18:09:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myriam\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19412) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,24% Memory free 6,20 Gb Paging File | 3,76 Gb Available in Paging File | 60,65% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 450,69 Gb Total Space | 198,03 Gb Free Space | 43,94% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS Drive F: | 596,02 Gb Total Space | 542,09 Gb Free Space | 90,95% Space Free | Partition Type: FAT32 Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 18:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myriam\Downloads\OTL.exe PRC - [2013.04.12 12:34:03 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.04.12 12:06:41 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.11.01 21:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2010.08.03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.08.03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.08.03 09:44:06 | 000,498,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe PRC - [2010.08.03 09:43:56 | 000,477,768 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe PRC - [2010.08.03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.08.03 09:42:52 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe PRC - [2010.08.03 09:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe PRC - [2009.05.04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe PRC - [2009.04.17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.04.07 18:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe PRC - [2008.08.23 09:54:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008.05.02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 03:42:18 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe PRC - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe PRC - [2008.05.02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:25:18 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPSideShowGadget.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.12 10:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007.09.12 10:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.08.23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 12:34:00 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.04.12 12:06:41 | 016,032,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll MOD - [2011.04.28 19:39:18 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2008.08.23 09:54:17 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2007.08.23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher) SRV - [2013.04.12 12:34:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV) SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2009.05.04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service) SRV - [2009.04.17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc) SRV - [2008.05.14 11:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2008.05.14 11:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2008.05.14 11:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.12 10:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys -- (jnv4_mib) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.01.18 16:39:36 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130411.032\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.18 16:39:36 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130411.032\NAVENG.SYS -- (NAVENG) DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.12.24 00:28:44 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.12.24 00:28:44 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.12.21 19:04:02 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130411.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.12.13 15:28:42 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.12.13 15:26:36 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2012.12.13 15:26:36 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys -- (ccSet_NAV) DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA) DRV - [2012.04.18 04:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symtdiv.sys -- (SYMTDIv) DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys -- (SymIRON) DRV - [2012.03.26 23:10:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp) DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2011.02.07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2008.04.01 16:48:14 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.02.29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.09.12 10:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.09.12 10:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.03.01 10:25:12 | 000,008,704 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0080815 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sacajewia.yfw24.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{D348BADA-AED4-422D-84DE-B8C9BDA6386C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.sacajewia.yfw24.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.01 10:59:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M] [2010.04.15 14:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions [2008.10.06 22:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions\info@zla.bs [2013.01.03 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions [2011.04.07 19:15:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.08 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 12:34:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.01 14:06:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.01 14:06:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.01 14:06:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.01 14:06:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.01 14:06:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.01 14:06:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.11 18:01:33 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 129.187.254.28 asa-cluster.lrz.de O1 - Hosts: 129.187.254.28 asa-cluster.lrz.de O1 - Hosts: 129.187.254.28 asa-cluster.lrz.de O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD226102-D412-4584-BE6A-F573DAD411F6}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{03beb4c8-9fb9-11df-aff4-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\installer.exe O33 - MountPoints2\{35e3ee55-70e3-11dd-8fb6-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{35e3ee55-70e3-11dd-8fb6-001e4ccc83fe}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe O33 - MountPoints2\{35e3ee5d-70e3-11dd-8fb6-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{35e3ee5d-70e3-11dd-8fb6-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{5c8f1820-76ea-11de-be8c-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{5c8f1820-76ea-11de-be8c-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5c8f1828-76ea-11de-be8c-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{5c8f1828-76ea-11de-be8c-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61f3db21-2b89-11e0-a7ff-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{61f3db21-2b89-11e0-a7ff-001e4ccc83fe}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta O33 - MountPoints2\{ee718ece-4d09-11e2-952a-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{ee718ece-4d09-11e2-952a-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f656c8c2-f58a-11e1-8088-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{f656c8c2-f58a-11e1-8088-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\SUPERAntiSpyware.com [2013.04.12 12:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.04.12 12:22:46 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Malwarebytes [2013.04.12 12:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.12 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.12 12:22:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.12 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2013.03.20 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Local\Macromedia [2013.03.20 13:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.20 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.03.20 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.03.20 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013.03.20 12:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity [2013.03.20 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Audacity [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 18:08:16 | 000,000,000 | ---- | M] () -- C:\Users\Myriam\defogger_reenable [2013.04.12 17:36:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.12 17:25:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 17:25:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 17:25:27 | 000,002,016 | ---- | M] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37} [2013.04.12 14:37:49 | 000,102,912 | ---- | M] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 13:54:18 | 000,691,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.12 13:54:18 | 000,649,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.12 13:54:18 | 000,154,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.12 13:54:18 | 000,126,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.12 12:30:05 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job [2013.04.12 12:25:36 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job [2013.04.12 12:25:14 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.12 12:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.12 07:21:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.12 03:23:01 | 000,358,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.12 03:22:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 03:20:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.11 18:01:33 | 000,000,878 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.05 15:57:38 | 000,000,965 | ---- | M] () -- C:\Users\Myriam\Desktop\Dropbox.lnk [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 13:14:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.20 11:18:31 | 000,000,806 | ---- | M] () -- C:\Users\Myriam\Desktop\Audacity.lnk [2013.03.20 10:18:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000015B3.LCS [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 18:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Myriam\defogger_reenable [2013.04.12 17:25:25 | 000,002,016 | ---- | C] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37} [2013.04.12 12:25:37 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job [2013.04.12 12:25:36 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job [2013.04.12 12:25:14 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.12 12:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.20 13:14:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.20 11:18:31 | 000,000,806 | ---- | C] () -- C:\Users\Myriam\Desktop\Audacity.lnk [2013.03.19 17:10:02 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000015B3.LCS [2013.01.18 16:57:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2012.10.04 20:07:25 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.09.26 21:36:19 | 000,001,574 | ---- | C] () -- C:\Users\Myriam\.recently-used.xbel [2011.01.27 15:46:48 | 000,000,680 | ---- | C] () -- C:\Users\Myriam\AppData\Local\d3d9caps.dat [2010.10.27 11:15:55 | 000,001,940 | ---- | C] () -- C:\Users\Myriam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.03.12 14:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Myriam\AppData\Local\fusioncache.dat [2010.03.10 23:29:52 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.03.10 23:28:30 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.07 20:10:05 | 039,048,624 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_image32.Cache [2008.10.07 20:10:04 | 002,375,716 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_audio.Cache [2008.08.28 17:35:31 | 000,000,270 | ---- | C] () -- C:\Users\Myriam\AppData\Roaming\wklnhst.dat [2008.08.23 15:19:35 | 000,102,912 | ---- | C] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.10.13 16:52:51 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ankh [2009.04.11 15:01:49 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ankh - Heart of Osiris [2013.03.30 19:49:45 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Audacity [2011.08.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Awem [2012.02.21 12:50:32 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\com.llingo.tha-l00-trl [2013.04.11 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Dropbox [2012.07.11 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\DVDFab [2009.11.20 01:03:31 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\everlight [2013.03.01 19:11:19 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\F4 [2011.09.26 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\gtk-2.0 [2010.08.02 01:13:00 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Imperium Romanum [2013.02.28 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\mp3DirectCut [2011.03.02 20:40:36 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\MysteryStudio [2008.12.17 16:37:56 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\NAVIGON [2011.04.28 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\OpenOffice.org [2011.08.29 12:11:51 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Peace Craft [2011.08.28 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\PoBros [2013.03.19 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\ProtectDisc [2010.01.15 19:09:32 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\SecondLife [2008.08.31 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Serif [2013.04.05 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Temp [2010.02.24 23:29:53 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Template [2009.08.16 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\The Longest Journey [2011.09.14 18:37:03 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Tropico 3 [2011.03.02 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ubisoft [2010.03.11 00:34:26 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\VistaCodecs [2009.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Vodafone [2012.04.07 16:23:06 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\wargaming.net [2009.09.20 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Wildlife Park 2 [2008.10.06 22:34:22 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\ZLabs ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 18:09:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,24% Memory free
6,20 Gb Paging File | 3,76 Gb Available in Paging File | 60,65% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 198,03 Gb Free Space | 43,94% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
Drive F: | 596,02 Gb Total Space | 542,09 Gb Free Space | 90,95% Space Free | Partition Type: FAT32
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8F8E2D-677E-4047-AA24-CA20D9DE3D74}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CC2F914-B5BC-4F42-AB32-A4D3311CEDCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D39A2B5-68C0-47B7-B6FC-BFCFC468A03A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1246FBDC-1E0B-47FB-BEFA-27750678113B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{46ED7DAB-D7FC-48A2-BACD-DD6E7089D769}" = rport=10243 | protocol=6 | dir=out | app=system |
"{507D743D-BD98-4431-9746-96229266CF0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51E40662-C5FB-42D1-991A-4DFD7AAA4816}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61003B25-8C50-428D-AB20-34758EBAF052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6278AC08-C05C-4659-B674-60A5EABC3B7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6960348A-6A51-44E1-9781-79893ABADB2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B44C1BE-7358-41C9-B4EE-599EBA4A07C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{76B0B33F-F528-4E84-8EDC-B94982E1F27F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7AAB8082-F175-487B-BFEB-60F3065E0F1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{816D2907-EA11-4362-8471-69B8B93AFAA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{92FFA179-BEF6-42AC-A845-54753E9A1A9E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{A9A941B6-80A4-463C-B872-8441D12A7B82}" = rport=138 | protocol=17 | dir=out | app=system |
"{D28D7570-029C-49F9-923F-C0E7B7F77882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D51247CA-AD98-4616-B05E-4E2A46ED25F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9C9BB91-D863-4E02-9610-E8187FC54B64}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{E225B8D8-121C-4EFF-95FC-232056FCB729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEB79099-BAC0-41F9-A269-16FD6DA148F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F00DC730-88B6-467A-BAFB-DB64E231F7E1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F019CF87-942B-42C1-AD85-336605D53FC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{F820B161-F58B-4943-A256-13CC521465A3}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015EAFED-D196-40D7-9BB7-05F7DB0954E8}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{07DC966F-AF57-42F2-93EC-598474FC7D26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13C46594-FA44-47C4-9EAA-F7F7E282F81A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{17D20452-9800-4DD9-84D3-B2F4EC34184A}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{18AACA02-7B95-4E5A-80ED-85FC8BCA1B7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E9400D8-BAE5-4B54-819F-E755ADD212C4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{2176A2EE-E56A-48F5-8B5A-59346CE609F4}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{26F75F16-F043-45EA-8308-3A4C8C8C4FA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{30B0C95A-A486-4899-BE43-619A3B15DC7A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3188185F-2D62-4205-A8C8-B71D734E40DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe |
"{367650DE-B9EE-44D7-BBC7-87DADEE68E30}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{385A4E4F-3B79-4504-B684-115EC5281BBF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{437CAFD3-5780-456C-B9EE-089A8F708549}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45F7D31F-9318-4B15-9657-734AC3FB5E67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4751E395-79B0-4330-96CE-39BD2880BEB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4ACEE7D6-8C43-4D7A-859E-86FED02005EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{55173B6F-586B-424A-A2EB-51D1C1BA4908}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5674A47E-0EC6-40A5-8688-EF39B3143892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61F4A8BD-E03A-4D43-8937-5C76ADC4B7AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A2521AF-3FF6-4195-AB63-42F7B507F4C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71256B30-870D-481F-AD31-4F33B5D1FF78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FD5E20B-37B7-4795-A441-3A5003FA32AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FD873D7-B15B-415E-8444-7305B024B4CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{81B0BCCD-3476-4AAC-907A-A993CDD5E84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{8A0B390D-E738-4EAA-8D70-9812AE4FFA18}" = protocol=6 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe |
"{8D70644F-DDE7-4571-AA65-D5BA9F0E096B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{8E25BCB3-455B-4ED3-B085-6C1C177B5792}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{91B76FAB-B8DA-4F8A-A98B-4D1E3EAA1ADF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{995F8E31-62AE-4A86-B286-E4E9FDB41878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{996C5683-5301-4016-B7BC-3FD8098E0344}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{99A4B8A9-D14E-4038-8E83-1FB7F800C6A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9C28CE91-5AE9-43C9-A9BC-9AE708FF6A22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9F2CEAA9-FD44-4559-9F9D-EFF151050EC3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A0CD47D7-5B95-43D1-B046-53063E706EDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A2993279-8E58-4804-BEB1-6ABC83E03BD9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{A3D04630-24B7-4C10-B62F-2DD661C2C750}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A55E4E44-6B42-49A4-9457-CA1A361821D9}" = protocol=17 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3521D14-5E51-405D-A4A6-A2ACEAB1E914}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F44E35-E34D-4384-94FE-35A1D8912FA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe |
"{D26900B8-638F-4C78-92E4-17B718901F31}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DBE48E50-7845-4C36-BB3B-ABD5A6B87FC8}" = protocol=6 | dir=out | app=system |
"{E0DAF8DE-1037-4C58-A7F7-F418738E24A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4154EED-EF2C-47BE-AC8C-754B8E2A1306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9A00FF0-995F-4993-886B-80513749D2AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA4FCE7C-A19A-48DB-A45C-2EF63793E92D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC80D682-CADE-4486-A4A9-610BA5704BE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEE4C139-2C19-4C13-9A9D-0A6496DEC567}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F0F471BE-9405-42C3-8C2C-05FFB83D6083}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F13DA791-72CC-493E-A137-EA6C9DDAD72A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F41EE4B1-AE3B-4144-B6F6-84C838A8D0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4EE3612-6280-4596-998B-8317E2022087}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{FA50FB17-2975-4BB8-8D49-7E05D16073FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF171E50-BC2F-4CDC-944A-5AD6981DE397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{15EA6954-DC5F-4FFE-9F99-4723A59A7489}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{225AE057-4BFF-4FA9-9C29-7ED5621E80A5}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{3ECFD284-C5C5-4701-B75A-8EF249D05C05}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{43B63FAB-7A1A-4950-ACF7-6E113D7F83D4}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{4920D7BB-0C6C-431E-9029-79044BD61ED6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5CB060C1-4B2D-4243-8E58-9E2ABF2B3D43}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{5FCCF948-FB48-4861-9384-51C777EAED63}C:\users\myriam\downloads\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe |
"TCP Query User{74C8D1F1-4980-4FCC-AF88-532944F43415}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{AB399E19-7F47-4CA3-AD21-6C237236F08A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{C82C56EA-6252-4FB1-9741-F3E9DAC58065}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{CE606602-90A2-4F64-BBBB-6528E452D021}C:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"TCP Query User{D92F0F33-47D8-4046-807E-DF026547032A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{EC4CA91E-1EFD-4171-8730-4E4719D83094}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{00D8DCE6-ABC6-4D4F-B259-123EE5B9B1AE}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{3B2DB38F-F922-44F9-9D86-9B763454FEDB}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{3B3A35D8-42E0-4E73-9280-13D50C5F90D0}C:\users\myriam\downloads\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe |
"UDP Query User{3C83304D-6010-4FD6-A2FC-F4B1FBABB74C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{3D4E8D28-6583-4F3F-ABB6-61F7D0BB8D33}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{50AA09BD-BFA4-431F-816C-98CE0E2F3BDC}C:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"UDP Query User{646E7007-8F04-4A61-8FDC-183EAABC9BAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{65AC74DF-E366-4912-BAF3-5BF615C5F6D5}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{6D0E4FAD-8789-4B9C-9BE4-8297132442D7}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{A6A49604-E714-4DDE-BF26-AC964A7569B6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B8AE7ACA-D04F-476E-8479-26BA1A0A5F67}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{D8E4F352-81EC-4EDD-8008-23D8FEA2607D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{FF3DD940-C197-4E0A-885B-83B62874F008}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07222CAA-F008-48D1-B09F-3F23FCCD610C}" = IBM SPSS Statistics 19 Help Packs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = Kodak All-in-One-Druckersoftware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Bink and Smacker" = Bink and Smacker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"f42012" = f4 2012
"Google Desktop" = Google Desktop
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NAVIGON Fresh" = NAVIGON Fresh 1.6.2
"NAVIGON Sync" = NAVIGON Sync 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.07.2010 06:08:21 | Computer Name = Myriam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EKDiscovery.exe, Version 4.0.0.1, Zeitstempel
0x499f1d83, fehlerhaftes Modul EKDiscovery.exe, Version 4.0.0.1, Zeitstempel 0x499f1d83,
Ausnahmecode 0xc0000005, Fehleroffset 0x00008e30, Prozess-ID 0x”±Ú ”±Ú $, Anwendungsstartzeit
”±Ú ”±Ú $.
Error - 14.07.2010 06:42:46 | Computer Name = Myriam-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.07.2010 06:43:59 | Computer Name = Myriam-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.07.2010 06:46:59 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:05 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:12 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:32 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:35 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:48:41 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:50:30 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:57:33 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 09:55:40 | Computer Name = Myriam-PC | Source = Application Error | ID = 1000
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 21:32:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys
---- System - GMER 2.1 ----
SSDT 885AAF10 ZwAlertResumeThread
SSDT 885AAFD0 ZwAlertThread
SSDT 84B5D050 ZwAllocateVirtualMemory
SSDT 884AB740 ZwAlpcConnectPort
SSDT 885AA528 ZwAssignProcessToJobObject
SSDT 885A5C70 ZwCreateMutant
SSDT 885AA248 ZwCreateSymbolicLinkObject
SSDT 87C195A0 ZwCreateThread
SSDT 889DA400 ZwDebugActiveProcess
SSDT 884A7290 ZwDuplicateObject
SSDT 885A8E48 ZwFreeVirtualMemory
SSDT 885A5D60 ZwImpersonateAnonymousToken
SSDT 885AA910 ZwImpersonateThread
SSDT 884AB6A8 ZwLoadDriver
SSDT 885A8D68 ZwMapViewOfSection
SSDT 87C1BF48 ZwOpenEvent
SSDT 883AD308 ZwOpenProcess
SSDT 87C2D588 ZwOpenProcessToken
SSDT 87C6C1B8 ZwOpenSection
SSDT 87C2D5C0 ZwOpenThread
SSDT 885AA438 ZwProtectVirtualMemory
SSDT 885BCB70 ZwResumeThread
SSDT 885B8C98 ZwSetContextThread
SSDT 885B8D58 ZwSetInformationProcess
SSDT 889DA4C0 ZwSetSystemInformation
SSDT 87C1BE88 ZwSuspendProcess
SSDT 885BC930 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xDD54A640]
SSDT 885BC9F0 ZwTerminateThread
SSDT 885B8F48 ZwUnmapViewOfSection
SSDT 885AADB0 ZwWriteVirtualMemory
SSDT 885AA338 ZwCreateThreadEx
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 826B4860 8 Bytes [10, AF, 5A, 88, D0, AF, 5A, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 826B4874 4 Bytes [50, D0, B5, 84]
.text ntkrnlpa.exe!KeSetEvent + 13D 826B4880 4 Bytes [40, B7, 4A, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 826B48D4 4 Bytes [28, A5, 5A, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826B4938 4 Bytes [70, 5C, 5A, 88]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA92FB69D]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateFile + 6 7743424A 4 Bytes [28, 68, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateFile + B 7743424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateKey + 6 7743428A 4 Bytes [68, 69, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateKey + B 7743428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateMutant + 6 774342BA 4 Bytes [28, 6A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateMutant + B 774342BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateSection + 6 7743433A 4 Bytes [68, 6A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateSection + B 7743433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtMapViewOfSection + 6 7743499A 4 Bytes [A8, 6C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtMapViewOfSection + B 7743499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenFile + 6 77434A2A 4 Bytes [68, 68, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenFile + B 77434A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenKey + 6 77434A5A 4 Bytes [A8, 69, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenKey + B 77434A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenMutant + B 77434A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcess + 6 77434AAA 4 Bytes [28, 6B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcess + B 77434AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessToken + 6 77434ABA 4 Bytes [68, 6B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessToken + B 77434ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessTokenEx + 6 77434ACA 4 Bytes [28, 6C, 06, 00] {SUB [ESI+EAX+0x0], CH}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessTokenEx + B 77434ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenSection + 6 77434ADA 4 Bytes [A8, 6A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenSection + B 77434ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThread + B 77434B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadToken + B 77434B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadTokenEx + 6 77434B3A 4 Bytes [68, 6C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadTokenEx + B 77434B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryAttributesFile + 6 77434BCA 4 Bytes [A8, 68, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryAttributesFile + B 77434BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryFullAttributesFile + B 77434C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationFile + 6 7743515A 4 Bytes [28, 69, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationFile + B 7743515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationThread + 6 774351AA 4 Bytes [A8, 6B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationThread + B 774351AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtUnmapViewOfSection + B 7743544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!OpenEventW 7616C023 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateEventW 7619B85E 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!DeleteObject 77385A37 5 Bytes JMP 000B01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetDeviceCaps 7738617F 5 Bytes JMP 000B03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectObject 773862A0 5 Bytes JMP 000B05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetTextColor 7738666B 5 Bytes JMP 000B0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetBkMode 77386716 5 Bytes JMP 000B08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!DeleteDC 773868CD 5 Bytes JMP 000B0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetCurrentObject 77386B58 5 Bytes JMP 000B0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetStretchBltMode 77387206 5 Bytes JMP 000B06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SaveDC 773875BA 5 Bytes JMP 000B0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!RestoreDC 77387675 5 Bytes JMP 000B0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StretchDIBits 773878CF 5 Bytes JMP 000B0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtSelectClipRgn 773879F8 5 Bytes JMP 000B02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectClipRgn 77387AF9 5 Bytes JMP 000B05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!MoveToEx 77387C33 5 Bytes JMP 000B0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!Rectangle 77387EA9 5 Bytes JMP 000B09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextAlign 773882E0 5 Bytes JMP 000B0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetTextAlign 773885CB 5 Bytes JMP 000B09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtTextOutW 7738872B 5 Bytes JMP 000B0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextMetricsW 77388A81 5 Bytes JMP 000B0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!IntersectClipRect 77388B64 5 Bytes JMP 000B03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetClipBox 77389071 5 Bytes JMP 000B0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetICMMode 773894E7 5 Bytes JMP 000B0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateDCW 7738A91D 5 Bytes JMP 000B00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateDCA 7738AA49 5 Bytes JMP 000B00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateICW 7738B2E9 5 Bytes JMP 000B0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextFaceW 7738B637 5 Bytes JMP 000B0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetFontData 7738BA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetFontData 7738BA6C 5 Bytes JMP 000B0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextExtentPoint32W 7738C01A 5 Bytes JMP 000B0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetWorldTransform 7738C46A 5 Bytes JMP 000B06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!LineTo 7738C65E 5 Bytes JMP 000B0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextMetricsA 7738CCEB 5 Bytes JMP 000B0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtTextOutA 773900A5 5 Bytes JMP 000B0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextExtentPoint32A 77390E58 5 Bytes JMP 000B0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtEscape 773922A7 5 Bytes JMP 000B02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!Escape 773927F1 5 Bytes JMP 000B0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ResetDCW 77393132 5 Bytes JMP 000B0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndPage 7739375E 5 Bytes JMP 000B0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetPolyFillMode 773961D3 5 Bytes JMP 000B0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetMiterLimit 773962E2 5 Bytes JMP 000B0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextFaceA 7739F4C5 5 Bytes JMP 000B0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetGlyphOutlineW 773AA41F 5 Bytes JMP 000B0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateScalableFontResourceW 773AC88B 5 Bytes JMP 000B0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!AddFontResourceW 773ACC93 5 Bytes JMP 000B0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!RemoveFontResourceW 773AD129 5 Bytes JMP 000B0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!AbortDoc 773B2CC4 5 Bytes JMP 000B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndDoc 773B30D8 5 Bytes JMP 000B01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StartPage 773B31C3 5 Bytes JMP 000B0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StartDocW 773B3CA7 5 Bytes JMP 000B07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!BeginPath 773B4465 5 Bytes JMP 000B0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectClipPath 773B44BC 5 Bytes JMP 000B0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CloseFigure 773B4517 5 Bytes JMP 000B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndPath 773B456E 5 Bytes JMP 000B0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StrokePath 773B47A0 5 Bytes JMP 000B07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!FillPath 773B482C 5 Bytes JMP 000B0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolylineTo 773B4C95 5 Bytes JMP 000B04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolyBezierTo 773B4D25 5 Bytes JMP 000B04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolyDraw 773B4DD6 5 Bytes JMP 000B08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetCursor 75A7D37D 5 Bytes JMP 000C0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatW 75A7D6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatW 75A7D6AC 5 Bytes JMP 000C02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ActivateKeyboardLayout 75A8478C 5 Bytes JMP 000C04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!IsWindowVisible 75A8878A 7 Bytes JMP 000C06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!MonitorFromWindow 75A888D4 7 Bytes JMP 000C0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ScreenToClient 75A88C56 7 Bytes JMP 000C0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClientRect 75A88F0D 7 Bytes JMP 000C05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetParent 75A890AA 7 Bytes JMP 000C06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatA 75A8A111 5 Bytes JMP 000C02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!PostMessageW 75A8A175 5 Bytes JMP 000C05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!MapWindowPoints 75A8A30D 5 Bytes JMP 000C0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardFormatNameA 75A8A552 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetOpenClipboardWindow 75A926A6 5 Bytes JMP 000C03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetClipboardViewer 75A9BA2D 5 Bytes JMP 000C04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!IsClipboardFormatAvailable 75A9C2E3 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!CloseClipboard 75A9C2F7 5 Bytes JMP 000C00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!OpenClipboard 75A9C31D 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetTopWindow 75A9CE0A 7 Bytes JMP 000C0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardSequenceNumber 75A9D8B7 5 Bytes JMP 000C0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ChangeClipboardChain 75A9DF83 5 Bytes JMP 000C0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!CountClipboardFormats 75AA0048 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardOwner 75AA26EF 5 Bytes JMP 000C0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetClipboardData 75AB6410 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!EnumClipboardFormats 75AB6D16 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetCursorPos 75AB6FB2 5 Bytes JMP 000C0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardData 75AB715A 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardFormatNameW 75ABA99F 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!EmptyClipboard 75AD398B 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardViewer 75AD39ED 5 Bytes JMP 000C0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetPriorityClipboardFormat 75AD3AEF 5 Bytes JMP 000C03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleGetClipboard 762A74C9 5 Bytes JMP 000D00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleSetClipboard 762D11E3 5 Bytes JMP 000D0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleIsCurrentClipboard 762DA8F9 5 Bytes JMP 000D0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!FreeContextBuffer 75902D83 5 Bytes JMP 000F00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!DeleteSecurityContext 75902F18 5 Bytes JMP 000F0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!FreeCredentialsHandle 75903598 5 Bytes JMP 000F0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!EncryptMessage 75903745 5 Bytes JMP 000F01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!DecryptMessage 75903813 5 Bytes JMP 000F0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!InitializeSecurityContextA 759087DF 5 Bytes JMP 000F0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!AcquireCredentialsHandleA 75908A43 5 Bytes JMP 000F0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!QueryContextAttributesA 75908E77 5 Bytes JMP 000F0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!ApplyControlToken 7590DE4F 5 Bytes JMP 000F01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!QueryCredentialsAttributesA 7590E052 5 Bytes JMP 000F00B0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!InSendMessageEx + 4C9 75A7E7C8 7 Bytes JMP 59B343E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!CreateWindowExW + AA 75A813AF 7 Bytes JMP 59B34375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!GetWindowInfo 75A8428E 5 Bytes JMP 5977E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!SetMenuItemBitmaps + 71 75A914EE 7 Bytes JMP 5977E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] ntdll.dll!LdrLoadDll 773F9378 5 Bytes JMP 595A6D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!HeapSetInformation + 26 7617A8B0 7 Bytes JMP 595C1C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!LockResource + C 76196ACB 7 Bytes JMP 598FD713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!VirtualAllocEx + 54 7619AF50 7 Bytes JMP 598FD736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] USER32.dll!GetWindowInfo 75A8428E 5 Bytes JMP 59786045 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] GDI32.dll!SetStretchBltMode + 256 7738745C 7 Bytes JMP 598FD694 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\0000008e bthport.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS
Device \Driver\BTHUSB \Device\0000008c bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccc83fe
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ccc83fe (not active ControlSet)
---- EOF - GMER 2.1 ----
 lg Myriam |
|
13.04.2013, 16:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Yahoo Account macht sich selbstständig - Virensuche erfolglos Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
13.04.2013, 18:46
| #3 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos Hallo Cosinus,
__________________vielen Dank schon mal für deine Hilfe. Ich bin grad in der Arbeit, bin aber morgen Nachmittag wieder daheim und setz mich dann gleich dran! Noch ein Update zur Yahoo-Situation: Bisher keine neuen Mails mehr rausgegangen, kurzzeitige Sperrung durch Yahoo wegen verdächtigen Aktivitäten. PW erneut geändert. Kann bei Yahoo letzte Anmeldeaktivitäten einsehen: einige Minuten bevor die Spam-Mails rausgingen hat sich ne IP in Malaysia eingeloggt: 183.78.27.168. Wenn ich jetzt mit meinem Heim-PC in Yahoo gegangen bin wurde eine IP in Canada angezeigt. Fehler? Oder heißt das ich hab definitiv was im System? Die canadische IP wird erst seit dem Malaysia-Login angezeigt. Kann aber nicht sicher sagen, ob sich das verändert hat, oder die Daten nicht weit genug zurück angezeigt werden... Edit: Das mit der canadischen IP könnte mit dem LTE von Vodafone zusammenhängen. Hab da ähnliches hier (hxxp://www.boerse.bz/hard-software/netzwerk-internetzugaenge-und-router/1302676-ip-problem.html) gefunden. Also wäre es eventuell möglich dass meine IP immer kanadisch ist, wenn ich mich nicht ins VPN einlogge (hab ich mich gestern nicht mehr getraut um nicht noch mehr Passwörter zu verraten). Wieder was gelernt.  Sorry hab mich mit IP-Adressen bis jetzt so gut wie garnicht beschäftigt. Und das heißt eventuell besteht doch tatsächlich eventuell die Hoffnung dass mein System garnicht übernommen wurde, sonden "nur" der Mailaccount...Ich will aber unbedingt auf Nummer sicher gehen!! Nochmal vielen Dank und bis morgen! lg Myriam So alle Scans erledigt. Sieht eigentlich gut aus oder?  MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.14.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
Myriam :: MYRIAM-PC [administrator]
14.04.2013 16:36:01
mbar-log-2013-04-14 (16-36-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27530
Time elapsed: 31 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-14 16:40:34
-----------------------------
16:40:34.923 OS Version: Windows 6.0.6002 Service Pack 2
16:40:34.923 Number of processors: 4 586 0xF0B
16:40:34.926 ComputerName: MYRIAM-PC UserName: Myriam
16:40:38.421 Initialize success
16:42:09.952 AVAST engine defs: 13041400
16:42:14.447 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:42:14.450 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 3
16:42:14.635 Disk 0 MBR read successfully
16:42:14.638 Disk 0 MBR scan
16:42:14.683 Disk 0 Windows VISTA default MBR code
16:42:14.686 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
16:42:14.726 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408
16:42:14.743 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461508 MB offset 31602688
16:42:14.771 Disk 0 scanning sectors +976771072
16:42:14.849 Disk 0 scanning C:\Windows\system32\drivers
16:42:32.745 Service scanning
16:42:55.375 Modules scanning
16:43:06.867 Disk 0 trace - called modules:
16:43:06.887 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:43:06.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87253ac8]
16:43:06.902 3 CLASSPNP.SYS[8afa28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86546028]
16:43:10.286 AVAST engine scan C:\Windows
16:43:17.642 AVAST engine scan C:\Windows\system32
16:48:54.510 AVAST engine scan C:\Windows\system32\drivers
16:49:56.234 AVAST engine scan C:\Users\Myriam
17:47:13.306 AVAST engine scan C:\ProgramData
17:56:23.982 Scan finished successfully
17:59:30.633 Disk 0 MBR has been saved successfully to "C:\Users\Myriam\Desktop\MBR.dat"
17:59:30.641 The log file has been saved successfully to "C:\Users\Myriam\Desktop\aswMBR.txt"
Code:
ATTFilter 18:01:41.0106 3804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:01:41.0463 3804 ============================================================
18:01:41.0463 3804 Current date / time: 2013/04/14 18:01:41.0463
18:01:41.0463 3804 SystemInfo:
18:01:41.0463 3804
18:01:41.0463 3804 OS Version: 6.0.6002 ServicePack: 2.0
18:01:41.0463 3804 Product type: Workstation
18:01:41.0464 3804 ComputerName: MYRIAM-PC
18:01:41.0464 3804 UserName: Myriam
18:01:41.0464 3804 Windows directory: C:\Windows
18:01:41.0464 3804 System windows directory: C:\Windows
18:01:41.0464 3804 Processor architecture: Intel x86
18:01:41.0464 3804 Number of processors: 4
18:01:41.0464 3804 Page size: 0x1000
18:01:41.0464 3804 Boot type: Normal boot
18:01:41.0464 3804 ============================================================
18:01:42.0372 3804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:01:42.0413 3804 ============================================================
18:01:42.0413 3804 \Device\Harddisk0\DR0:
18:01:42.0414 3804 MBR partitions:
18:01:42.0414 3804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
18:01:42.0414 3804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x38562000
18:01:42.0414 3804 ============================================================
18:01:42.0465 3804 C: <-> \Device\Harddisk0\DR0\Partition2
18:01:42.0513 3804 D: <-> \Device\Harddisk0\DR0\Partition1
18:01:42.0513 3804 ============================================================
18:01:42.0513 3804 Initialize success
18:01:42.0513 3804 ============================================================
18:04:23.0927 2924 ============================================================
18:04:23.0927 2924 Scan started
18:04:23.0927 2924 Mode: Manual; SigCheck; TDLFS;
18:04:23.0927 2924 ============================================================
18:04:26.0684 2924 ================ Scan system memory ========================
18:04:26.0684 2924 System memory - ok
18:04:26.0685 2924 ================ Scan services =============================
18:04:27.0160 2924 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:04:27.0289 2924 !SASCORE - ok
18:04:28.0993 2924 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
18:04:29.0149 2924 acedrv11 - ok
18:04:29.0247 2924 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:04:29.0285 2924 ACPI - ok
18:04:29.0332 2924 [ D2523D28674B03976AFC1AB6EF712F27 ] acsint C:\Windows\system32\DRIVERS\acsint.sys
18:04:29.0456 2924 acsint - ok
18:04:29.0525 2924 [ 9A7D29DAE24A01DCD33D8F563559B3AB ] acsmux C:\Windows\system32\DRIVERS\acsmux.sys
18:04:29.0622 2924 acsmux - ok
18:04:29.0862 2924 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:04:30.0070 2924 adp94xx - ok
18:04:30.0155 2924 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:04:30.0193 2924 adpahci - ok
18:04:30.0220 2924 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:04:30.0275 2924 adpu160m - ok
18:04:30.0361 2924 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:04:30.0389 2924 adpu320 - ok
18:04:30.0463 2924 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:04:31.0160 2924 AeLookupSvc - ok
18:04:31.0207 2924 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:04:31.0300 2924 AFD - ok
18:04:31.0355 2924 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:04:31.0405 2924 agp440 - ok
18:04:31.0443 2924 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:04:31.0512 2924 aic78xx - ok
18:04:31.0561 2924 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:04:31.0726 2924 ALG - ok
18:04:31.0743 2924 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:04:31.0756 2924 aliide - ok
18:04:31.0776 2924 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:04:31.0789 2924 amdagp - ok
18:04:31.0800 2924 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:04:31.0813 2924 amdide - ok
18:04:31.0836 2924 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:04:31.0888 2924 AmdK7 - ok
18:04:31.0906 2924 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:04:31.0930 2924 AmdK8 - ok
18:04:31.0971 2924 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:04:32.0098 2924 Appinfo - ok
18:04:32.0139 2924 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:04:32.0165 2924 arc - ok
18:04:32.0187 2924 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:04:32.0202 2924 arcsas - ok
18:04:32.0292 2924 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:04:32.0393 2924 aspnet_state - ok
18:04:32.0413 2924 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:32.0470 2924 AsyncMac - ok
18:04:32.0528 2924 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:04:32.0541 2924 atapi - ok
18:04:32.0585 2924 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:32.0644 2924 AudioEndpointBuilder - ok
18:04:32.0658 2924 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:04:32.0679 2924 Audiosrv - ok
18:04:32.0726 2924 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:32.0771 2924 Beep - ok
18:04:32.0813 2924 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:04:32.0867 2924 BFE - ok
18:04:33.0188 2924 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
18:04:33.0231 2924 BHDrvx86 - ok
18:04:33.0353 2924 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:04:33.0523 2924 BITS - ok
18:04:33.0594 2924 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:04:33.0618 2924 blbdrive - ok
18:04:33.0802 2924 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:33.0828 2924 Bonjour Service - ok
18:04:33.0862 2924 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:33.0994 2924 bowser - ok
18:04:34.0032 2924 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:04:34.0074 2924 BrFiltLo - ok
18:04:34.0103 2924 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:04:34.0162 2924 BrFiltUp - ok
18:04:34.0195 2924 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:04:34.0272 2924 Browser - ok
18:04:34.0305 2924 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:04:34.0465 2924 Brserid - ok
18:04:34.0495 2924 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:04:34.0539 2924 BrSerWdm - ok
18:04:34.0580 2924 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:04:34.0658 2924 BrUsbMdm - ok
18:04:34.0677 2924 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:04:34.0739 2924 BrUsbSer - ok
18:04:34.0788 2924 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
18:04:34.0895 2924 BTCFilterService - ok
18:04:34.0965 2924 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:04:35.0037 2924 BthEnum - ok
18:04:35.0086 2924 [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:04:35.0128 2924 BTHMODEM - ok
18:04:35.0159 2924 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:04:35.0212 2924 BthPan - ok
18:04:35.0347 2924 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:04:35.0401 2924 BTHPORT - ok
18:04:35.0499 2924 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:04:35.0577 2924 BthServ - ok
18:04:35.0604 2924 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:04:35.0655 2924 BTHUSB - ok
18:04:35.0719 2924 [ FC23E3A7AE18B02DCC1A34CBEF3F80AF ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:04:35.0732 2924 btwaudio - ok
18:04:35.0757 2924 [ 5E14C92763E51130BFB9A670AFD7EDDF ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:04:35.0769 2924 btwavdt - ok
18:04:35.0790 2924 [ AC3FD5A3BBFA114098F75B80C4C1F3E7 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:04:35.0801 2924 btwrchid - ok
18:04:35.0977 2924 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\Windows\system32\drivers\NAV\1309010.00E\ccSetx86.sys
18:04:35.0995 2924 ccSet_NAV - ok
18:04:36.0036 2924 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:36.0087 2924 cdfs - ok
18:04:36.0137 2924 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:36.0212 2924 cdrom - ok
18:04:36.0262 2924 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:36.0321 2924 CertPropSvc - ok
18:04:36.0347 2924 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:36.0414 2924 circlass - ok
18:04:36.0486 2924 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:04:36.0534 2924 CLFS - ok
18:04:36.0614 2924 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:36.0631 2924 clr_optimization_v2.0.50727_32 - ok
18:04:36.0674 2924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:36.0745 2924 clr_optimization_v4.0.30319_32 - ok
18:04:36.0757 2924 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:36.0770 2924 cmdide - ok
18:04:36.0781 2924 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:04:36.0795 2924 Compbatt - ok
18:04:36.0799 2924 COMSysApp - ok
18:04:36.0804 2924 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:36.0817 2924 crcdisk - ok
18:04:36.0835 2924 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:04:36.0896 2924 Crusoe - ok
18:04:36.0938 2924 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:37.0084 2924 CryptSvc - ok
18:04:37.0221 2924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:37.0299 2924 DcomLaunch - ok
18:04:37.0330 2924 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:37.0401 2924 DfsC - ok
18:04:37.0496 2924 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:04:37.0661 2924 DFSR - ok
18:04:37.0726 2924 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:04:37.0778 2924 Dhcp - ok
18:04:37.0830 2924 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:04:37.0845 2924 disk - ok
18:04:37.0879 2924 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:37.0988 2924 Dnscache - ok
18:04:38.0142 2924 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:38.0213 2924 dot3svc - ok
18:04:38.0248 2924 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:04:38.0298 2924 DPS - ok
18:04:38.0334 2924 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:38.0390 2924 drmkaud - ok
18:04:38.0557 2924 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:38.0644 2924 DXGKrnl - ok
18:04:38.0690 2924 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
18:04:38.0706 2924 e1express - ok
18:04:38.0753 2924 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:38.0803 2924 E1G60 - ok
18:04:38.0845 2924 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:38.0891 2924 EapHost - ok
18:04:38.0948 2924 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:04:38.0964 2924 Ecache - ok
18:04:39.0328 2924 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:04:39.0356 2924 eeCtrl - ok
18:04:39.0498 2924 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:04:39.0595 2924 ehRecvr - ok
18:04:39.0635 2924 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:04:39.0801 2924 ehSched - ok
18:04:39.0813 2924 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:04:39.0861 2924 ehstart - ok
18:04:39.0927 2924 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:39.0960 2924 elxstor - ok
18:04:40.0063 2924 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:04:40.0179 2924 EMDMgmt - ok
18:04:40.0221 2924 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
18:04:40.0232 2924 EraserUtilDrv11220 - ok
18:04:40.0260 2924 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:04:40.0303 2924 ErrDev - ok
18:04:40.0346 2924 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:04:40.0395 2924 EventSystem - ok
18:04:40.0475 2924 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:40.0572 2924 exfat - ok
18:04:40.0619 2924 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:40.0671 2924 fastfat - ok
18:04:40.0691 2924 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:40.0740 2924 fdc - ok
18:04:40.0776 2924 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:40.0827 2924 fdPHost - ok
18:04:40.0873 2924 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:40.0932 2924 FDResPub - ok
18:04:40.0992 2924 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:41.0007 2924 FileInfo - ok
18:04:41.0048 2924 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:41.0114 2924 Filetrace - ok
18:04:41.0133 2924 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:41.0216 2924 flpydisk - ok
18:04:41.0331 2924 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:41.0348 2924 FltMgr - ok
18:04:41.0430 2924 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:04:41.0621 2924 FontCache - ok
18:04:41.0739 2924 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:41.0754 2924 FontCache3.0.0.0 - ok
18:04:41.0837 2924 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:41.0942 2924 Fs_Rec - ok
18:04:41.0991 2924 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:42.0031 2924 gagp30kx - ok
18:04:42.0077 2924 [ 52ADA45F60D6382C9B3C52826CDB9D26 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
18:04:42.0117 2924 ggsemc ( UnsignedFile.Multi.Generic ) - warning
18:04:42.0117 2924 ggsemc - detected UnsignedFile.Multi.Generic (1)
18:04:42.0191 2924 [ FF0E0E6E5768B82BEAD44BFBCB9BDFE6 ] GoogleDesktopManager-010708-104812 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:04:42.0202 2924 GoogleDesktopManager-010708-104812 - ok
18:04:42.0407 2924 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:42.0534 2924 gpsvc - ok
18:04:42.0580 2924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:04:42.0593 2924 gupdate - ok
18:04:42.0598 2924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:04:42.0608 2924 gupdatem - ok
18:04:42.0675 2924 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:42.0769 2924 HdAudAddService - ok
18:04:42.0875 2924 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:43.0045 2924 HDAudBus - ok
18:04:43.0114 2924 [ 204C3B1846E9CBAAEF88B8E1F86782F8 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:04:43.0185 2924 HidBth - ok
18:04:43.0240 2924 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:43.0338 2924 HidIr - ok
18:04:43.0370 2924 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:04:43.0431 2924 hidserv - ok
18:04:43.0464 2924 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:43.0516 2924 HidUsb - ok
18:04:43.0558 2924 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:43.0648 2924 hkmsvc - ok
18:04:43.0676 2924 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:04:43.0709 2924 HpCISSs - ok
18:04:43.0928 2924 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:43.0999 2924 HTTP - ok
18:04:44.0053 2924 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:04:44.0149 2924 hwdatacard - ok
18:04:44.0165 2924 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:04:44.0178 2924 i2omp - ok
18:04:44.0215 2924 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:44.0270 2924 i8042prt - ok
18:04:44.0671 2924 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:04:44.0722 2924 IAANTMON - ok
18:04:44.0755 2924 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\drivers\iastor.sys
18:04:44.0771 2924 iaStor - ok
18:04:44.0834 2924 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:04:44.0928 2924 iaStorV - ok
18:04:45.0013 2924 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:04:45.0059 2924 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:04:45.0059 2924 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:04:45.0149 2924 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:45.0253 2924 idsvc - ok
18:04:45.0547 2924 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130412.001\IDSvix86.sys
18:04:45.0630 2924 IDSVix86 - ok
18:04:45.0647 2924 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:45.0672 2924 iirsp - ok
18:04:45.0715 2924 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:45.0791 2924 IKEEXT - ok
18:04:45.0842 2924 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:45.0855 2924 intelide - ok
18:04:45.0879 2924 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:45.0938 2924 intelppm - ok
18:04:45.0993 2924 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:46.0121 2924 IPBusEnum - ok
18:04:46.0142 2924 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:46.0198 2924 IpFilterDriver - ok
18:04:46.0259 2924 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:46.0368 2924 iphlpsvc - ok
18:04:46.0372 2924 IpInIp - ok
18:04:46.0384 2924 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:04:46.0408 2924 IPMIDRV - ok
18:04:46.0423 2924 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:04:46.0449 2924 IPNAT - ok
18:04:46.0459 2924 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:46.0483 2924 IRENUM - ok
18:04:46.0536 2924 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:46.0560 2924 isapnp - ok
18:04:46.0593 2924 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:46.0622 2924 iScsiPrt - ok
18:04:46.0652 2924 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:04:46.0664 2924 iteatapi - ok
18:04:46.0701 2924 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:04:46.0714 2924 iteraid - ok
18:04:47.0089 2924 jnv4_mib - ok
18:04:47.0100 2924 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:47.0113 2924 kbdclass - ok
18:04:47.0253 2924 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:47.0308 2924 kbdhid - ok
18:04:47.0432 2924 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:04:47.0570 2924 KeyIso - ok
18:04:47.0741 2924 [ EAEF6257EEAD7CDAD19ECE129DE2FAEA ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
18:04:47.0778 2924 Kodak AiO Network Discovery Service - ok
18:04:47.0832 2924 [ 9999AE8ACE65298C56E89100F6483292 ] KodakSvc C:\Program Files\Kodak\AiO\center\KodakSvc.exe
18:04:47.0871 2924 KodakSvc ( UnsignedFile.Multi.Generic ) - warning
18:04:47.0871 2924 KodakSvc - detected UnsignedFile.Multi.Generic (1)
18:04:47.0909 2924 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:47.0970 2924 KSecDD - ok
18:04:48.0009 2924 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:48.0086 2924 KtmRm - ok
18:04:48.0119 2924 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:48.0221 2924 LanmanServer - ok
18:04:48.0314 2924 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:48.0402 2924 LanmanWorkstation - ok
18:04:48.0490 2924 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
18:04:48.0502 2924 LBTServ - ok
18:04:48.0574 2924 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
18:04:48.0611 2924 LGBusEnum - ok
18:04:48.0687 2924 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
18:04:48.0718 2924 LGVirHid - ok
18:04:48.0756 2924 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:04:48.0767 2924 LHidFilt - ok
18:04:48.0796 2924 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:48.0866 2924 lltdio - ok
18:04:48.0995 2924 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:49.0023 2924 lltdsvc - ok
18:04:49.0037 2924 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:49.0076 2924 lmhosts - ok
18:04:49.0198 2924 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:04:49.0234 2924 LMouFilt - ok
18:04:49.0271 2924 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:49.0313 2924 LSI_FC - ok
18:04:49.0329 2924 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:49.0343 2924 LSI_SAS - ok
18:04:49.0368 2924 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:49.0428 2924 LSI_SCSI - ok
18:04:49.0452 2924 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:49.0510 2924 luafv - ok
18:04:49.0535 2924 massfilter - ok
18:04:49.0604 2924 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:04:49.0617 2924 MBAMProtector - ok
18:04:49.0735 2924 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:04:49.0833 2924 MBAMScheduler - ok
18:04:49.0862 2924 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:49.0931 2924 MBAMService - ok
18:04:49.0969 2924 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:04:50.0053 2924 Mcx2Svc - ok
18:04:50.0109 2924 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:50.0123 2924 megasas - ok
18:04:50.0160 2924 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:04:50.0182 2924 MegaSR - ok
18:04:50.0198 2924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:04:50.0261 2924 MMCSS - ok
18:04:50.0287 2924 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:04:50.0362 2924 Modem - ok
18:04:50.0397 2924 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:50.0461 2924 monitor - ok
18:04:50.0519 2924 [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
18:04:50.0598 2924 motccgp - ok
18:04:50.0695 2924 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
18:04:50.0736 2924 motccgpfl - ok
18:04:50.0801 2924 [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
18:04:50.0878 2924 motmodem - ok
18:04:51.0072 2924 [ 3BBC6C2402242401F791548AAEBF3D39 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
18:04:51.0087 2924 MotoHelper - ok
18:04:51.0125 2924 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
18:04:51.0178 2924 MotoSwitchService - ok
18:04:51.0204 2924 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
18:04:51.0248 2924 Motousbnet - ok
18:04:51.0330 2924 [ F18898D418F43E74A93EDC57E1F28BC9 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
18:04:51.0441 2924 motusbdevice - ok
18:04:51.0463 2924 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:51.0476 2924 mouclass - ok
18:04:51.0509 2924 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:51.0552 2924 mouhid - ok
18:04:51.0578 2924 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:04:51.0592 2924 MountMgr - ok
18:04:51.0660 2924 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:51.0723 2924 MozillaMaintenance - ok
18:04:51.0774 2924 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:51.0789 2924 mpio - ok
18:04:51.0814 2924 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:51.0876 2924 mpsdrv - ok
18:04:52.0140 2924 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:52.0203 2924 MpsSvc - ok
18:04:52.0233 2924 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:04:52.0264 2924 Mraid35x - ok
18:04:52.0303 2924 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:52.0356 2924 MRxDAV - ok
18:04:52.0416 2924 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:52.0510 2924 mrxsmb - ok
18:04:52.0686 2924 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:52.0709 2924 mrxsmb10 - ok
18:04:52.0714 2924 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:52.0729 2924 mrxsmb20 - ok
18:04:52.0754 2924 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:52.0782 2924 msahci - ok
18:04:52.0804 2924 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:52.0819 2924 msdsm - ok
18:04:52.0829 2924 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:04:52.0869 2924 MSDTC - ok
18:04:52.0881 2924 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:52.0905 2924 Msfs - ok
18:04:52.0921 2924 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:52.0934 2924 msisadrv - ok
18:04:52.0959 2924 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:53.0008 2924 MSiSCSI - ok
18:04:53.0012 2924 msiserver - ok
18:04:53.0045 2924 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:53.0094 2924 MSKSSRV - ok
18:04:53.0121 2924 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:53.0169 2924 MSPCLOCK - ok
18:04:53.0198 2924 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:53.0242 2924 MSPQM - ok
18:04:53.0335 2924 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:53.0353 2924 MsRPC - ok
18:04:53.0398 2924 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:53.0427 2924 mssmbios - ok
18:04:53.0452 2924 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:53.0476 2924 MSTEE - ok
18:04:53.0510 2924 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:53.0547 2924 Mup - ok
18:04:53.0653 2924 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:04:53.0712 2924 napagent - ok
18:04:53.0755 2924 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:53.0816 2924 NativeWifiP - ok
18:04:54.0028 2924 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
18:04:54.0040 2924 NAV - ok
18:04:54.0214 2924 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130413.016\NAVENG.SYS
18:04:54.0227 2924 NAVENG - ok
18:04:54.0415 2924 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130413.016\NAVEX15.SYS
18:04:54.0493 2924 NAVEX15 - ok
18:04:54.0556 2924 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:54.0645 2924 NDIS - ok
18:04:54.0678 2924 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:54.0745 2924 NdisTapi - ok
18:04:54.0774 2924 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:54.0798 2924 Ndisuio - ok
18:04:54.0864 2924 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:54.0912 2924 NdisWan - ok
18:04:54.0949 2924 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:54.0969 2924 NDProxy - ok
18:04:54.0996 2924 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:55.0077 2924 NetBIOS - ok
18:04:55.0191 2924 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:04:55.0266 2924 netbt - ok
18:04:55.0301 2924 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:04:55.0333 2924 Netlogon - ok
18:04:55.0372 2924 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:04:55.0467 2924 Netman - ok
18:04:55.0786 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:55.0881 2924 NetMsmqActivator - ok
18:04:55.0885 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:55.0897 2924 NetPipeActivator - ok
18:04:55.0991 2924 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:04:56.0068 2924 netprofm - ok
18:04:56.0072 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:56.0083 2924 NetTcpActivator - ok
18:04:56.0088 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:56.0099 2924 NetTcpPortSharing - ok
18:04:56.0190 2924 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:04:56.0214 2924 nfrd960 - ok
18:04:56.0242 2924 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:56.0291 2924 NlaSvc - ok
18:04:56.0357 2924 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:56.0434 2924 Npfs - ok
18:04:56.0479 2924 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:04:56.0540 2924 nsi - ok
18:04:56.0566 2924 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:56.0614 2924 nsiproxy - ok
18:04:56.0748 2924 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:56.0796 2924 Ntfs - ok
18:04:56.0820 2924 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:04:56.0878 2924 ntrigdigi - ok
18:04:56.0907 2924 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:04:56.0951 2924 Null - ok
18:04:57.0567 2924 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:04:58.0042 2924 nvlddmkm - ok
18:04:58.0205 2924 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:58.0235 2924 nvraid - ok
18:04:58.0267 2924 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:58.0302 2924 nvstor - ok
18:04:58.0458 2924 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:04:58.0532 2924 nvsvc - ok
18:04:58.0989 2924 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:04:59.0132 2924 nvUpdatusService - ok
18:04:59.0205 2924 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:59.0302 2924 nv_agp - ok
18:04:59.0306 2924 NwlnkFlt - ok
18:04:59.0312 2924 NwlnkFwd - ok
18:04:59.0369 2924 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:04:59.0428 2924 ohci1394 - ok
18:04:59.0536 2924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:04:59.0705 2924 p2pimsvc - ok
18:04:59.0721 2924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:59.0748 2924 p2psvc - ok
18:04:59.0800 2924 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:04:59.0848 2924 Parport - ok
18:04:59.0944 2924 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:59.0958 2924 partmgr - ok
18:04:59.0973 2924 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:05:00.0042 2924 Parvdm - ok
18:05:00.0187 2924 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:05:00.0289 2924 PcaSvc - ok
18:05:00.0330 2924 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:05:00.0372 2924 pci - ok
18:05:00.0403 2924 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:05:00.0442 2924 pciide - ok
18:05:00.0467 2924 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:05:00.0482 2924 pcmcia - ok
18:05:00.0536 2924 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:05:00.0607 2924 PEAUTH - ok
18:05:00.0852 2924 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:05:01.0012 2924 pla - ok
18:05:01.0085 2924 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:05:01.0150 2924 PlugPlay - ok
18:05:01.0228 2924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:05:01.0269 2924 PNRPAutoReg - ok
18:05:01.0301 2924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:05:01.0326 2924 PNRPsvc - ok
18:05:01.0450 2924 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:05:01.0562 2924 PolicyAgent - ok
18:05:01.0607 2924 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:05:01.0676 2924 PptpMiniport - ok
18:05:01.0776 2924 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:05:01.0859 2924 Processor - ok
18:05:01.0930 2924 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:05:02.0001 2924 ProfSvc - ok
18:05:02.0019 2924 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:02.0073 2924 ProtectedStorage - ok
18:05:02.0102 2924 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:05:02.0167 2924 PSched - ok
18:05:02.0213 2924 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:05:02.0225 2924 PxHelp20 - ok
18:05:02.0376 2924 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:05:02.0432 2924 ql2300 - ok
18:05:02.0496 2924 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:05:02.0510 2924 ql40xx - ok
18:05:02.0538 2924 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:05:02.0557 2924 QWAVE - ok
18:05:02.0585 2924 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:05:02.0599 2924 QWAVEdrv - ok
18:05:02.0790 2924 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:05:03.0025 2924 R300 - ok
18:05:03.0047 2924 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:05:03.0105 2924 RasAcd - ok
18:05:03.0137 2924 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:05:03.0232 2924 RasAuto - ok
18:05:03.0258 2924 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:03.0303 2924 Rasl2tp - ok
18:05:03.0343 2924 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:05:03.0396 2924 RasMan - ok
18:05:03.0458 2924 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:03.0509 2924 RasPppoe - ok
18:05:03.0555 2924 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:05:03.0593 2924 RasSstp - ok
18:05:03.0624 2924 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:05:03.0658 2924 rdbss - ok
18:05:03.0691 2924 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:03.0740 2924 RDPCDD - ok
18:05:03.0816 2924 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:05:03.0863 2924 rdpdr - ok
18:05:03.0871 2924 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:05:03.0952 2924 RDPENCDD - ok
18:05:04.0000 2924 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:05:04.0055 2924 RDPWD - ok
18:05:04.0092 2924 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:05:04.0117 2924 RemoteAccess - ok
18:05:04.0140 2924 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:05:04.0188 2924 RemoteRegistry - ok
18:05:04.0225 2924 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:04.0309 2924 RFCOMM - ok
18:05:04.0535 2924 [ FDED778DAF09235E4580F1B9046946B6 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
18:05:04.0591 2924 RoxLiveShare10 - ok
18:05:04.0678 2924 [ E054A2CAF0E2A55C9AAC0BF1CCC558A5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:05:04.0765 2924 RoxMediaDB10 - ok
18:05:04.0845 2924 [ C75FDA9AB3314E555123673E08F9D86D ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
18:05:04.0858 2924 RoxWatch10 - ok
18:05:04.0879 2924 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:05:04.0909 2924 RpcLocator - ok
18:05:04.0986 2924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:05:05.0059 2924 RpcSs - ok
18:05:05.0093 2924 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:05:05.0152 2924 rspndr - ok
18:05:05.0170 2924 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:05:05.0184 2924 SamSs - ok
18:05:05.0344 2924 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:05:05.0379 2924 SASDIFSV - ok
18:05:05.0411 2924 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:05:05.0423 2924 SASKUTIL - ok
18:05:05.0470 2924 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:05:05.0491 2924 sbp2port - ok
18:05:05.0524 2924 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:05:05.0546 2924 SCardSvr - ok
18:05:05.0775 2924 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:05:05.0915 2924 Schedule - ok
18:05:05.0950 2924 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:05:05.0994 2924 SCPolicySvc - ok
18:05:06.0027 2924 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:05:06.0307 2924 SDRSVC - ok
18:05:06.0331 2924 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:05:06.0383 2924 seclogon - ok
18:05:06.0419 2924 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:05:06.0494 2924 SENS - ok
18:05:06.0526 2924 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:05:06.0565 2924 Serenum - ok
18:05:06.0594 2924 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:05:06.0669 2924 Serial - ok
18:05:06.0709 2924 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:05:06.0733 2924 sermouse - ok
18:05:06.0771 2924 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:05:06.0818 2924 SessionEnv - ok
18:05:06.0821 2924 SessionLauncher - ok
18:05:06.0844 2924 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:05:06.0897 2924 sffdisk - ok
18:05:06.0923 2924 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:05:06.0983 2924 sffp_mmc - ok
18:05:06.0999 2924 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:05:07.0047 2924 sffp_sd - ok
18:05:07.0089 2924 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:05:07.0165 2924 sfloppy - ok
18:05:07.0255 2924 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:05:07.0300 2924 SharedAccess - ok
18:05:07.0359 2924 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:07.0479 2924 ShellHWDetection - ok
18:05:07.0493 2924 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:05:07.0521 2924 sisagp - ok
18:05:07.0536 2924 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:05:07.0549 2924 SiSRaid2 - ok
18:05:07.0570 2924 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:05:07.0584 2924 SiSRaid4 - ok
18:05:07.0899 2924 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:05:08.0057 2924 slsvc - ok
18:05:08.0174 2924 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:05:08.0242 2924 SLUINotify - ok
18:05:08.0280 2924 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:05:08.0332 2924 Smb - ok
18:05:08.0375 2924 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:05:08.0412 2924 SNMPTRAP - ok
18:05:08.0481 2924 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:05:08.0494 2924 spldr - ok
18:05:08.0535 2924 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:05:08.0639 2924 Spooler - ok
18:05:08.0748 2924 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NAV\1309010.00E\SRTSP.SYS
18:05:08.0777 2924 SRTSP - ok
18:05:08.0797 2924 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NAV\1309010.00E\SRTSPX.SYS
18:05:08.0808 2924 SRTSPX - ok
18:05:08.0929 2924 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:05:09.0022 2924 srv - ok
18:05:09.0048 2924 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:05:09.0128 2924 srv2 - ok
18:05:09.0153 2924 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:05:09.0212 2924 srvnet - ok
18:05:09.0250 2924 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:05:09.0277 2924 SSDPSRV - ok
18:05:09.0294 2924 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:05:09.0311 2924 SstpSvc - ok
18:05:09.0333 2924 [ B218068EBA6F46F102B4218BDB81BE0B ] STacSV C:\Windows\system32\STacSV.exe
18:05:09.0448 2924 STacSV - ok
18:05:09.0485 2924 Steam Client Service - ok
18:05:09.0558 2924 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:05:09.0588 2924 Stereo Service - ok
18:05:09.0627 2924 [ 167909A1C36AA3E8F2582962F0CCC748 ] STHDA C:\Windows\system32\drivers\stwrt.sys
18:05:09.0684 2924 STHDA - ok
18:05:09.0747 2924 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:05:09.0808 2924 stisvc - ok
18:05:10.0034 2924 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:05:10.0047 2924 stllssvr - ok
18:05:10.0088 2924 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:05:10.0123 2924 swenum - ok
18:05:10.0156 2924 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:05:10.0202 2924 swprv - ok
18:05:10.0248 2924 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:05:10.0260 2924 Symc8xx - ok
18:05:10.0416 2924 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NAV\1309010.00E\SYMDS.SYS
18:05:10.0435 2924 SymDS - ok
18:05:10.0468 2924 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NAV\1309010.00E\SYMEFA.SYS
18:05:10.0556 2924 SymEFA - ok
18:05:10.0705 2924 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
18:05:10.0717 2924 SymEvent - ok
18:05:10.0722 2924 SymIMMP - ok
18:05:10.0754 2924 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NAV\1309010.00E\Ironx86.SYS
18:05:10.0767 2924 SymIRON - ok
18:05:10.0783 2924 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NAV\1309010.00E\SYMTDIV.SYS
18:05:10.0833 2924 SYMTDIv - ok
18:05:10.0856 2924 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:05:10.0889 2924 Sym_hi - ok
18:05:10.0920 2924 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:05:10.0943 2924 Sym_u3 - ok
18:05:11.0113 2924 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:05:11.0154 2924 SysMain - ok
18:05:11.0190 2924 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:11.0283 2924 TabletInputService - ok
18:05:11.0320 2924 [ D8C94D074FE516A8509DFA1D81F8AD17 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
18:05:11.0393 2924 tap0901 - ok
18:05:11.0592 2924 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:05:11.0648 2924 TapiSrv - ok
18:05:11.0675 2924 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:05:11.0745 2924 TBS - ok
18:05:11.0858 2924 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:05:11.0993 2924 Tcpip - ok
18:05:12.0036 2924 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:05:12.0074 2924 Tcpip6 - ok
18:05:12.0189 2924 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:05:12.0339 2924 tcpipreg - ok
18:05:12.0458 2924 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:05:12.0481 2924 TDPIPE - ok
18:05:12.0513 2924 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:05:12.0589 2924 TDTCP - ok
18:05:12.0660 2924 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:05:12.0680 2924 tdx - ok
18:05:12.0699 2924 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:05:12.0739 2924 TermDD - ok
18:05:12.0862 2924 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:05:12.0971 2924 TermService - ok
18:05:13.0089 2924 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:05:13.0105 2924 Themes - ok
18:05:13.0152 2924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:05:13.0196 2924 THREADORDER - ok
18:05:13.0318 2924 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:05:13.0396 2924 TrkWks - ok
18:05:13.0502 2924 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:13.0522 2924 TrustedInstaller - ok
18:05:13.0609 2924 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:13.0662 2924 tssecsrv - ok
18:05:13.0695 2924 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:05:13.0766 2924 tunmp - ok
18:05:13.0850 2924 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:05:13.0900 2924 tunnel - ok
18:05:13.0988 2924 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:05:14.0040 2924 uagp35 - ok
18:05:14.0130 2924 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:05:14.0170 2924 udfs - ok
18:05:14.0300 2924 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:05:14.0332 2924 UI0Detect - ok
18:05:14.0357 2924 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:05:14.0387 2924 uliagpkx - ok
18:05:14.0421 2924 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:05:14.0455 2924 uliahci - ok
18:05:14.0481 2924 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:05:14.0514 2924 UlSata - ok
18:05:14.0537 2924 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:05:14.0571 2924 ulsata2 - ok
18:05:14.0584 2924 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:05:14.0608 2924 umbus - ok
18:05:14.0622 2924 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:05:14.0678 2924 upnphost - ok
18:05:14.0723 2924 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:14.0744 2924 usbccgp - ok
18:05:14.0770 2924 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:05:14.0844 2924 usbcir - ok
18:05:14.0910 2924 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:05:14.0971 2924 usbehci - ok
18:05:15.0064 2924 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:05:15.0125 2924 usbhub - ok
18:05:15.0146 2924 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:05:15.0228 2924 usbohci - ok
18:05:15.0256 2924 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:05:15.0283 2924 usbprint - ok
18:05:15.0360 2924 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:05:15.0404 2924 usbscan - ok
18:05:15.0434 2924 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:15.0460 2924 USBSTOR - ok
18:05:15.0474 2924 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:05:15.0522 2924 usbuhci - ok
18:05:15.0666 2924 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:05:15.0725 2924 UxSms - ok
18:05:15.0863 2924 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:05:15.0901 2924 vds - ok
18:05:15.0958 2924 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:16.0053 2924 vga - ok
18:05:16.0086 2924 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:05:16.0140 2924 VgaSave - ok
18:05:16.0173 2924 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:05:16.0188 2924 viaagp - ok
18:05:16.0218 2924 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:05:16.0242 2924 ViaC7 - ok
18:05:16.0274 2924 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:05:16.0307 2924 viaide - ok
18:05:16.0333 2924 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:05:16.0366 2924 volmgr - ok
18:05:16.0451 2924 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:05:16.0471 2924 volmgrx - ok
18:05:16.0609 2924 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:05:16.0709 2924 volsnap - ok
18:05:16.0939 2924 [ 19AFBA7191A78EDCA6D235456D65E002 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:05:16.0971 2924 vpnagent - ok
18:05:16.0996 2924 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
18:05:17.0018 2924 vpnva - ok
18:05:17.0072 2924 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:05:17.0087 2924 vsmraid - ok
18:05:17.0195 2924 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:05:17.0289 2924 VSS - ok
18:05:17.0340 2924 [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
18:05:17.0401 2924 VSTHWBS2 - ok
18:05:17.0464 2924 [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:05:17.0568 2924 VST_DPV - ok
18:05:17.0619 2924 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:05:17.0644 2924 W32Time - ok
18:05:17.0660 2924 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:05:17.0761 2924 WacomPen - ok
18:05:17.0795 2924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:05:17.0882 2924 Wanarp - ok
18:05:17.0893 2924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:05:17.0911 2924 Wanarpv6 - ok
18:05:18.0059 2924 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:05:18.0143 2924 wcncsvc - ok
18:05:18.0171 2924 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:18.0231 2924 WcsPlugInService - ok
18:05:18.0256 2924 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:05:18.0290 2924 Wd - ok
18:05:18.0349 2924 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:05:18.0426 2924 Wdf01000 - ok
18:05:18.0457 2924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:05:18.0512 2924 WdiServiceHost - ok
18:05:18.0515 2924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:05:18.0541 2924 WdiSystemHost - ok
18:05:18.0586 2924 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:05:18.0682 2924 WebClient - ok
18:05:18.0762 2924 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:05:18.0928 2924 Wecsvc - ok
18:05:18.0952 2924 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:05:19.0002 2924 wercplsupport - ok
18:05:19.0039 2924 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:05:19.0078 2924 WerSvc - ok
18:05:19.0115 2924 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:05:19.0196 2924 winachsf - ok
18:05:19.0376 2924 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:05:19.0415 2924 WinDefend - ok
18:05:19.0421 2924 WinHttpAutoProxySvc - ok
18:05:19.0766 2924 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:05:19.0808 2924 Winmgmt - ok
18:05:20.0146 2924 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:05:20.0261 2924 WinRM - ok
18:05:20.0313 2924 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS
18:05:20.0379 2924 WinUsb - ok
18:05:20.0410 2924 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:05:20.0487 2924 Wlansvc - ok
18:05:20.0521 2924 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:05:20.0594 2924 WmiAcpi - ok
18:05:20.0670 2924 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:05:20.0702 2924 wmiApSrv - ok
18:05:20.0982 2924 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:05:21.0196 2924 WMPNetworkSvc - ok
18:05:21.0305 2924 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:05:21.0414 2924 WPCSvc - ok
18:05:21.0454 2924 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:05:21.0564 2924 WPDBusEnum - ok
18:05:21.0624 2924 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:05:21.0679 2924 WpdUsb - ok
18:05:21.0975 2924 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:05:22.0035 2924 WPFFontCache_v0400 - ok
18:05:22.0059 2924 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:05:22.0108 2924 ws2ifsl - ok
18:05:22.0197 2924 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:05:22.0256 2924 wscsvc - ok
18:05:22.0260 2924 WSearch - ok
18:05:22.0688 2924 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:05:22.0873 2924 wuauserv - ok
18:05:22.0932 2924 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:05:23.0677 2924 WudfPf - ok
18:05:23.0799 2924 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:23.0862 2924 WUDFRd - ok
18:05:23.0929 2924 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:05:23.0975 2924 wudfsvc - ok
18:05:24.0003 2924 ZTEusbmdm6k - ok
18:05:24.0024 2924 ZTEusbnmea - ok
18:05:24.0035 2924 ZTEusbser6k - ok
18:05:24.0073 2924 ================ Scan global ===============================
18:05:24.0147 2924 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:05:24.0262 2924 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:05:24.0322 2924 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:05:24.0437 2924 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:05:24.0465 2924 [Global] - ok
18:05:24.0465 2924 ================ Scan MBR ==================================
18:05:24.0494 2924 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:05:27.0082 2924 \Device\Harddisk0\DR0 - ok
18:05:27.0082 2924 ================ Scan VBR ==================================
18:05:27.0115 2924 [ C5729975CDB07999FC37B2699DB083B7 ] \Device\Harddisk0\DR0\Partition1
18:05:27.0124 2924 \Device\Harddisk0\DR0\Partition1 - ok
18:05:27.0165 2924 [ 246605E9FA7AB375DD7D32FA0604CC11 ] \Device\Harddisk0\DR0\Partition2
18:05:27.0189 2924 \Device\Harddisk0\DR0\Partition2 - ok
18:05:27.0189 2924 ============================================================
18:05:27.0189 2924 Scan finished
18:05:27.0189 2924 ============================================================
18:05:27.0199 1156 Detected object count: 3
18:05:27.0199 1156 Actual detected object count: 3
18:07:41.0052 1156 ggsemc ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:41.0052 1156 ggsemc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:07:41.0055 1156 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:41.0055 1156 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:07:41.0057 1156 KodakSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:41.0057 1156 KodakSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:57.0786 6020 Deinitialize success
Myriam Geändert von Sacajewia (13.04.2013 um 19:00 Uhr) |
|
15.04.2013, 10:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Account macht sich selbstständig - Virensuche erfolglos Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2013, 11:52
| #5 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos Combofix erledigt Code:
ATTFilter ComboFix 13-04-15.01 - Myriam 15.04.2013 12:38:37.1.4 - x86
ausgeführt von:: c:\users\Myriam\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-15 bis 2013-04-15 ))))))))))))))))))))))))))))))
.
.
2013-04-15 10:46 . 2013-04-15 10:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-15 10:46 . 2013-04-15 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-14 13:46 . 2013-04-14 13:46 -------- d-----w- C:\found.000
2013-04-12 12:18 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A9BFB70-6A8B-4D8F-A847-33047DAF3F89}\mpengine.dll
2013-04-12 10:34 . 2013-04-12 10:34 26520 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-04-12 10:25 . 2013-04-12 10:25 -------- d-----w- c:\users\Myriam\AppData\Roaming\SUPERAntiSpyware.com
2013-04-12 10:25 . 2013-04-12 10:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-04-12 10:25 . 2013-04-12 10:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-04-12 10:22 . 2013-04-12 10:22 -------- d-----w- c:\users\Myriam\AppData\Roaming\Malwarebytes
2013-04-12 10:22 . 2013-04-12 10:22 -------- d-----w- c:\programdata\Malwarebytes
2013-04-12 10:22 . 2013-04-12 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-12 10:22 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-05 13:55 . 2013-04-05 13:55 -------- d-----w- c:\program files\Dropbox
2013-03-20 11:21 . 2013-03-20 11:21 -------- d-----w- c:\users\Myriam\AppData\Local\Macromedia
2013-03-20 11:14 . 2013-03-20 11:14 -------- d-----w- c:\programdata\Apple Computer
2013-03-20 11:10 . 2013-03-20 11:10 -------- d-----w- c:\program files\Apple Software Update
2013-03-20 10:37 . 2013-03-20 10:37 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 10:22 . 2013-03-20 10:22 -------- d-----w- c:\program files\Lame For Audacity
2013-03-20 09:18 . 2013-04-15 08:55 -------- d-----w- c:\users\Myriam\AppData\Roaming\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 10:06 . 2012-05-14 08:52 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 10:06 . 2012-03-06 12:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 10:37 . 2013-01-18 14:53 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-20 10:37 . 2011-04-27 18:44 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 23:10 . 2009-11-09 21:12 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-25 22:22 . 2013-02-25 22:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:22 . 2012-02-09 20:43 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-25 22:22 . 2013-02-25 22:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:22 . 2013-01-09 12:25 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-25 22:22 . 2012-10-10 20:14 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-25 22:22 . 2008-08-15 03:49 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-25 22:22 . 2012-10-10 20:14 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-25 22:22 . 2013-02-25 22:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:22 . 2013-02-25 22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:22 . 2013-02-25 22:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-25 22:22 . 2013-02-25 22:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:22 . 2013-02-25 22:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-12 01:57 . 2013-03-14 22:22 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-18 14:21 . 2010-01-11 21:18 4133664 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 14:21 . 2010-01-11 21:18 3005728 ----a-w- c:\windows\system32\nvsvc.dll
2013-01-18 14:20 . 2010-01-11 21:18 639776 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 14:20 . 2010-01-11 21:18 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 14:20 . 2010-01-11 21:18 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 14:20 . 2010-01-11 21:18 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 06:15 . 2013-01-18 06:15 550176 ----a-w- c:\windows\system32\nvStreaming.exe
2013-04-12 10:34 . 2013-03-08 10:18 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Myriam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Myriam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Myriam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:45]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:45]
.
2013-04-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sacajewia.yfw24.de/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\8ktg4j01.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sacajewia.yfw24.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - ExtSQL: !HIDDEN! 2009-07-30 19:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-15 12:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-15 12:47:48
ComboFix-quarantined-files.txt 2013-04-15 10:47
.
Vor Suchlauf: 13 Verzeichnis(se), 186.379.706.368 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 208.096.780.288 Bytes frei
.
- - End Of File - - C0A12D1D857890F07131D31AB5A61B9D
|
|
15.04.2013, 12:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Account macht sich selbstständig - Virensuche erfolglos JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Yahoo Account macht sich selbstständig - Virensuche erfolglos |
|
15.04.2013, 13:07
| #7 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos Done JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Myriam on 15.04.2013 at 13:28:42,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ FireFox
Emptied folder: C:\Users\Myriam\AppData\Roaming\mozilla\firefox\profiles\8ktg4j01.default\minidumps [10 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2013 at 13:32:27,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 15/04/2013 um 13:34:55 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Myriam - MYRIAM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Myriam\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19412
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\8ktg4j01.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2022 octets] - [15/04/2013 13:34:55]
########## EOF - C:\AdwCleaner[S1].txt - [2082 octets] ##########
Code:
ATTFilter OTL logfile created on: 15.04.2013 13:44:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myriam\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19412) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,50% Memory free 6,19 Gb Paging File | 4,38 Gb Available in Paging File | 70,81% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 450,69 Gb Total Space | 195,76 Gb Free Space | 43,44% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Myriam\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company) PRC - C:\Programme\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe () PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll () MOD - C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe () ========== Services (SafeList) ========== SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation) SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company) SRV - (KodakSvc) -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company) SRV - (RoxLiveShare10) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions) SRV - (RoxWatch10) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions) SRV - (RoxMediaDB10) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (jnv4_mib) -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Myriam\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130414.006\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130414.006\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130412.001\IDSvix86.sys (Symantec Corporation) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1309010.00E\symtdiv.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys (Symantec Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sacajewia.yfw24.de/ IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes\{D348BADA-AED4-422D-84DE-B8C9BDA6386C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.sacajewia.yfw24.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.01 10:59:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M] [2010.04.15 14:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions [2008.10.06 22:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions\info@zla.bs [2013.01.03 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions [2011.04.07 19:15:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.08 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 12:34:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.01 14:06:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.01 14:06:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.01 14:06:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.01 14:06:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.01 14:06:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.01 14:06:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.15 12:46:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD226102-D412-4584-BE6A-F573DAD411F6}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.15 13:28:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.15 13:28:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.15 12:47:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.15 12:47:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.15 12:34:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.15 12:34:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.15 12:34:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.15 12:34:21 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.15 12:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.15 12:29:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.14 15:46:53 | 000,000,000 | ---D | C] -- C:\found.000 [2013.04.12 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\SUPERAntiSpyware.com [2013.04.12 12:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.04.12 12:22:46 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Malwarebytes [2013.04.12 12:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.12 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.12 12:22:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.12 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.11 18:10:52 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.11 18:10:52 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.11 18:10:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.11 18:10:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.11 18:10:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.11 18:10:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013.04.11 18:10:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.11 18:10:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.11 18:10:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.11 18:10:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.11 18:10:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.11 18:10:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.11 18:10:46 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.11 18:10:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.11 18:10:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.11 18:10:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.11 18:10:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.11 18:10:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.11 18:10:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.11 18:10:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.11 18:10:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.11 18:10:44 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.11 18:10:44 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.05 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2013.03.20 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Local\Macromedia [2013.03.20 13:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.20 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.03.20 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.03.20 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013.03.20 12:38:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.20 12:37:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.20 12:37:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.20 12:37:27 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.20 12:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity [2013.03.20 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Audacity [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.15 13:37:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.15 13:36:59 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.15 13:36:59 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.15 13:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.15 13:35:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.15 12:46:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.15 12:36:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.15 12:25:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job [2013.04.15 11:09:19 | 000,691,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.15 11:09:19 | 000,649,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.15 11:09:19 | 000,154,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.15 11:09:19 | 000,126,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.15 02:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job [2013.04.14 17:59:30 | 000,000,512 | ---- | M] () -- C:\Users\Myriam\Desktop\MBR.dat [2013.04.12 22:32:58 | 000,105,472 | ---- | M] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 18:08:16 | 000,000,000 | ---- | M] () -- C:\Users\Myriam\defogger_reenable [2013.04.12 17:25:27 | 000,002,016 | ---- | M] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37} [2013.04.12 12:25:14 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.12 12:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.12 12:06:41 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.12 12:06:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.12 03:23:01 | 000,358,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.05 15:57:38 | 000,000,965 | ---- | M] () -- C:\Users\Myriam\Desktop\Dropbox.lnk [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 13:14:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.20 12:37:12 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.20 12:37:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.20 12:37:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.20 12:37:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.20 12:37:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.20 12:37:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.20 11:18:31 | 000,000,806 | ---- | M] () -- C:\Users\Myriam\Desktop\Audacity.lnk [2013.03.20 10:18:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000015B3.LCS [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.15 12:34:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.15 12:34:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.15 12:34:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.15 12:34:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.15 12:34:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.14 17:59:30 | 000,000,512 | ---- | C] () -- C:\Users\Myriam\Desktop\MBR.dat [2013.04.12 18:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Myriam\defogger_reenable [2013.04.12 17:25:25 | 000,002,016 | ---- | C] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37} [2013.04.12 12:25:37 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job [2013.04.12 12:25:36 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job [2013.04.12 12:25:14 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.12 12:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.20 13:14:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.20 11:18:31 | 000,000,806 | ---- | C] () -- C:\Users\Myriam\Desktop\Audacity.lnk [2013.03.19 17:10:02 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000015B3.LCS [2013.01.18 16:57:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2012.10.04 20:07:25 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.09.26 21:36:19 | 000,001,574 | ---- | C] () -- C:\Users\Myriam\.recently-used.xbel [2011.01.27 15:46:48 | 000,000,680 | ---- | C] () -- C:\Users\Myriam\AppData\Local\d3d9caps.dat [2010.10.27 11:15:55 | 000,001,940 | ---- | C] () -- C:\Users\Myriam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.03.12 14:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Myriam\AppData\Local\fusioncache.dat [2010.03.10 23:29:52 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.03.10 23:28:30 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.07 20:10:05 | 039,048,624 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_image32.Cache [2008.10.07 20:10:04 | 002,375,716 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_audio.Cache [2008.08.28 17:35:31 | 000,000,270 | ---- | C] () -- C:\Users\Myriam\AppData\Roaming\wklnhst.dat [2008.08.23 15:19:35 | 000,105,472 | ---- | C] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.04.2013 13:44:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,50% Memory free
6,19 Gb Paging File | 4,38 Gb Available in Paging File | 70,81% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 195,76 Gb Free Space | 43,44% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8F8E2D-677E-4047-AA24-CA20D9DE3D74}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CC2F914-B5BC-4F42-AB32-A4D3311CEDCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D39A2B5-68C0-47B7-B6FC-BFCFC468A03A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1246FBDC-1E0B-47FB-BEFA-27750678113B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{46ED7DAB-D7FC-48A2-BACD-DD6E7089D769}" = rport=10243 | protocol=6 | dir=out | app=system |
"{507D743D-BD98-4431-9746-96229266CF0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51E40662-C5FB-42D1-991A-4DFD7AAA4816}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61003B25-8C50-428D-AB20-34758EBAF052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6278AC08-C05C-4659-B674-60A5EABC3B7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6960348A-6A51-44E1-9781-79893ABADB2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B44C1BE-7358-41C9-B4EE-599EBA4A07C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{76B0B33F-F528-4E84-8EDC-B94982E1F27F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7AAB8082-F175-487B-BFEB-60F3065E0F1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{816D2907-EA11-4362-8471-69B8B93AFAA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{92FFA179-BEF6-42AC-A845-54753E9A1A9E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{A9A941B6-80A4-463C-B872-8441D12A7B82}" = rport=138 | protocol=17 | dir=out | app=system |
"{D28D7570-029C-49F9-923F-C0E7B7F77882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D51247CA-AD98-4616-B05E-4E2A46ED25F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9C9BB91-D863-4E02-9610-E8187FC54B64}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{E225B8D8-121C-4EFF-95FC-232056FCB729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEB79099-BAC0-41F9-A269-16FD6DA148F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F00DC730-88B6-467A-BAFB-DB64E231F7E1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F019CF87-942B-42C1-AD85-336605D53FC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{F820B161-F58B-4943-A256-13CC521465A3}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015EAFED-D196-40D7-9BB7-05F7DB0954E8}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{07DC966F-AF57-42F2-93EC-598474FC7D26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13C46594-FA44-47C4-9EAA-F7F7E282F81A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{17D20452-9800-4DD9-84D3-B2F4EC34184A}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{18AACA02-7B95-4E5A-80ED-85FC8BCA1B7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E9400D8-BAE5-4B54-819F-E755ADD212C4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{2176A2EE-E56A-48F5-8B5A-59346CE609F4}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{26F75F16-F043-45EA-8308-3A4C8C8C4FA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{30B0C95A-A486-4899-BE43-619A3B15DC7A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3188185F-2D62-4205-A8C8-B71D734E40DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe |
"{367650DE-B9EE-44D7-BBC7-87DADEE68E30}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{385A4E4F-3B79-4504-B684-115EC5281BBF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{437CAFD3-5780-456C-B9EE-089A8F708549}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45F7D31F-9318-4B15-9657-734AC3FB5E67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4751E395-79B0-4330-96CE-39BD2880BEB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4ACEE7D6-8C43-4D7A-859E-86FED02005EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{55173B6F-586B-424A-A2EB-51D1C1BA4908}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5674A47E-0EC6-40A5-8688-EF39B3143892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61F4A8BD-E03A-4D43-8937-5C76ADC4B7AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A2521AF-3FF6-4195-AB63-42F7B507F4C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71256B30-870D-481F-AD31-4F33B5D1FF78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FD5E20B-37B7-4795-A441-3A5003FA32AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FD873D7-B15B-415E-8444-7305B024B4CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{81B0BCCD-3476-4AAC-907A-A993CDD5E84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{8A0B390D-E738-4EAA-8D70-9812AE4FFA18}" = protocol=6 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe |
"{8D70644F-DDE7-4571-AA65-D5BA9F0E096B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{8E25BCB3-455B-4ED3-B085-6C1C177B5792}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{91B76FAB-B8DA-4F8A-A98B-4D1E3EAA1ADF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{995F8E31-62AE-4A86-B286-E4E9FDB41878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{996C5683-5301-4016-B7BC-3FD8098E0344}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{99A4B8A9-D14E-4038-8E83-1FB7F800C6A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9C28CE91-5AE9-43C9-A9BC-9AE708FF6A22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9F2CEAA9-FD44-4559-9F9D-EFF151050EC3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A0CD47D7-5B95-43D1-B046-53063E706EDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A2993279-8E58-4804-BEB1-6ABC83E03BD9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{A3D04630-24B7-4C10-B62F-2DD661C2C750}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A55E4E44-6B42-49A4-9457-CA1A361821D9}" = protocol=17 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3521D14-5E51-405D-A4A6-A2ACEAB1E914}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F44E35-E34D-4384-94FE-35A1D8912FA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe |
"{D26900B8-638F-4C78-92E4-17B718901F31}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DBE48E50-7845-4C36-BB3B-ABD5A6B87FC8}" = protocol=6 | dir=out | app=system |
"{E0DAF8DE-1037-4C58-A7F7-F418738E24A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4154EED-EF2C-47BE-AC8C-754B8E2A1306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9A00FF0-995F-4993-886B-80513749D2AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA4FCE7C-A19A-48DB-A45C-2EF63793E92D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC80D682-CADE-4486-A4A9-610BA5704BE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEE4C139-2C19-4C13-9A9D-0A6496DEC567}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F0F471BE-9405-42C3-8C2C-05FFB83D6083}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F13DA791-72CC-493E-A137-EA6C9DDAD72A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F41EE4B1-AE3B-4144-B6F6-84C838A8D0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4EE3612-6280-4596-998B-8317E2022087}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{FA50FB17-2975-4BB8-8D49-7E05D16073FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF171E50-BC2F-4CDC-944A-5AD6981DE397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{15EA6954-DC5F-4FFE-9F99-4723A59A7489}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{225AE057-4BFF-4FA9-9C29-7ED5621E80A5}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{3ECFD284-C5C5-4701-B75A-8EF249D05C05}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{43B63FAB-7A1A-4950-ACF7-6E113D7F83D4}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{4920D7BB-0C6C-431E-9029-79044BD61ED6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5CB060C1-4B2D-4243-8E58-9E2ABF2B3D43}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{5FCCF948-FB48-4861-9384-51C777EAED63}C:\users\myriam\downloads\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe |
"TCP Query User{74C8D1F1-4980-4FCC-AF88-532944F43415}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{AB399E19-7F47-4CA3-AD21-6C237236F08A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{C82C56EA-6252-4FB1-9741-F3E9DAC58065}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{CE606602-90A2-4F64-BBBB-6528E452D021}C:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"TCP Query User{D92F0F33-47D8-4046-807E-DF026547032A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{EC4CA91E-1EFD-4171-8730-4E4719D83094}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{00D8DCE6-ABC6-4D4F-B259-123EE5B9B1AE}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{3B2DB38F-F922-44F9-9D86-9B763454FEDB}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{3B3A35D8-42E0-4E73-9280-13D50C5F90D0}C:\users\myriam\downloads\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe |
"UDP Query User{3C83304D-6010-4FD6-A2FC-F4B1FBABB74C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{3D4E8D28-6583-4F3F-ABB6-61F7D0BB8D33}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{50AA09BD-BFA4-431F-816C-98CE0E2F3BDC}C:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"UDP Query User{646E7007-8F04-4A61-8FDC-183EAABC9BAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{65AC74DF-E366-4912-BAF3-5BF615C5F6D5}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{6D0E4FAD-8789-4B9C-9BE4-8297132442D7}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{A6A49604-E714-4DDE-BF26-AC964A7569B6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B8AE7ACA-D04F-476E-8479-26BA1A0A5F67}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{D8E4F352-81EC-4EDD-8008-23D8FEA2607D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{FF3DD940-C197-4E0A-885B-83B62874F008}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07222CAA-F008-48D1-B09F-3F23FCCD610C}" = IBM SPSS Statistics 19 Help Packs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = Kodak All-in-One-Druckersoftware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Bink and Smacker" = Bink and Smacker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"f42012" = f4 2012
"Google Desktop" = Google Desktop
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NAVIGON Fresh" = NAVIGON Fresh 1.6.2
"NAVIGON Sync" = NAVIGON Sync 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2013 07:35:42 | Computer Name = Myriam-PC | Source = .NET Runtime | ID = 0
Description =
Error - 15.04.2013 07:38:26 | Computer Name = Myriam-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
112 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.04.2013 07:37:37 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 15.04.2013 07:40:32 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 520 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 15.04.2013 07:40:33 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 15.04.2013 07:40:37 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 15.04.2013 07:40:40 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1336 NULL object. Cannot establish a connection at this time.
Error - 15.04.2013 07:40:40 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
[ System Events ]
Error - 15.04.2013 07:35:44 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 15.04.2013 07:38:27 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2013 07:39:55 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 15.04.2013 07:40:25 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 15.04.2013 07:40:25 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.04.2013 07:42:45 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 15.04.2013 07:42:45 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 15.04.2013 07:42:45 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
 Und was war jetzt? lg Myriam |
|
15.04.2013, 13:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Account macht sich selbstständig - Virensuche erfolglosFixen mit OTL
Code:
ATTFilter :OTL
DRV - (jnv4_mib) -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys File not found
[2013.04.14 15:46:53 | 000,000,000 | ---D | C] -- C:\found.000
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2013, 13:40
| #9 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos OTL Moved Files Code:
ATTFilter All processes killed
========== OTL ==========
Service jnv4_mib stopped successfully!
Service jnv4_mib deleted successfully!
File C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys File not found not found.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Myriam\Downloads\cmd.bat deleted successfully.
C:\Users\Myriam\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Myriam
->Temp folder emptied: 289502 bytes
->Temporary Internet Files folder emptied: 146947183 bytes
->Java cache emptied: 24879803 bytes
->FireFox cache emptied: 77532691 bytes
->Flash cache emptied: 269165 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 239,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 04152013_143349
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
15.04.2013, 13:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Account macht sich selbstständig - Virensuche erfolglos Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2013, 17:08
| #11 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos Beides negativ  mbam Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.15.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19412 Myriam :: MYRIAM-PC [Administrator] Schutz: Aktiviert 15.04.2013 14:52:34 mbam-log-2013-04-15 (14-52-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237605 Laufzeit: 6 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46b0479f554c1544a2b86b8965e5dc7a
# engine=13621
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-15 03:56:44
# local_time=2013-04-15 05:56:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3590 16777213 100 97 1483009 185059590 0 0
# compatibility_mode=5892 16776574 100 100 0 203574132 0 0
# scanned=249623
# found=0
# cleaned=0
# scan_time=10411
Ja und was hatte ich mir jetzt eingefangen???lg Myriam |
|
15.04.2013, 20:14
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Account macht sich selbstständig - Virensuche erfolglos Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2013, 21:36
| #13 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos Alles bestens dann noch aufräumen? lg Myriam |
|
15.04.2013, 21:37
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Account macht sich selbstständig - Virensuche erfolglos Dann wären wir durch!  Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2013, 09:04
| #15 |
| | Yahoo Account macht sich selbstständig - Virensuche erfolglos Das wäre aber auch zu schön gewesen wenn jetzt einfach so alles glatt gegangen wär  Äh ja Kurzfassung. Hab gestern deine Liste abgearbeitet, da ist aber irgendwas schief gegangen ... auf jeden Fall hat sich mein PC aufgehängt, rumgesponnen und hing dann heut in ner Neustartschleife fest. Startupreparatur hat nix gefunden. Hab mein System wieder hergestellt. Und zwar auf den Stand von vorgestern 14.04. um 14:58 (der einzige Systemwiederherstellungspunkt vor dem ganzen Chaos). Nun ja das war noch bevor ich die drei Analysen vor dem Combofix gemacht hab ... So. Aktuell scheint (fast) alles was ich probiert habe zu funzen. Also Browser öffnen und diese Seite aufrufen Mein VPN-Client beschwert sich dass er keine Verbindung mehr aufbauen kann. Aber der zickt auch manchmal einfach nur. Mehr weiß ich jetzt net. So und was jetzt? nochmal der ganze Spaß? Oder was tu ich jetzt OHNE mein System zu schrotten?  Äh ja. Ich hoffe du kannst mir helfen.... lg Myriam Edit: VPN-Client hat nur rumgezickt. Funzt wieder |
|
| Themen zu Yahoo Account macht sich selbstständig - Virensuche erfolglos |
| 7-zip, account, anti-malware, battle.net, canon, computer, computern, daten, externe festplatte, festplatte, forum, gelöscht, geändert, google, hilfe!, hängt, install.exe, intranet, link, malwarebytes, neu, nicht mehr, nichts, ntdll.dll, platte, plug-in, spark, suche, system, verdächtige, verschiedene, yahoo, zunge |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
