| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AOL Mailadresse verschickt SpamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.05.2013, 22:08
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  AOL Mailadresse verschickt Spam aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.05.2013, 21:41
| #17 |
 | AOL Mailadresse verschickt Spam Der Scan von aswmbr ist leider abgebrochen, soll ich es jetzt mit der Einstellung none versuchen?
__________________ |
|
21.05.2013, 22:05
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt Spam Ja so stehts in der Anleitung
__________________
__________________ |
|
22.05.2013, 20:39
| #19 |
| | AOL Mailadresse verschickt Spam Hallo, der logfile von aswmbr ist: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-22 21:23:32
-----------------------------
21:23:32.220 OS Version: Windows 6.1.7601 Service Pack 1
21:23:32.220 Number of processors: 2 586 0xF06
21:23:32.235 ComputerName: ANGELA-NOTEBOOK UserName: Angela
21:23:36.619 Initialize success
21:23:51.610 AVAST engine defs: 13052101
21:24:13.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:24:13.232 Disk 0 Vendor: ST9250410ASG 0002SDM1 Size: 238475MB BusType: 11
21:24:13.326 Disk 0 MBR read successfully
21:24:13.326 Disk 0 MBR scan
21:24:13.388 Disk 0 Windows 7 default MBR code
21:24:13.404 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:24:13.435 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
21:24:13.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 138473 MB offset 204800000
21:24:13.466 Disk 0 scanning sectors +488392704
21:24:13.575 Disk 0 scanning C:\Windows\system32\drivers
21:24:27.568 Service scanning
21:25:02.529 Modules scanning
21:25:15.290 Disk 0 trace - called modules:
21:25:15.321 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:25:15.321 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8556f948]
21:25:15.321 3 CLASSPNP.SYS[8798059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85480030]
21:25:15.337 Scan finished successfully
21:25:40.921 Disk 0 MBR has been saved successfully to "C:\Users\Angela\Desktop\MBR.dat"
21:25:40.936 The log file has been saved successfully to "C:\Users\Angela\Desktop\aswMBR.txt"
Code:
ATTFilter 21:32:09.0045 5180 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:32:11.0104 5180 ============================================================
21:32:11.0104 5180 Current date / time: 2013/05/22 21:32:11.0104
21:32:11.0104 5180 SystemInfo:
21:32:11.0104 5180
21:32:11.0104 5180 OS Version: 6.1.7601 ServicePack: 1.0
21:32:11.0104 5180 Product type: Workstation
21:32:11.0104 5180 ComputerName: ANGELA-NOTEBOOK
21:32:11.0104 5180 UserName: Angela
21:32:11.0104 5180 Windows directory: C:\Windows
21:32:11.0104 5180 System windows directory: C:\Windows
21:32:11.0104 5180 Processor architecture: Intel x86
21:32:11.0104 5180 Number of processors: 2
21:32:11.0104 5180 Page size: 0x1000
21:32:11.0104 5180 Boot type: Normal boot
21:32:11.0104 5180 ============================================================
21:32:21.0088 5180 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:32:21.0977 5180 ============================================================
21:32:21.0977 5180 \Device\Harddisk0\DR0:
21:32:22.0913 5180 MBR partitions:
21:32:22.0913 5180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:32:22.0913 5180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
21:32:22.0913 5180 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x10E74800
21:32:22.0913 5180 ============================================================
21:32:23.0803 5180 C: <-> \Device\Harddisk0\DR0\Partition2
21:32:24.0115 5180 E: <-> \Device\Harddisk0\DR0\Partition3
21:32:24.0957 5180 ============================================================
21:32:24.0957 5180 Initialize success
21:32:24.0957 5180 ============================================================
21:35:11.0503 3664 ============================================================
21:35:11.0503 3664 Scan started
21:35:11.0503 3664 Mode: Manual; SigCheck; TDLFS;
21:35:11.0503 3664 ============================================================
21:35:15.0403 3664 ================ Scan system memory ========================
21:35:15.0403 3664 System memory - ok
21:35:15.0403 3664 ================ Scan services =============================
21:35:15.0575 3664 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:35:16.0089 3664 1394ohci - ok
21:35:16.0152 3664 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:35:16.0167 3664 ACPI - ok
21:35:16.0230 3664 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:35:16.0370 3664 AcpiPmi - ok
21:35:16.0417 3664 [ 45D8E2A2D8B9F33C32A7ADB6900C6E04 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
21:35:16.0495 3664 acsock - ok
21:35:16.0542 3664 [ 4897455C9EA1D28E4E0980DA497C316D ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:35:16.0651 3664 ADIHdAudAddService - ok
21:35:16.0729 3664 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:35:16.0776 3664 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:35:16.0776 3664 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:35:16.0901 3664 [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
21:35:16.0932 3664 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
21:35:16.0932 3664 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
21:35:17.0025 3664 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:35:17.0057 3664 AdobeARMservice - ok
21:35:17.0135 3664 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:35:17.0181 3664 AdobeFlashPlayerUpdateSvc - ok
21:35:17.0228 3664 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:17.0275 3664 adp94xx - ok
21:35:17.0291 3664 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:35:17.0306 3664 adpahci - ok
21:35:17.0322 3664 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:35:17.0337 3664 adpu320 - ok
21:35:17.0369 3664 [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
21:35:17.0400 3664 AEADIFilters - ok
21:35:17.0431 3664 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:35:17.0587 3664 AeLookupSvc - ok
21:35:17.0634 3664 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:35:17.0759 3664 AFD - ok
21:35:17.0821 3664 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
21:35:17.0993 3664 AgereSoftModem - ok
21:35:18.0024 3664 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:35:18.0039 3664 agp440 - ok
21:35:18.0086 3664 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:35:18.0149 3664 aic78xx - ok
21:35:18.0180 3664 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:35:18.0258 3664 ALG - ok
21:35:18.0289 3664 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:35:18.0305 3664 aliide - ok
21:35:18.0336 3664 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:35:18.0351 3664 amdagp - ok
21:35:18.0383 3664 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:35:18.0414 3664 amdide - ok
21:35:18.0461 3664 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:35:18.0554 3664 AmdK8 - ok
21:35:18.0570 3664 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:35:18.0663 3664 AmdPPM - ok
21:35:18.0695 3664 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:35:18.0710 3664 amdsata - ok
21:35:18.0726 3664 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:18.0757 3664 amdsbs - ok
21:35:18.0773 3664 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:35:18.0804 3664 amdxata - ok
21:35:18.0851 3664 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:35:19.0022 3664 AppID - ok
21:35:19.0038 3664 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:35:19.0100 3664 AppIDSvc - ok
21:35:19.0147 3664 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
21:35:19.0241 3664 Appinfo - ok
21:35:19.0334 3664 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:19.0381 3664 Apple Mobile Device - ok
21:35:19.0428 3664 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:35:19.0521 3664 AppMgmt - ok
21:35:19.0568 3664 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:35:19.0584 3664 arc - ok
21:35:19.0599 3664 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:35:19.0631 3664 arcsas - ok
21:35:19.0646 3664 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:19.0771 3664 AsyncMac - ok
21:35:19.0802 3664 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:35:19.0818 3664 atapi - ok
21:35:19.0865 3664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:35:19.0943 3664 AudioEndpointBuilder - ok
21:35:19.0958 3664 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:35:20.0021 3664 Audiosrv - ok
21:35:20.0083 3664 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:35:20.0348 3664 AxInstSV - ok
21:35:20.0489 3664 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:35:20.0691 3664 b06bdrv - ok
21:35:20.0738 3664 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:35:20.0785 3664 b57nd60x - ok
21:35:20.0894 3664 [ 4AA81E69A0A99035392880DBC953B1A1 ] BBSvc C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe
21:35:20.0941 3664 BBSvc - ok
21:35:20.0988 3664 [ 49CBA45AB82D25A6FFC4ECB3307BC9E7 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
21:35:21.0050 3664 BBUpdate - ok
21:35:21.0081 3664 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:35:21.0113 3664 bcm4sbxp - ok
21:35:21.0144 3664 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:35:21.0269 3664 BDESVC - ok
21:35:21.0300 3664 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:35:21.0347 3664 Beep - ok
21:35:21.0409 3664 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:35:21.0518 3664 BFE - ok
21:35:21.0674 3664 [ 89BF5550E4FC31E3FE728E68C558BF10 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx86.sys
21:35:21.0752 3664 BHDrvx86 - ok
21:35:21.0815 3664 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
21:35:21.0908 3664 BITS - ok
21:35:21.0939 3664 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:22.0002 3664 blbdrive - ok
21:35:22.0111 3664 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:35:22.0142 3664 Bonjour Service - ok
21:35:22.0173 3664 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:35:22.0251 3664 bowser - ok
21:35:22.0283 3664 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:22.0345 3664 BrFiltLo - ok
21:35:22.0361 3664 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:22.0423 3664 BrFiltUp - ok
21:35:22.0470 3664 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:35:22.0548 3664 BridgeMP - ok
21:35:22.0579 3664 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:35:22.0704 3664 Browser - ok
21:35:22.0719 3664 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:35:22.0766 3664 Brserid - ok
21:35:22.0782 3664 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:22.0797 3664 BrSerWdm - ok
21:35:22.0813 3664 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:22.0844 3664 BrUsbMdm - ok
21:35:22.0860 3664 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:22.0891 3664 BrUsbSer - ok
21:35:22.0953 3664 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
21:35:22.0985 3664 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:35:22.0985 3664 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:35:23.0047 3664 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:35:23.0250 3664 BthEnum - ok
21:35:23.0281 3664 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:23.0312 3664 BTHMODEM - ok
21:35:23.0343 3664 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:35:23.0359 3664 BthPan - ok
21:35:23.0406 3664 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:35:23.0484 3664 BTHPORT - ok
21:35:23.0515 3664 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:35:23.0562 3664 bthserv - ok
21:35:23.0577 3664 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:35:23.0609 3664 BTHUSB - ok
21:35:23.0687 3664 catchme - ok
21:35:23.0780 3664 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys
21:35:23.0827 3664 ccSet_N360 - ok
21:35:23.0874 3664 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:35:23.0967 3664 cdfs - ok
21:35:24.0061 3664 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:35:24.0139 3664 cdrom - ok
21:35:24.0279 3664 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:35:24.0357 3664 CertPropSvc - ok
21:35:24.0389 3664 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:35:24.0420 3664 circlass - ok
21:35:24.0451 3664 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:35:24.0482 3664 CLFS - ok
21:35:24.0560 3664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:24.0591 3664 clr_optimization_v2.0.50727_32 - ok
21:35:24.0669 3664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:24.0763 3664 clr_optimization_v4.0.30319_32 - ok
21:35:24.0810 3664 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:24.0825 3664 CmBatt - ok
21:35:24.0841 3664 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:35:24.0857 3664 cmdide - ok
21:35:24.0903 3664 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:35:24.0950 3664 CNG - ok
21:35:24.0981 3664 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:35:25.0013 3664 Compbatt - ok
21:35:25.0075 3664 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:35:25.0106 3664 CompositeBus - ok
21:35:25.0122 3664 COMSysApp - ok
21:35:25.0153 3664 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:25.0169 3664 crcdisk - ok
21:35:25.0215 3664 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:35:25.0325 3664 CryptSvc - ok
21:35:25.0371 3664 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:35:25.0449 3664 CSC - ok
21:35:25.0512 3664 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:35:25.0683 3664 CscService - ok
21:35:25.0715 3664 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:35:25.0761 3664 DcomLaunch - ok
21:35:25.0793 3664 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:35:25.0839 3664 defragsvc - ok
21:35:25.0886 3664 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:35:25.0917 3664 DfsC - ok
21:35:25.0980 3664 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:35:26.0042 3664 Dhcp - ok
21:35:26.0073 3664 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:35:26.0120 3664 discache - ok
21:35:26.0136 3664 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:35:26.0151 3664 Disk - ok
21:35:26.0183 3664 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:35:26.0276 3664 Dnscache - ok
21:35:26.0323 3664 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:35:26.0370 3664 dot3svc - ok
21:35:26.0401 3664 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:35:26.0448 3664 DPS - ok
21:35:26.0479 3664 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:35:26.0510 3664 drmkaud - ok
21:35:26.0541 3664 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:35:26.0604 3664 DXGKrnl - ok
21:35:26.0635 3664 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:35:26.0682 3664 EapHost - ok
21:35:26.0791 3664 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:35:26.0947 3664 ebdrv - ok
21:35:27.0134 3664 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:35:27.0197 3664 eeCtrl - ok
21:35:27.0243 3664 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:35:27.0337 3664 EFS - ok
21:35:27.0415 3664 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:35:27.0540 3664 ehRecvr - ok
21:35:27.0587 3664 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:35:27.0633 3664 ehSched - ok
21:35:27.0680 3664 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:35:27.0711 3664 elxstor - ok
21:35:27.0774 3664 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:35:27.0789 3664 EraserUtilRebootDrv - ok
21:35:27.0821 3664 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:35:27.0867 3664 ErrDev - ok
21:35:27.0930 3664 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:35:27.0992 3664 EventSystem - ok
21:35:28.0008 3664 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:35:28.0070 3664 exfat - ok
21:35:28.0086 3664 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:35:28.0133 3664 fastfat - ok
21:35:28.0179 3664 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:35:28.0289 3664 Fax - ok
21:35:28.0304 3664 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:35:28.0320 3664 fdc - ok
21:35:28.0351 3664 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:35:28.0413 3664 fdPHost - ok
21:35:28.0445 3664 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:35:28.0491 3664 FDResPub - ok
21:35:28.0523 3664 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:35:28.0554 3664 FileInfo - ok
21:35:28.0554 3664 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:35:28.0601 3664 Filetrace - ok
21:35:28.0616 3664 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:28.0647 3664 flpydisk - ok
21:35:28.0679 3664 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:35:28.0694 3664 FltMgr - ok
21:35:28.0757 3664 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
21:35:28.0866 3664 FontCache - ok
21:35:28.0928 3664 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:35:28.0975 3664 FontCache3.0.0.0 - ok
21:35:28.0991 3664 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:35:29.0022 3664 FsDepends - ok
21:35:29.0147 3664 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:35:29.0209 3664 fssfltr - ok
21:35:29.0256 3664 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:35:29.0318 3664 fsssvc - ok
21:35:29.0349 3664 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:35:29.0381 3664 Fs_Rec - ok
21:35:29.0427 3664 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:35:29.0459 3664 fvevol - ok
21:35:29.0490 3664 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:29.0505 3664 gagp30kx - ok
21:35:29.0568 3664 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:29.0583 3664 GEARAspiWDM - ok
21:35:29.0615 3664 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:35:29.0677 3664 gpsvc - ok
21:35:29.0802 3664 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cacd1cfe6f03d8 C:\Program Files\Google\Update\GoogleUpdate.exe
21:35:29.0817 3664 gupdate1cacd1cfe6f03d8 - ok
21:35:29.0849 3664 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:35:29.0864 3664 gupdatem - ok
21:35:29.0911 3664 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:35:29.0942 3664 gusvc - ok
21:35:29.0958 3664 [ 7DAD592A4D28092D584CFB4DEEF1373D ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
21:35:29.0989 3664 HBtnKey - ok
21:35:30.0005 3664 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:35:30.0192 3664 hcw85cir - ok
21:35:30.0270 3664 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:35:30.0332 3664 HdAudAddService - ok
21:35:30.0363 3664 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:35:30.0410 3664 HDAudBus - ok
21:35:30.0426 3664 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:30.0441 3664 HidBatt - ok
21:35:30.0473 3664 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:35:30.0504 3664 HidBth - ok
21:35:30.0535 3664 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:35:30.0582 3664 HidIr - ok
21:35:30.0613 3664 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
21:35:30.0644 3664 hidserv - ok
21:35:30.0691 3664 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:35:30.0722 3664 HidUsb - ok
21:35:30.0753 3664 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:35:30.0800 3664 hkmsvc - ok
21:35:30.0831 3664 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:35:30.0941 3664 HomeGroupListener - ok
21:35:30.0972 3664 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:35:31.0019 3664 HomeGroupProvider - ok
21:35:31.0081 3664 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:35:31.0097 3664 HpSAMD - ok
21:35:31.0128 3664 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:35:31.0190 3664 HTCAND32 - ok
21:35:31.0221 3664 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
21:35:31.0253 3664 htcnprot - ok
21:35:31.0284 3664 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:35:31.0331 3664 HTTP - ok
21:35:31.0346 3664 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:35:31.0362 3664 hwpolicy - ok
21:35:31.0377 3664 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:35:31.0424 3664 i8042prt - ok
21:35:31.0440 3664 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:35:31.0487 3664 iaStorV - ok
21:35:31.0533 3664 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:35:31.0596 3664 idsvc - ok
21:35:31.0705 3664 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130521.001\IDSvix86.sys
21:35:31.0783 3664 IDSVix86 - ok
21:35:31.0923 3664 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:35:32.0142 3664 igfx - ok
21:35:32.0189 3664 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:35:32.0204 3664 iirsp - ok
21:35:32.0251 3664 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:35:32.0329 3664 IKEEXT - ok
21:35:32.0360 3664 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:35:32.0391 3664 intelide - ok
21:35:32.0423 3664 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:35:32.0438 3664 intelppm - ok
21:35:32.0469 3664 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:35:32.0532 3664 IPBusEnum - ok
21:35:32.0547 3664 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:32.0594 3664 IpFilterDriver - ok
21:35:32.0657 3664 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:35:32.0828 3664 iphlpsvc - ok
21:35:32.0906 3664 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:35:32.0969 3664 IPMIDRV - ok
21:35:32.0984 3664 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:35:33.0031 3664 IPNAT - ok
21:35:33.0078 3664 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:35:33.0109 3664 iPod Service - ok
21:35:33.0140 3664 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:35:33.0218 3664 IRENUM - ok
21:35:33.0218 3664 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:35:33.0249 3664 isapnp - ok
21:35:33.0281 3664 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:35:33.0296 3664 iScsiPrt - ok
21:35:33.0327 3664 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:35:33.0359 3664 kbdclass - ok
21:35:33.0390 3664 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:35:33.0421 3664 kbdhid - ok
21:35:33.0437 3664 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:35:33.0452 3664 KeyIso - ok
21:35:33.0499 3664 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:35:33.0546 3664 KSecDD - ok
21:35:33.0561 3664 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:35:33.0577 3664 KSecPkg - ok
21:35:33.0967 3664 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:35:34.0045 3664 KtmRm - ok
21:35:34.0076 3664 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
21:35:34.0139 3664 LanmanServer - ok
21:35:34.0154 3664 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:35:34.0217 3664 LanmanWorkstation - ok
21:35:34.0248 3664 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:35:34.0295 3664 lltdio - ok
21:35:34.0341 3664 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:35:34.0373 3664 lltdsvc - ok
21:35:34.0388 3664 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:35:34.0435 3664 lmhosts - ok
21:35:34.0466 3664 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:34.0482 3664 LSI_FC - ok
21:35:34.0513 3664 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:34.0529 3664 LSI_SAS - ok
21:35:34.0529 3664 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:34.0560 3664 LSI_SAS2 - ok
21:35:34.0575 3664 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:34.0591 3664 LSI_SCSI - ok
21:35:34.0607 3664 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:35:34.0653 3664 luafv - ok
21:35:34.0700 3664 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:35:34.0731 3664 Mcx2Svc - ok
21:35:34.0825 3664 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:35:34.0887 3664 MDM ( UnsignedFile.Multi.Generic ) - warning
21:35:34.0887 3664 MDM - detected UnsignedFile.Multi.Generic (1)
21:35:34.0903 3664 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:35:34.0934 3664 megasas - ok
21:35:34.0950 3664 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:34.0981 3664 MegaSR - ok
21:35:35.0075 3664 Microsoft SharePoint Workspace Audit Service - ok
21:35:35.0106 3664 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:35:35.0199 3664 MMCSS - ok
21:35:35.0215 3664 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:35:35.0262 3664 Modem - ok
21:35:35.0293 3664 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:35:35.0324 3664 monitor - ok
21:35:35.0355 3664 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:35:35.0418 3664 mouclass - ok
21:35:35.0433 3664 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:35:35.0480 3664 mouhid - ok
21:35:35.0511 3664 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:35:35.0527 3664 mountmgr - ok
21:35:35.0683 3664 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:35:35.0761 3664 MozillaMaintenance - ok
21:35:35.0855 3664 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:35:35.0948 3664 mpio - ok
21:35:35.0995 3664 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:35:36.0120 3664 mpsdrv - ok
21:35:36.0167 3664 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:35:36.0245 3664 MpsSvc - ok
21:35:36.0276 3664 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:35:36.0307 3664 MRxDAV - ok
21:35:36.0338 3664 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:36.0447 3664 mrxsmb - ok
21:35:36.0463 3664 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:36.0510 3664 mrxsmb10 - ok
21:35:36.0557 3664 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:36.0603 3664 mrxsmb20 - ok
21:35:36.0635 3664 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:35:36.0666 3664 msahci - ok
21:35:36.0681 3664 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:35:36.0697 3664 msdsm - ok
21:35:36.0713 3664 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:35:36.0759 3664 MSDTC - ok
21:35:36.0791 3664 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:35:36.0837 3664 Msfs - ok
21:35:36.0853 3664 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:35:36.0900 3664 mshidkmdf - ok
21:35:36.0931 3664 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:35:36.0947 3664 msisadrv - ok
21:35:36.0978 3664 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:35:37.0009 3664 MSiSCSI - ok
21:35:37.0025 3664 msiserver - ok
21:35:37.0056 3664 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:35:37.0087 3664 MSKSSRV - ok
21:35:37.0103 3664 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:37.0149 3664 MSPCLOCK - ok
21:35:37.0165 3664 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:35:37.0212 3664 MSPQM - ok
21:35:37.0227 3664 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:35:37.0243 3664 MsRPC - ok
21:35:37.0259 3664 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:35:37.0290 3664 mssmbios - ok
21:35:37.0305 3664 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:35:37.0337 3664 MSTEE - ok
21:35:37.0352 3664 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:37.0383 3664 MTConfig - ok
21:35:37.0399 3664 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:35:37.0430 3664 Mup - ok
21:35:37.0508 3664 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
21:35:37.0555 3664 N360 - ok
21:35:37.0586 3664 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:35:37.0617 3664 napagent - ok
21:35:37.0649 3664 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:35:37.0680 3664 NativeWifiP - ok
21:35:37.0742 3664 [ CE2156DF796D41614AB60E68D107D573 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130522.003\NAVENG.SYS
21:35:37.0773 3664 NAVENG - ok
21:35:37.0820 3664 [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130522.003\NAVEX15.SYS
21:35:37.0898 3664 NAVEX15 - ok
21:35:37.0945 3664 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:35:37.0992 3664 NDIS - ok
21:35:38.0023 3664 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:38.0085 3664 NdisCap - ok
21:35:38.0117 3664 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:38.0210 3664 NdisTapi - ok
21:35:38.0304 3664 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:38.0397 3664 Ndisuio - ok
21:35:38.0444 3664 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:38.0491 3664 NdisWan - ok
21:35:38.0522 3664 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:35:38.0553 3664 NDProxy - ok
21:35:38.0569 3664 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:35:38.0616 3664 NetBIOS - ok
21:35:38.0663 3664 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:35:38.0725 3664 NetBT - ok
21:35:38.0741 3664 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:35:38.0756 3664 Netlogon - ok
21:35:38.0803 3664 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:35:38.0865 3664 Netman - ok
21:35:38.0897 3664 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:35:38.0928 3664 netprofm - ok
21:35:38.0959 3664 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:38.0990 3664 NetTcpPortSharing - ok
21:35:39.0084 3664 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
21:35:39.0255 3664 netw5v32 - ok
21:35:39.0333 3664 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:39.0365 3664 nfrd960 - ok
21:35:39.0458 3664 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:35:39.0521 3664 NlaSvc - ok
21:35:39.0552 3664 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:35:39.0614 3664 Npfs - ok
21:35:39.0645 3664 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:35:39.0723 3664 nsi - ok
21:35:39.0739 3664 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:35:39.0817 3664 nsiproxy - ok
21:35:39.0989 3664 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:35:40.0145 3664 Ntfs - ok
21:35:40.0191 3664 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:35:40.0254 3664 Null - ok
21:35:40.0316 3664 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:35:40.0347 3664 nvraid - ok
21:35:40.0379 3664 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:35:40.0394 3664 nvstor - ok
21:35:40.0425 3664 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:35:40.0441 3664 nv_agp - ok
21:35:40.0488 3664 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:35:40.0519 3664 ohci1394 - ok
21:35:40.0628 3664 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
21:35:40.0675 3664 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
21:35:40.0675 3664 OMSI download service - detected UnsignedFile.Multi.Generic (1)
21:35:40.0722 3664 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:40.0753 3664 ose - ok
21:35:41.0268 3664 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:35:41.0455 3664 osppsvc - ok
21:35:41.0580 3664 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:35:41.0720 3664 p2pimsvc - ok
21:35:41.0783 3664 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:35:41.0829 3664 p2psvc - ok
21:35:41.0876 3664 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:35:41.0892 3664 Parport - ok
21:35:41.0923 3664 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:35:41.0939 3664 partmgr - ok
21:35:41.0970 3664 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:35:42.0001 3664 Parvdm - ok
21:35:42.0063 3664 [ 5FBCC9EEEFACA3019D5BD5979618F298 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
21:35:42.0095 3664 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:35:42.0095 3664 PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:35:42.0126 3664 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:35:42.0188 3664 PcaSvc - ok
21:35:42.0204 3664 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:35:42.0219 3664 pci - ok
21:35:42.0235 3664 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:35:42.0251 3664 pciide - ok
21:35:42.0282 3664 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:42.0297 3664 pcmcia - ok
21:35:42.0313 3664 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:35:42.0344 3664 pcw - ok
21:35:42.0360 3664 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:35:42.0422 3664 PEAUTH - ok
21:35:42.0438 3664 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:35:42.0531 3664 PeerDistSvc - ok
21:35:42.0609 3664 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:35:42.0719 3664 pla - ok
21:35:42.0765 3664 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:35:42.0828 3664 PlugPlay - ok
21:35:42.0843 3664 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:35:42.0875 3664 PNRPAutoReg - ok
21:35:42.0906 3664 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:35:42.0921 3664 PNRPsvc - ok
21:35:42.0937 3664 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:35:43.0015 3664 PolicyAgent - ok
21:35:43.0077 3664 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:35:43.0124 3664 Power - ok
21:35:43.0155 3664 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:35:43.0202 3664 PptpMiniport - ok
21:35:43.0233 3664 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:35:43.0265 3664 Processor - ok
21:35:43.0327 3664 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:35:43.0436 3664 ProfSvc - ok
21:35:43.0452 3664 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:35:43.0483 3664 ProtectedStorage - ok
21:35:43.0514 3664 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:35:43.0561 3664 Psched - ok
21:35:43.0623 3664 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:35:43.0717 3664 ql2300 - ok
21:35:43.0733 3664 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:43.0764 3664 ql40xx - ok
21:35:43.0779 3664 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:35:43.0826 3664 QWAVE - ok
21:35:43.0842 3664 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:35:43.0889 3664 QWAVEdrv - ok
21:35:43.0920 3664 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:35:43.0967 3664 RasAcd - ok
21:35:44.0013 3664 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:44.0045 3664 RasAgileVpn - ok
21:35:44.0060 3664 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:35:44.0107 3664 RasAuto - ok
21:35:44.0123 3664 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:44.0154 3664 Rasl2tp - ok
21:35:44.0201 3664 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:35:44.0247 3664 RasMan - ok
21:35:44.0279 3664 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:44.0325 3664 RasPppoe - ok
21:35:44.0341 3664 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:35:44.0372 3664 RasSstp - ok
21:35:44.0403 3664 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:35:44.0450 3664 rdbss - ok
21:35:44.0466 3664 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:44.0481 3664 rdpbus - ok
21:35:44.0528 3664 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:44.0575 3664 RDPCDD - ok
21:35:44.0606 3664 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:35:44.0653 3664 RDPDR - ok
21:35:44.0684 3664 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:35:44.0715 3664 RDPENCDD - ok
21:35:44.0731 3664 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:35:44.0762 3664 RDPREFMP - ok
21:35:44.0825 3664 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:35:44.0918 3664 RdpVideoMiniport - ok
21:35:44.0965 3664 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:35:45.0027 3664 RDPWD - ok
21:35:45.0090 3664 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:35:45.0105 3664 rdyboost - ok
21:35:45.0121 3664 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:35:45.0168 3664 RemoteAccess - ok
21:35:45.0215 3664 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:35:45.0261 3664 RemoteRegistry - ok
21:35:45.0293 3664 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:35:45.0339 3664 RFCOMM - ok
21:35:45.0355 3664 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:35:45.0402 3664 RpcEptMapper - ok
21:35:45.0449 3664 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:35:45.0480 3664 RpcLocator - ok
21:35:45.0495 3664 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:35:45.0527 3664 RpcSs - ok
21:35:45.0573 3664 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:35:45.0620 3664 rspndr - ok
21:35:45.0651 3664 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:35:45.0761 3664 s3cap - ok
21:35:45.0792 3664 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:35:45.0807 3664 SamSs - ok
21:35:45.0839 3664 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:35:45.0854 3664 sbp2port - ok
21:35:45.0885 3664 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:35:45.0948 3664 SCardSvr - ok
21:35:45.0979 3664 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:35:46.0010 3664 scfilter - ok
21:35:46.0057 3664 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:35:46.0135 3664 Schedule - ok
21:35:46.0197 3664 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:35:46.0229 3664 SCPolicySvc - ok
21:35:46.0291 3664 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:35:46.0416 3664 SDRSVC - ok
21:35:46.0463 3664 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:35:46.0525 3664 secdrv - ok
21:35:46.0541 3664 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:35:46.0587 3664 seclogon - ok
21:35:46.0619 3664 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
21:35:46.0665 3664 seehcri - ok
21:35:46.0697 3664 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
21:35:46.0728 3664 SENS - ok
21:35:46.0759 3664 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:35:46.0837 3664 SensrSvc - ok
21:35:46.0853 3664 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:35:46.0884 3664 Serenum - ok
21:35:46.0915 3664 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:35:46.0931 3664 Serial - ok
21:35:46.0962 3664 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:35:46.0977 3664 sermouse - ok
21:35:47.0024 3664 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:35:47.0071 3664 SessionEnv - ok
21:35:47.0087 3664 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:35:47.0133 3664 sffdisk - ok
21:35:47.0149 3664 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:35:47.0165 3664 sffp_mmc - ok
21:35:47.0180 3664 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:35:47.0196 3664 sffp_sd - ok
21:35:47.0211 3664 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:47.0227 3664 sfloppy - ok
21:35:47.0258 3664 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:35:47.0305 3664 SharedAccess - ok
21:35:47.0352 3664 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:35:47.0430 3664 ShellHWDetection - ok
21:35:47.0461 3664 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:35:47.0477 3664 sisagp - ok
21:35:47.0508 3664 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:47.0523 3664 SiSRaid2 - ok
21:35:47.0539 3664 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:47.0570 3664 SiSRaid4 - ok
21:35:47.0633 3664 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:35:47.0679 3664 SkypeUpdate - ok
21:35:47.0711 3664 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:35:47.0742 3664 Smb - ok
21:35:47.0789 3664 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:35:47.0804 3664 SNMPTRAP - ok
21:35:47.0820 3664 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:35:47.0835 3664 spldr - ok
21:35:47.0882 3664 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:35:48.0007 3664 Spooler - ok
21:35:48.0163 3664 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:35:48.0303 3664 sppsvc - ok
21:35:48.0335 3664 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:35:48.0397 3664 sppuinotify - ok
21:35:48.0491 3664 [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS
21:35:48.0537 3664 SRTSP - ok
21:35:48.0569 3664 [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS
21:35:48.0584 3664 SRTSPX - ok
21:35:48.0631 3664 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:35:48.0725 3664 srv - ok
21:35:48.0756 3664 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:35:48.0787 3664 srv2 - ok
21:35:48.0803 3664 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:35:48.0849 3664 srvnet - ok
21:35:48.0896 3664 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
21:35:48.0959 3664 sscdbus - ok
21:35:49.0005 3664 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:35:49.0068 3664 sscdmdfl - ok
21:35:49.0099 3664 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
21:35:49.0161 3664 sscdmdm - ok
21:35:49.0193 3664 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:35:49.0239 3664 SSDPSRV - ok
21:35:49.0255 3664 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:35:49.0286 3664 SstpSvc - ok
21:35:49.0349 3664 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
21:35:49.0380 3664 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:35:49.0380 3664 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:35:49.0411 3664 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:35:49.0427 3664 stexstor - ok
21:35:49.0473 3664 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:35:49.0520 3664 StiSvc - ok
21:35:49.0536 3664 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:35:49.0551 3664 storflt - ok
21:35:49.0567 3664 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
21:35:49.0645 3664 StorSvc - ok
21:35:49.0676 3664 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:35:49.0707 3664 storvsc - ok
21:35:49.0723 3664 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:35:49.0739 3664 swenum - ok
21:35:49.0754 3664 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:35:49.0801 3664 swprv - ok
21:35:49.0832 3664 [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS C:\Windows\system32\drivers\N360\1403010.016\SYMDS.SYS
21:35:49.0879 3664 SymDS - ok
21:35:49.0926 3664 [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA C:\Windows\system32\drivers\N360\1403010.016\SYMEFA.SYS
21:35:49.0973 3664 SymEFA - ok
21:35:50.0035 3664 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
21:35:50.0066 3664 SymEvent - ok
21:35:50.0097 3664 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS
21:35:50.0129 3664 SymIRON - ok
21:35:50.0144 3664 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\N360\1403010.016\SYMNETS.SYS
21:35:50.0160 3664 SymNetS - ok
21:35:50.0285 3664 Synth3dVsc - ok
21:35:50.0347 3664 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:35:50.0425 3664 SysMain - ok
21:35:50.0456 3664 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:35:50.0503 3664 TabletInputService - ok
21:35:50.0534 3664 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:35:50.0581 3664 TapiSrv - ok
21:35:50.0643 3664 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:35:50.0690 3664 TBS - ok
21:35:50.0846 3664 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:35:50.0955 3664 Tcpip - ok
21:35:51.0018 3664 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:35:51.0049 3664 TCPIP6 - ok
21:35:51.0096 3664 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:35:51.0127 3664 tcpipreg - ok
21:35:51.0158 3664 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:35:51.0253 3664 TDPIPE - ok
21:35:51.0268 3664 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:35:51.0300 3664 TDTCP - ok
21:35:51.0331 3664 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:35:51.0424 3664 tdx - ok
21:35:51.0456 3664 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:35:51.0487 3664 TermDD - ok
21:35:51.0518 3664 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:35:51.0580 3664 TermService - ok
21:35:51.0596 3664 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:35:51.0643 3664 Themes - ok
21:35:51.0658 3664 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:35:51.0705 3664 THREADORDER - ok
21:35:51.0721 3664 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:35:51.0768 3664 TrkWks - ok
21:35:51.0799 3664 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:35:51.0861 3664 TrustedInstaller - ok
21:35:51.0892 3664 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:51.0924 3664 tssecsrv - ok
21:35:51.0970 3664 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:35:52.0048 3664 TsUsbFlt - ok
21:35:52.0064 3664 tsusbhub - ok
21:35:52.0111 3664 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:35:52.0142 3664 tunnel - ok
21:35:52.0173 3664 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:35:52.0204 3664 uagp35 - ok
21:35:52.0220 3664 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:35:52.0267 3664 udfs - ok
21:35:52.0298 3664 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:35:52.0329 3664 UI0Detect - ok
21:35:52.0360 3664 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:35:52.0376 3664 uliagpkx - ok
21:35:52.0423 3664 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:35:52.0438 3664 umbus - ok
21:35:52.0454 3664 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:35:52.0485 3664 UmPass - ok
21:35:52.0532 3664 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:35:52.0594 3664 UmRdpService - ok
21:35:52.0626 3664 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:35:52.0672 3664 upnphost - ok
21:35:52.0704 3664 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:35:52.0766 3664 USBAAPL - ok
21:35:52.0828 3664 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:35:52.0844 3664 usbaudio - ok
21:35:52.0875 3664 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:52.0969 3664 usbccgp - ok
21:35:53.0016 3664 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:35:53.0062 3664 usbcir - ok
21:35:53.0078 3664 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:35:53.0094 3664 usbehci - ok
21:35:53.0125 3664 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\drivers\usbhub.sys
21:35:53.0156 3664 usbhub - ok
21:35:53.0218 3664 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:35:53.0250 3664 usbohci - ok
21:35:53.0343 3664 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:35:53.0390 3664 usbprint - ok
21:35:53.0421 3664 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:35:53.0468 3664 usbscan - ok
21:35:53.0484 3664 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:53.0562 3664 USBSTOR - ok
21:35:53.0577 3664 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:35:53.0593 3664 usbuhci - ok
21:35:53.0640 3664 [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
21:35:53.0733 3664 usb_rndisx - ok
21:35:53.0764 3664 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:35:53.0827 3664 UxSms - ok
21:35:53.0842 3664 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:35:53.0858 3664 VaultSvc - ok
21:35:53.0874 3664 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:35:53.0889 3664 vdrvroot - ok
21:35:53.0936 3664 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:35:53.0998 3664 vds - ok
21:35:54.0030 3664 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:54.0061 3664 vga - ok
21:35:54.0092 3664 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:35:54.0139 3664 VgaSave - ok
21:35:54.0139 3664 VGPU - ok
21:35:54.0186 3664 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:35:54.0201 3664 vhdmp - ok
21:35:54.0232 3664 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:35:54.0248 3664 viaagp - ok
21:35:54.0264 3664 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:35:54.0279 3664 ViaC7 - ok
21:35:54.0310 3664 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:35:54.0342 3664 viaide - ok
21:35:54.0357 3664 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:35:54.0388 3664 vmbus - ok
21:35:54.0388 3664 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:35:54.0420 3664 VMBusHID - ok
21:35:54.0435 3664 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:35:54.0466 3664 volmgr - ok
21:35:54.0482 3664 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:35:54.0529 3664 volmgrx - ok
21:35:54.0560 3664 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:35:54.0576 3664 volsnap - ok
21:35:54.0638 3664 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
21:35:54.0685 3664 vpnagent - ok
21:35:54.0700 3664 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
21:35:54.0732 3664 vpnva - ok
21:35:54.0747 3664 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:54.0778 3664 vsmraid - ok
21:35:54.0825 3664 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:35:54.0903 3664 VSS - ok
21:35:54.0919 3664 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:35:54.0966 3664 vwifibus - ok
21:35:54.0997 3664 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:35:55.0059 3664 W32Time - ok
21:35:55.0075 3664 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:35:55.0106 3664 WacomPen - ok
21:35:55.0137 3664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:35:55.0184 3664 WANARP - ok
21:35:55.0184 3664 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:35:55.0215 3664 Wanarpv6 - ok
21:35:55.0309 3664 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:35:55.0418 3664 WatAdminSvc - ok
21:35:55.0480 3664 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:35:55.0621 3664 wbengine - ok
21:35:55.0652 3664 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:35:55.0699 3664 WbioSrvc - ok
21:35:55.0730 3664 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:35:55.0777 3664 wcncsvc - ok
21:35:55.0792 3664 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:35:55.0870 3664 WcsPlugInService - ok
21:35:55.0933 3664 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:35:55.0948 3664 Wd - ok
21:35:56.0058 3664 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:35:56.0120 3664 Wdf01000 - ok
21:35:56.0136 3664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:35:56.0260 3664 WdiServiceHost - ok
21:35:56.0260 3664 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:35:56.0292 3664 WdiSystemHost - ok
21:35:56.0323 3664 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:35:56.0354 3664 WebClient - ok
21:35:56.0401 3664 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:35:56.0448 3664 Wecsvc - ok
21:35:56.0479 3664 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:35:56.0666 3664 wercplsupport - ok
21:35:56.0760 3664 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:35:56.0822 3664 WerSvc - ok
21:35:56.0853 3664 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:56.0884 3664 WfpLwf - ok
21:35:56.0916 3664 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:35:56.0931 3664 WIMMount - ok
21:35:56.0994 3664 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:35:57.0040 3664 WinDefend - ok
21:35:57.0072 3664 WinHttpAutoProxySvc - ok
21:35:57.0118 3664 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:35:57.0212 3664 Winmgmt - ok
21:35:57.0274 3664 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:35:57.0399 3664 WinRM - ok
21:35:57.0446 3664 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:35:57.0477 3664 WinUsb - ok
21:35:57.0524 3664 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:35:57.0586 3664 Wlansvc - ok
21:35:57.0602 3664 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:35:57.0633 3664 WmiAcpi - ok
21:35:57.0680 3664 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:35:57.0711 3664 wmiApSrv - ok
21:35:57.0789 3664 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:35:57.0898 3664 WMPNetworkSvc - ok
21:35:57.0914 3664 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:35:57.0961 3664 WPCSvc - ok
21:35:57.0992 3664 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:35:58.0054 3664 WPDBusEnum - ok
21:35:58.0070 3664 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:35:58.0101 3664 ws2ifsl - ok
21:35:58.0132 3664 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
21:35:58.0164 3664 wscsvc - ok
21:35:58.0195 3664 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:35:58.0273 3664 WSDPrintDevice - ok
21:35:58.0288 3664 WSearch - ok
21:35:58.0366 3664 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:35:58.0476 3664 wuauserv - ok
21:35:58.0554 3664 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:35:58.0710 3664 WudfPf - ok
21:35:58.0741 3664 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:58.0772 3664 WUDFRd - ok
21:35:58.0803 3664 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:35:58.0834 3664 wudfsvc - ok
21:35:58.0866 3664 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:35:58.0959 3664 WwanSvc - ok
21:35:59.0006 3664 ================ Scan global ===============================
21:35:59.0037 3664 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:35:59.0068 3664 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:35:59.0100 3664 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:35:59.0115 3664 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:35:59.0146 3664 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:35:59.0146 3664 [Global] - ok
21:35:59.0146 3664 ================ Scan MBR ==================================
21:35:59.0162 3664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:35:59.0631 3664 \Device\Harddisk0\DR0 - ok
21:35:59.0631 3664 ================ Scan VBR ==================================
21:35:59.0647 3664 [ 58E676624C9DDB478A6180CED6898809 ] \Device\Harddisk0\DR0\Partition1
21:35:59.0647 3664 \Device\Harddisk0\DR0\Partition1 - ok
21:35:59.0678 3664 [ 0CCD1ECA65B594D84F962A4961A847B7 ] \Device\Harddisk0\DR0\Partition2
21:35:59.0693 3664 \Device\Harddisk0\DR0\Partition2 - ok
21:35:59.0709 3664 [ 1E7889D39A217B27AF746D281EDE8D8E ] \Device\Harddisk0\DR0\Partition3
21:35:59.0709 3664 \Device\Harddisk0\DR0\Partition3 - ok
21:35:59.0709 3664 ============================================================
21:35:59.0709 3664 Scan finished
21:35:59.0709 3664 ============================================================
21:35:59.0740 5824 Detected object count: 7
21:35:59.0740 5824 Actual detected object count: 7
21:36:15.0761 5824 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0761 5824 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:15.0761 5824 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0761 5824 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:15.0761 5824 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0761 5824 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:15.0761 5824 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0761 5824 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:15.0761 5824 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0761 5824 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:15.0777 5824 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0777 5824 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:15.0777 5824 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:15.0777 5824 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:36:22.0391 4784 Deinitialize success
|
|
22.05.2013, 20:51
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt Spam JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 22:02
| #21 |
| | AOL Mailadresse verschickt Spam Hallo, der JRT Scan war: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Enterprise x86
Ran by Angela on 24.05.2013 at 22:13:27,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Angela\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Angela\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Angela\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\user.js
Successfully deleted: [File] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\extensions\software@loadtubes.com
Successfully deleted: [Folder] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\prefs.js
user_pref("CT2856415..clientLogIsEnabled", false);
user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true);
user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true);
user_pref("CT2856415.BrowserCompStateIsOpen_129683315081957463", true);
user_pref("CT2856415.BrowserCompStateIsOpen_130104337782566575", true);
user_pref("CT2856415.BrowserCompStateIsOpen_1365942036000", true);
user_pref("CT2856415.CTID", "CT2856415");
user_pref("CT2856415.CurrentServerDate", "24-5-2013");
user_pref("CT2856415.DialogsAlignMode", "LTR");
user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"12/26/2010 3:09:01 PM\",\"SourceId\":0,
user_pref("CT2856415.FirstServerDate", "26-12-2010");
user_pref("CT2856415.FirstTime", true);
user_pref("CT2856415.FirstTimeFF3", true);
user_pref("CT2856415.FixPageNotFoundErrors", true);
user_pref("CT2856415.GroupingServerCheckInterval", 1440);
user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2856415.HasUserGlobalKeys", true);
user_pref("CT2856415.Initialize", true);
user_pref("CT2856415.InitializeCommonPrefs", true);
user_pref("CT2856415.InstallationAndCookieDataSentCount", 3);
user_pref("CT2856415.InstalledDate", "Sun Dec 26 2010 13:09:39 GMT+0100");
user_pref("CT2856415.IsGrouping", false);
user_pref("CT2856415.IsMulticommunity", false);
user_pref("CT2856415.IsOpenThankYouPage", true);
user_pref("CT2856415.IsOpenUninstallPage", true);
user_pref("CT2856415.LanguagePackLastCheckTime", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2856415.LastLogin_3.12.0.7", "Thu May 03 2012 18:12:05 GMT+0200");
user_pref("CT2856415.LastLogin_3.12.2.3", "Thu May 31 2012 08:15:24 GMT+0200");
user_pref("CT2856415.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:57:55 GMT+0200");
user_pref("CT2856415.LastLogin_3.14.1.0", "Wed Aug 22 2012 09:12:44 GMT+0200");
user_pref("CT2856415.LastLogin_3.15.1.0", "Sun Nov 11 2012 13:41:50 GMT+0100");
user_pref("CT2856415.LastLogin_3.16.0.3", "Wed Feb 13 2013 16:07:33 GMT+0100");
user_pref("CT2856415.LastLogin_3.18.0.7", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.LastLogin_3.2.5.2", "Thu Dec 30 2010 15:50:56 GMT+0100");
user_pref("CT2856415.LatestVersion", "3.18.0.7");
user_pref("CT2856415.Locale", "en");
user_pref("CT2856415.MAX_NUMBER_OF_ALERTS_129560745131733767", "11_1369167655877");
user_pref("CT2856415.MCDetectTooltipHeight", "83");
user_pref("CT2856415.MCDetectTooltipShow", false);
user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2856415.MCDetectTooltipWidth", "295");
user_pref("CT2856415.MyStuffEnabledAtInstallation", true);
user_pref("CT2856415.SHRINK_TOOLBAR", 1);
user_pref("CT2856415.SavedHomepage", "hxxp://de.ask.com?o=16784&l=dis&gct=hp");
user_pref("CT2856415.SearchBoxWidth", 153);
user_pref("CT2856415.SearchFromAddressBarIsInit", true);
user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=");
user_pref("CT2856415.SearchInNewTabEnabled", true);
user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri May 24 2013 20:55:29 GMT+0200");
user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2856415.SearchInNewTabUserEnabled", false);
user_pref("CT2856415.ServiceMapLastCheckTime", "Fri May 24 2013 14:02:24 GMT+0200");
user_pref("CT2856415.SettingsLastCheckTime", "Fri May 24 2013 20:55:28 GMT+0200");
user_pref("CT2856415.SettingsLastUpdate", "1369383118");
user_pref("CT2856415.ThirdPartyComponentsInterval", 504);
user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Sun Dec 26 2010 13:09:36 GMT+0100");
user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415");
user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2856415.UserID", "UN14638814830852187");
user_pref("CT2856415.ValidationData_Search", 0);
user_pref("CT2856415.ValidationData_Toolbar", 2);
user_pref("CT2856415.alertChannelId", "1248439");
user_pref("CT2856415.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B
user_pref("CT2856415.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2856415.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B
user_pref("CT2856415.backendstorage./9b+7e.:2z527", "2423");
user_pref("CT2856415.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2856415.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2856415.backendstorage./9b+7e06cg5el8:", "6E6D6B69716F756E736F");
user_pref("CT2856415.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473716F77757B747975242F4B49474F42357D5D5C3D");
user_pref("CT2856415.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2856415.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2856415.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2856415.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2856415.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2856415.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2856415.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2856415.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F
user_pref("CT2856415.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2856415.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2856415.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2856415.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2856415.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A43
user_pref("CT2856415.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2856415.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2856415.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2856415.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2856415.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666
user_pref("CT2856415.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2856415.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2856415.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2856415.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2856415.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D
user_pref("CT2856415.backendstorage./9b-0?3g>d", "3B3A69693D7341417A4577797420787A497C25507A4E222A7E5457592B275A2A285D2A31");
user_pref("CT2856415.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2856415.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2856415.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2856415.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2856415.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2856415.backendstorage./9b5ba==9cjag", "6D6B6B3D6A4375767A437274747A4A764C4B507A22");
user_pref("CT2856415.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B69716F756E7373787276");
user_pref("CT2856415.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2856415.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2856415.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2856415.backendstorage./9b<:222h64<l8daj", "6D70706F7674707975772A787B727B7E757D7B");
user_pref("CT2856415.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2856415.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2856415.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2856415.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2856415.backendstorage.cbcountry_001", "4445");
user_pref("CT2856415.backendstorage.cbfirsttime", "53756E2044656320303920323031322031303A32313A353320474D542B30313030");
user_pref("CT2856415.backendstorage.cbopenmamsettings", "30");
user_pref("CT2856415.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E647569746170
user_pref("CT2856415.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
user_pref("CT2856415.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_easytobook", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_pricegong", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
user_pref("CT2856415.backendstorage.mam_gk_appstatereporttime", "31333639323530383433303637");
user_pref("CT2856415.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E67222C22637269746572696173223A5B7B226372697465726
user_pref("CT2856415.backendstorage.mam_gk_currentversion", "312E362E302E31");
user_pref("CT2856415.backendstorage.mam_gk_first_time", "31");
user_pref("CT2856415.backendstorage.mam_gk_lastlogintime", "31333639323530383430333035");
user_pref("CT2856415.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E742D52696368746C696E6965227D2C2267616467
user_pref("CT2856415.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315
user_pref("CT2856415.backendstorage.mam_gk_showclosebutton", "74727565");
user_pref("CT2856415.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
user_pref("CT2856415.backendstorage.mam_gk_userid", "61656536646333662D396365332D346237662D393832352D626337653230346163303834");
user_pref("CT2856415.backendstorage.pg_enable", "74727565");
user_pref("CT2856415.backendstorage.sf_just_installed", "46414C5345");
user_pref("CT2856415.backendstorage.sf_status", "454E41424C4544");
user_pref("CT2856415.backendstorage.sf_user_id", "6369645F3231353230313332323230343032343938373130");
user_pref("CT2856415.backendstorage.url_history0001", "687474703A2F2F7777772E74726F6A616E65722D626F6172642E64652F3130313536342D6173776D62722D6578652D746F6F6C2D656E746665726E65
user_pref("CT2856415.components.1000080", false);
user_pref("CT2856415.components.129355801163506562", false);
user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2856415.homepageProtectorEnableByLogin", true);
user_pref("CT2856415.initDone", true);
user_pref("CT2856415.myStuffEnabled", true);
user_pref("CT2856415.myStuffPublihserMinWidth", 400);
user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2856415.revertSettingsEnabled", true);
user_pref("CT2856415.searchProtectorDialogDelayInSec", 10);
user_pref("CT2856415.searchProtectorEnableByLogin", true);
user_pref("CT2856415.testingCtid", "");
user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri May 24 2013 20:55:35 GMT+0200");
user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Sun Dec 26 2010 13:09:39 GMT+0100");
user_pref("CT2856415.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415", "\"f6de72fc2614b48276e26891813b45003\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", "\"1365960178\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415", "\"dbe4460d95840339477519b3f77dc11a\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634285417620000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634293235860000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415", "\"1291812328\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4f32490f242482dcb7d768353a8dc7d4\"");
user_pref("CommunityToolbar.EngineHiddenByUser", true);
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1");
user_pref("CommunityToolbar.IsEngineShown", false);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FJS&o=16784&locale=de_DE&apn_uid=3FE1B21C-C91F-475B-B8FA-CE7C
user_pref("CommunityToolbar.ToolbarsList", "CT2856415");
user_pref("CommunityToolbar.ToolbarsList2", "CT2856415");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Mar 18 2011 10:34:50 GMT+0100");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 13:19:28 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 12:59:31 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "3fedd3e5-fb9b-48eb-9c6e-5d5b2b77089a");
user_pref("CommunityToolbar.globalUserId", "33ee7896-84dd-415f-818e-641eca511eac");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2856415");
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.undefined", "");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "Elf 1 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "3S");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
user_pref("extensions.asktb.first-launch-url", "hxxp://www.zalando.de/nike-velocity-woven-cuffed-trainingsanzug-black-blue-n1243b02k-801.html");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "3FE1B21C-C91F-475B-B8FA-CE7C4CC38513");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1327832991213");
user_pref("extensions.asktb.last-search-timestamp", "1326301381512");
user_pref("extensions.asktb.last-v", "3.14.0.100009");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.o", "16784");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "2");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "C994ACBD-37D0-4ECB-97AD-4DB837212223");
user_pref("extensions.asktb.search-history-queries", "lmu lsf");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.v", "3.14.1.100009");
user_pref("extensions.asktb.volume", "");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=");
Emptied folder: C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\m4hcwook.default\minidumps [45 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2013 at 22:17:09,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 24/05/2013 um 22:22:27 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Angela - ANGELA-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Angela\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\Conduit
Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\CT2856415
Ordner Gelöscht : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.hiergehtslos.de --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\m4hcwook.default\prefs.js
Gelöscht : user_pref("CT2856415..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2856415.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2856415.BrowserCompStateIsOpen_129502651137682069", true);
Gelöscht : user_pref("CT2856415.BrowserCompStateIsOpen_129560745131733767", true);
Gelöscht : user_pref("CT2856415.BrowserCompStateIsOpen_130104337782566575", true);
Gelöscht : user_pref("CT2856415.CT2856415", "CT2856415");
Gelöscht : user_pref("CT2856415.CurrentServerDate", "24-5-2013");
Gelöscht : user_pref("CT2856415.DSInstall", false);
Gelöscht : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri May 24 2013 22:18:59 GMT+0200");
Gelöscht : user_pref("CT2856415.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2856415.FirstServerDate", "24-5-2013");
Gelöscht : user_pref("CT2856415.FirstTime", true);
Gelöscht : user_pref("CT2856415.FirstTimeFF3", true);
Gelöscht : user_pref("CT2856415.FirstTimeHiddenVer", true);
Gelöscht : user_pref("CT2856415.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2856415.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2856415.HPInstall", false);
Gelöscht : user_pref("CT2856415.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2856415.Initialize", true);
Gelöscht : user_pref("CT2856415.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2856415.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2856415.InstallationType", "DirectDownload");
Gelöscht : user_pref("CT2856415.InstalledDate", "Fri May 24 2013 22:19:09 GMT+0200");
Gelöscht : user_pref("CT2856415.IsInitSetupIni", true);
Gelöscht : user_pref("CT2856415.IsMulticommunity", false);
Gelöscht : user_pref("CT2856415.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2856415.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2856415.LastLogin_3.18.0.7", "Fri May 24 2013 22:19:21 GMT+0200");
Gelöscht : user_pref("CT2856415.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2856415.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2856415.OriginalFirstVersion", "3.18.0.7");
Gelöscht : user_pref("CT2856415.SearchCaption", "Elf 1 Customized Web Search");
Gelöscht : user_pref("CT2856415.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2856415.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri May 24 2013 22:19:22 GMT+0200");
Gelöscht : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2856415.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2856415.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri May 24 2013 22:18:59 GMT+0200");
Gelöscht : user_pref("CT2856415.SettingsLastCheckTime", "Fri May 24 2013 22:18:54 GMT+0200");
Gelöscht : user_pref("CT2856415.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2856415&SearchSource=13");
Gelöscht : user_pref("CT2856415.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2856415.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2856415");
Gelöscht : user_pref("CT2856415.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2856415.UserID", "UN45320663845210707");
Gelöscht : user_pref("CT2856415.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2856415.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2856415.initDone", true);
Gelöscht : user_pref("CT2856415.myStuffEnabled", true);
Gelöscht : user_pref("CT2856415.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2856415.navigateToUrlOnSearch", false);
Gelöscht : user_pref("CT2856415.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2856415.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2856415.testingCtid", "");
Gelöscht : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri May 24 2013 22:18:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4f3[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2856415");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2856415");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "3e7c36b2-420f-4150-9fc1-9fea58a72429");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.spiegel.de/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e8cnju95.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FJS&o=16784&locale=d[...]
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12003 octets] - [24/05/2013 22:22:27]
########## EOF - C:\AdwCleaner[S1].txt - [12064 octets] ##########
Code:
ATTFilter OTL logfile created on: 24.05.2013 22:36:02 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angela\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,43 Mb Total Physical Memory | 160,54 Mb Available Physical Memory | 15,81% Memory free 1,99 Gb Paging File | 0,77 Gb Available in Paging File | 38,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 28,33 Gb Free Space | 29,03% Space Free | Partition Type: NTFS Drive E: | 135,23 Gb Total Space | 90,47 Gb Free Space | 66,91% Space Free | Partition Type: NTFS Computer Name: ANGELA-NOTEBOOK | User Name: Angela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Angela\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft\BingBar\7.2.233.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Users\Angela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Norton 360\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Brownie\BrStsWnd.exe (brother) PRC - C:\Programme\Brownie\BRNIPMON.exe (Brother Industries, Ltd.) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) PRC - c:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe () PRC - C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) PRC - c:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Norton 360\Engine\20.3.1.22\wincfi39.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.2.233.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.2.233.0\BBSvc.EXE (Microsoft Corporation.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS2) -- c:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (catchme) -- C:\Users\Angela\AppData\Local\Temp\catchme.sys File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130524.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130524.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130523.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx86.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation) DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 20 DB 96 8D 88 CA 01 [binary data] IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\SearchScopes\{8ADB80D7-F543-439D-A6B1-B43A4505C4BD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2010.12.11 17:30:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.31 21:03:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.05.10 08:59:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.05.24 22:28:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 15:29:00 | 000,000,000 | ---D | M] [2010.01.04 11:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Extensions [2013.05.24 22:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\m4hcwook.default\extensions [2012.12.26 21:06:09 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\m4hcwook.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013.05.22 11:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.22 11:04:59 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Bio3D (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll CHR - plugin: ChemDraw (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2013.05.15 22:17:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Programme\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Programme\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Angela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3409297040-1576433338-3134443658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1111/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{125A7B6C-2123-4E4E-A776-EEA3D34D91FA}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF7F7128-7632-44B7-89A8-DF1FB8AFFDC2}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 22:13:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.24 22:12:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.24 22:09:44 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Angela\Desktop\JRT.exe [2013.05.19 15:28:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.16 22:24:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 22:24:58 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 22:24:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 22:24:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 22:24:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 22:24:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 22:24:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 22:24:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 22:24:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 22:24:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 23:05:43 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.05.15 22:26:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.15 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\temp [2013.05.15 21:44:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.15 21:44:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.15 21:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.15 21:42:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.15 21:40:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.15 21:38:49 | 005,066,276 | R--- | C] (Swearware) -- C:\Users\Angela\Desktop\ComboFix.exe [2013.05.15 08:18:30 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 08:18:29 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 08:18:11 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 08:17:57 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.15 08:17:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.13 21:15:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe [2013.05.10 21:15:09 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Updater [2013.05.10 21:04:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2013.05.10 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.05.10 19:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared [2013.05.10 19:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.05.10 18:57:44 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2 [2013.05.10 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\CrashDumps [2013.05.10 09:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.05.10 09:37:00 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\DVDVideoSoft [2013.05.10 09:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.05.10 09:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.05.10 09:08:56 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys [2013.05.10 09:08:56 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys [2013.05.10 09:08:56 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symelam.sys [2013.05.10 09:08:55 | 000,602,712 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys [2013.05.10 09:08:55 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys [2013.05.10 09:08:55 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys [2013.05.10 09:08:55 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys [2013.05.10 09:08:55 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys [2013.05.10 09:08:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\1403010.016 [2013.05.10 08:56:49 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.05.10 08:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.05.10 08:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.05.10 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360 [2013.05.10 08:54:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2013.05.10 08:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2013.05.09 08:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.05.09 08:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.05.09 08:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2013.05.05 15:50:05 | 000,000,000 | ---D | C] -- C:\Windows\HerculesWebcamUpdater [2013.05.05 15:50:03 | 000,374,056 | ---- | C] (Guillemot Corporation S.A.) -- C:\Windows\System32\HWLMSET2.exe [2013.05.05 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules [2013.04.26 10:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.26 10:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.24 22:33:15 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 22:33:15 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 22:26:07 | 000,000,678 | ---- | M] () -- C:\Windows\Brownie.ini [2013.05.24 22:26:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.24 22:25:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 22:25:40 | 798,564,352 | -HS- | M] () -- C:\hiberfil.sys [2013.05.24 22:20:56 | 000,632,031 | ---- | M] () -- C:\Users\Angela\Desktop\adwcleaner.exe [2013.05.24 22:13:29 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.24 22:10:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Angela\Desktop\JRT.exe [2013.05.24 22:05:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 11:05:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.19 21:00:58 | 000,672,522 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.19 21:00:58 | 000,623,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.19 21:00:58 | 000,135,806 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.19 21:00:58 | 000,111,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.17 08:06:16 | 000,414,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 08:04:43 | 001,931,797 | ---- | M] () -- C:\Windows\System32\drivers\N360\1403010.016\Cat.DB [2013.05.15 23:05:51 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 23:05:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.15 23:05:43 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.05.15 22:17:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.15 21:39:11 | 005,066,276 | R--- | M] (Swearware) -- C:\Users\Angela\Desktop\ComboFix.exe [2013.05.13 21:15:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\OTL.exe [2013.05.10 19:06:36 | 000,001,249 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.05.10 09:25:48 | 000,002,304 | ---- | M] () -- C:\{C44647FC-F019-4957-BD7A-84B1B48CE4D0} [2013.05.10 08:56:48 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.05.10 08:56:48 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.05.10 08:56:48 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.24 22:20:42 | 000,632,031 | ---- | C] () -- C:\Users\Angela\Desktop\adwcleaner.exe [2013.05.15 21:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.15 21:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.15 21:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.15 21:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.15 21:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.10 21:07:20 | 000,002,550 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk [2013.05.10 21:04:42 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2013.05.10 20:31:01 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk [2013.05.10 19:15:35 | 000,002,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.05.10 19:15:35 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.05.10 19:09:26 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.05.10 19:06:35 | 000,001,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.05.10 19:04:54 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.05.10 09:25:47 | 000,002,304 | ---- | C] () -- C:\{C44647FC-F019-4957-BD7A-84B1B48CE4D0} [2013.05.10 09:14:17 | 001,931,797 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\Cat.DB [2013.05.10 09:11:34 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\VT20130115.021 [2013.05.10 09:08:56 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symelam.cat [2013.05.10 09:08:56 | 000,007,601 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symnet.cat [2013.05.10 09:08:56 | 000,007,583 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symefa.cat [2013.05.10 09:08:56 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symefa.inf [2013.05.10 09:08:56 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symnet.inf [2013.05.10 09:08:56 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symelam.inf [2013.05.10 09:08:55 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.cat [2013.05.10 09:08:55 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\iron.cat [2013.05.10 09:08:55 | 000,007,581 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.cat [2013.05.10 09:08:55 | 000,007,577 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symds.cat [2013.05.10 09:08:55 | 000,007,577 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.cat [2013.05.10 09:08:55 | 000,002,852 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\symds.inf [2013.05.10 09:08:55 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.inf [2013.05.10 09:08:55 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.inf [2013.05.10 09:08:55 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.inf [2013.05.10 09:08:55 | 000,000,737 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\iron.inf [2013.05.10 09:08:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\1403010.016\isolate.ini [2013.05.10 08:56:49 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.05.10 08:56:49 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.05.05 15:50:03 | 000,015,144 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll [2013.04.21 19:03:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2013.04.21 19:03:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2013.02.13 19:44:05 | 000,017,408 | ---- | C] () -- C:\Users\Angela\AppData\Local\WebpageIcons.db [2013.02.10 21:45:28 | 000,010,851 | ---- | C] () -- C:\Users\Angela\.recently-used.xbel [2012.11.07 13:41:13 | 000,021,860 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.08.13 23:11:46 | 000,007,602 | ---- | C] () -- C:\Users\Angela\AppData\Local\Resmon.ResmonCfg [2011.06.07 09:35:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.07 09:33:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.12.14 11:24:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.12.09 10:17:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.29 09:18:08 | 000,000,032 | RHS- | C] () -- C:\Users\Angela\AppData\Local\t56.dat [2010.06.30 20:48:44 | 000,003,584 | ---- | C] () -- C:\Users\Angela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.12 19:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
24.05.2013, 22:14
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt SpamFixen mit OTL
Code:
ATTFilter :OTL
FF - user.js - File not found
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2013, 06:57
| #23 |
| | AOL Mailadresse verschickt Spam Ist erledigt, der logfile ist: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Angela\Desktop\cmd.bat deleted successfully.
C:\Users\Angela\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79762421 bytes
->Flash cache emptied: 57550 bytes
User: All Users
User: Angela
->Temp folder emptied: 84732801 bytes
->Temporary Internet Files folder emptied: 129928812 bytes
->Java cache emptied: 33861753 bytes
->FireFox cache emptied: 79778976 bytes
->Google Chrome cache emptied: 11812329 bytes
->Flash cache emptied: 69547 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1633392 bytes
RecycleBin emptied: 513560180 bytes
Total Files Cleaned = 892,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05252013_074851
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_ANGELA-NOTEBOOK$\1760 not found!
C:\Windows\temp\ib41 moved successfully.
C:\Windows\temp\ib42 moved successfully.
C:\Windows\temp\ib43 moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
25.05.2013, 19:16
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt Spam Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 08:17
| #25 |
| | AOL Mailadresse verschickt Spam der Logfile von Malwarebytes ist: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.26.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Angela :: ANGELA-NOTEBOOK [administrator] 26.05.2013 21:44:34 mbam-log-2013-05-26 (21-44-34).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 465924 Time elapsed: 2 hour(s), 30 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
27.05.2013, 09:09
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt Spam ok, fehlt noch eset
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 21:48
| #27 |
| | AOL Mailadresse verschickt Spam Eset hat irgendwas auf meiner externen Festplatte gefunden :-( Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=08469e80275b0c4a96ee6b761950976e
# engine=13925
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-27 07:37:04
# local_time=2013-05-27 09:37:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 93 964478 120345920 0 0
# compatibility_mode=5893 16776574 100 94 4594160 121314615 0 0
# scanned=328923
# found=2
# cleaned=0
# scan_time=30518
sh=77116DB8957F067C77FFD3667A7F21B26A7C475F ft=0 fh=0000000000000000 vn="Win32/StartPage.OIE trojan" ac=I fn="G:\ANGELA-NOTEBOOK\Backup Set 2012-01-02 113910\Backup Files 2012-06-03 174903\Backup files 22.zip"
sh=B7EAC6FB7A5A2FD47A2599D066CE042C44C0FB45 ft=0 fh=0000000000000000 vn="Win32/StartPage.OIE trojan" ac=I fn="G:\ANGELA-NOTEBOOK\Backup Set 2012-07-28 152052\Backup Files 2012-07-28 152052\Backup files 32.zip"
|
|
27.05.2013, 21:58
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt Spam Das sind nur alte Backup-Sets, einfach mal löschen Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2013, 08:35
| #29 |
| | AOL Mailadresse verschickt Spam Hallo, puh da bin ich erleichtert! Wie stelle ich denn beim Firefox ein, dass alles beim Beenden des Browsers gelöscht wird? Sonst ist eigentlich alles gut nur bei Firefox zeigt der in letzter Zeit immer an: Plugin funktioniert nicht-Skript stoppen oder weiter ausführen. Am Anfang war es nur Shockwave des habe ich dann neu runter geladen, manchmal ist es aber auch Abobe oder andere. Kann man da was dagegen machen? Tausend Dank für die Hilfe!!! |
|
29.05.2013, 09:25
| #30 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | AOL Mailadresse verschickt SpamZitat:
Alternative: immer den privaten Modus verwenden Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu AOL Mailadresse verschickt Spam |
| angeblich, entfern, entfernt, kaspersky, konnte, laufe, laufen, link, mailadresse, monate, nichts, norton, spam, spammails, troja, trojaner, verschickt |
Textbox. 
Linear-Darstellung
