| |
| |||||||
Log-Analyse und Auswertung: Windows 7: nur vermuellt oder Wurm?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.11.2013, 10:37
| #1 |
| |  Windows 7: nur vermuellt oder Wurm? Liebe Helfer, Meine Freundin hat ein HP Mini Notebook von ihrer Schwestern bekommen und der bereitet Probleme. Der PC ist unheimlich langsam (selbst fuer einen so schachen PC) und ich habe den Verdacht, dass Malware am Werk ist. Z.B. wechselt die Firefox Startseite immer auf eine Werbeseite (portaldosites*com). Ich habe jetzt Sophos 10 installiert. Vorher waren aeltere Versionen von AVG und McAfee auf dem PC. Koennt ihr mir bitte sagen, wie ich den Firefox clean bekomme und ob womoeglich noch andere Malware auf dem PC ist? Vielen, vielen Dank! Felix Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:44 on 10/11/2013 (Miranda)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Miranda (administrator) on MIRANDA-HP on 10-11-2013 19:50:14
Running from C:\Users\Miranda\Desktop
Microsoft Windows 7 Starter (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG8\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG8\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
(Iminent) C:\Program Files\Common Files\Umbrella\umbrella.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgtray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AVG8_TRAY] - C:\Program Files\AVG\AVG8\avgtray.exe [2042208 2012-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [tutoriales100_es_14] - [x]
HKLM\...\Run: [majtutoriales100_es_17] - [x]
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-06-09] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-05] (Hewlett-Packard)
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {3bacb821-1618-11e3-abd3-002682e21e10} - E:\AutoRun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1377203796
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1377203796
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1377203796
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1377203796
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - (No Name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1364758821
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=3407937
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=3407937
SearchScopes: HKLM - {82D8AA4E-6228-4678-A7FF-CD3D19C1BC6A} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {870A6C78-1F98-4687-998F-7A0FC925BAC3} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {DA585FF3-EA29-456D-B90C-EFDE318721E4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1377203802
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=0A3B002682E21E10&affID=121962&tsp=4939
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=SAMSUNGXHM250HI_S24FJ90Z922064&ts=1377203802
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {5D77453B-D036-449B-A889-513452B2FD84} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=^T8&apn_dtid=^zzz001^YY^ES&apn_uid=5e5cc23d-99db-4c14-8757-b8f21155bed2&apn_sauid=41D124EE-1E33-4E17-A580-9E607C8995DE
SearchScopes: HKCU - {82D8AA4E-6228-4678-A7FF-CD3D19C1BC6A} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {870A6C78-1F98-4687-998F-7A0FC925BAC3} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={748608C9-E3D1-4D2C-B0C7-51F1EF9A9386}&mid=48028d568abaa62b934a1ac1d424bf8b-d38c757f8ecf80a90f6fb3769d9bf2ccc7c72bd0&lang=es-es&ds=AVG&pr=&d=2012-11-07 11:03:51&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {BB758E94-3969-408E-951A-EDE630141376} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {DA585FF3-EA29-456D-B90C-EFDE318721E4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default
FF user.js: detected! => C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\user.js
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.google.es
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Miranda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Miranda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Miranda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Miranda\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Miranda\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\searchplugins\holasearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\portaldosites.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-es.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-es.xml
FF Extension: Adblock Plus - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: webbooster - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\Extensions\webbooster@iminent.com.xpi
FF Extension: Adblock Plus - C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\wge3sqo7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
FF Extension: Iminent Minibar - C:\Program Files\Iminent\webbooster@iminent.com
Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (hola Toolbar) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla\1.1_0
CHR Extension: () - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1
CHR Extension: (Wajam) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (Skype Click to Call) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0
CHR Extension: (Gmail) - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx
========================== Services (Whitelisted) =================
R2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2012-11-06] (AVG Technologies CZ, s.r.o.)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-06-18] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2894144 2013-11-09] (Iminent)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-09] (IDT, Inc.)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-30] (AVG Secure Search)
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424104 2013-08-22] (Taiwan Shui Mu Chih Ching Technology Limited.)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)
==================== Drivers (Whitelisted) ====================
R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2012-11-06] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2012-11-06] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [12552 2012-11-06] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2012-11-06] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-30] (AVG Technologies)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [230944 2010-05-07] (Realtek Semiconductor Corp.)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [x]
S3 USBZTECCID; system32\DRIVERS\ZTEusbccid.sys [x]
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
S3 ZTEusbwwan; system32\DRIVERS\ZTEusbwwan.sys [x]
S3 zte_massejct; System32\Drivers\zte_massejct.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-10 19:49 - 2013-11-10 19:49 - 00000000 ____D C:\FRST
2013-11-10 19:47 - 2013-11-10 19:47 - 01090275 _____ (Farbar) C:\Users\Miranda\Desktop\FRST.exe
2013-11-10 19:44 - 2013-11-10 19:45 - 00000476 _____ C:\Users\Miranda\Desktop\defogger_disable.log
2013-11-10 19:44 - 2013-11-10 19:44 - 00000000 _____ C:\Users\Miranda\defogger_reenable
2013-11-10 19:42 - 2013-11-10 19:42 - 00050477 _____ C:\Users\Miranda\Desktop\Defogger.exe
2013-11-10 19:40 - 2013-11-10 19:40 - 00000000 ____D C:\Program Files\IDT
2013-11-10 19:40 - 2010-06-09 10:06 - 00527872 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll
2013-11-10 19:39 - 2010-06-09 10:06 - 12648540 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl
2013-11-10 19:39 - 2010-06-09 10:06 - 03473408 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll
2013-11-10 19:39 - 2010-06-09 10:06 - 00536576 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe
2013-11-10 19:39 - 2010-06-09 10:06 - 00495708 _____ (IDT, Inc.) C:\Windows\sttray.exe
2013-11-10 19:39 - 2010-04-01 23:06 - 00139776 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll
2013-11-10 19:39 - 2009-10-10 09:45 - 00380928 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll
2013-11-10 19:39 - 2009-03-03 10:57 - 00061440 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll
2013-11-10 19:39 - 2009-03-03 10:47 - 00086016 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll
2013-11-04 11:51 - 2013-11-04 11:51 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-04 10:56 - 2013-11-04 10:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-04 10:55 - 2013-11-04 11:50 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-04 10:55 - 2013-11-04 10:55 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 10:54 - 2013-11-10 19:38 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 21:31 - 2013-11-03 08:17 - 00000000 ____D C:\Users\Miranda\Desktop\Nueva carpeta
2013-11-02 17:28 - 2013-11-02 17:28 - 00000000 ____D C:\Users\Miranda\AppData\Local\avgchrome
2013-10-30 08:09 - 2013-10-30 08:09 - 00001809 _____ C:\Users\Miranda\Desktop\The Official Guide for GMAT Review, 13th Edition - Acceso directo.lnk
2013-10-30 08:03 - 2013-10-30 08:03 - 50053120 _____ C:\Program Files\GUTA8B.tmp
2013-10-30 08:03 - 2013-10-30 08:03 - 00000000 ____D C:\Program Files\GUMA8A.tmp
==================== One Month Modified Files and Folders =======
2013-11-10 19:49 - 2013-11-10 19:49 - 00000000 ____D C:\FRST
2013-11-10 19:47 - 2013-11-10 19:47 - 01090275 _____ (Farbar) C:\Users\Miranda\Desktop\FRST.exe
2013-11-10 19:45 - 2013-11-10 19:44 - 00000476 _____ C:\Users\Miranda\Desktop\defogger_disable.log
2013-11-10 19:44 - 2013-11-10 19:44 - 00000000 _____ C:\Users\Miranda\defogger_reenable
2013-11-10 19:44 - 2012-09-26 21:36 - 00000000 ____D C:\Users\Miranda
2013-11-10 19:42 - 2013-11-10 19:42 - 00050477 _____ C:\Users\Miranda\Desktop\Defogger.exe
2013-11-10 19:40 - 2013-11-10 19:40 - 00000000 ____D C:\Program Files\IDT
2013-11-10 19:40 - 2013-07-10 21:59 - 00011005 _____ C:\Windows\setupact.log
2013-11-10 19:38 - 2013-11-04 10:54 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 19:37 - 2009-07-14 05:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 19:37 - 2009-07-14 05:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 19:36 - 2013-03-31 20:43 - 00000000 ____D C:\ProgramData\eSafe
2013-11-10 19:34 - 2010-09-23 20:43 - 01924925 _____ C:\Windows\WindowsUpdate.log
2013-11-10 19:33 - 2013-08-22 21:35 - 00000000 ____D C:\Program Files\WinZipper
2013-11-10 19:30 - 2013-06-03 15:28 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-10 19:30 - 2012-11-07 11:15 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 19:30 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 19:30 - 2009-07-14 05:33 - 00417288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 19:29 - 2013-07-10 21:59 - 00016854 _____ C:\Windows\PFRO.log
2013-11-10 19:29 - 2010-07-28 14:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 19:29 - 2010-07-28 13:58 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-11-10 19:24 - 2010-09-23 21:13 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-10 19:24 - 2010-09-23 21:13 - 00000000 ____D C:\Program Files\HP Games
2013-11-10 19:21 - 2010-09-23 21:10 - 00000000 ____D C:\Program Files\Downloaded Installations
2013-11-10 19:18 - 2012-11-07 11:16 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 19:11 - 2012-11-07 18:00 - 00000000 ____D C:\Program Files\Defraggler
2013-11-10 19:09 - 2012-12-06 16:56 - 00000000 ____D C:\Program Files\DsNET Corp
2013-11-10 19:01 - 2013-09-05 15:10 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234750219-565304826-628335460-1000UA.job
2013-11-10 18:58 - 2010-07-28 15:57 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-10 18:33 - 2013-03-31 20:41 - 00000000 ____D C:\Program Files\Iminent
2013-11-10 18:33 - 2013-03-31 20:41 - 00000000 ____D C:\Program Files\Common Files\Umbrella
2013-11-10 18:26 - 2012-12-06 19:56 - 00000000 ____D C:\Windows\pss
2013-11-10 18:15 - 2012-12-05 20:24 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\Skype
2013-11-10 18:04 - 2012-11-06 20:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 13:12 - 2013-05-29 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-10 13:12 - 2012-11-06 20:56 - 00000000 ____D C:\Users\Miranda\AppData\Local\Mozilla
2013-11-09 14:15 - 2012-09-27 19:59 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\ZumoDrive
2013-11-09 11:57 - 2012-11-13 17:33 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-11-09 11:56 - 2013-03-07 16:33 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-04 19:32 - 2012-11-06 18:16 - 00000000 ____D C:\Users\Miranda\AppData\Local\Microsoft Help
2013-11-04 11:51 - 2013-11-04 11:51 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-04 11:50 - 2013-11-04 10:55 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-04 11:40 - 2012-11-07 11:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-04 11:40 - 2012-11-07 11:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-04 10:57 - 2012-11-19 15:53 - 00000000 ____D C:\Users\Miranda\AppData\Local\Adobe
2013-11-04 10:56 - 2013-11-04 10:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-04 10:55 - 2013-11-04 10:55 - 00000000 ____D C:\ProgramData\McAfee
2013-11-03 09:59 - 2009-09-07 00:02 - 01555646 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 08:17 - 2013-11-02 21:31 - 00000000 ____D C:\Users\Miranda\Desktop\Nueva carpeta
2013-11-02 17:28 - 2013-11-02 17:28 - 00000000 ____D C:\Users\Miranda\AppData\Local\avgchrome
2013-10-30 08:09 - 2013-10-30 08:09 - 00001809 _____ C:\Users\Miranda\Desktop\The Official Guide for GMAT Review, 13th Edition - Acceso directo.lnk
2013-10-30 08:05 - 2012-11-06 20:56 - 00000000 ____D C:\Users\Miranda\AppData\Roaming\Mozilla
2013-10-30 08:03 - 2013-10-30 08:03 - 50053120 _____ C:\Program Files\GUTA8B.tmp
2013-10-30 08:03 - 2013-10-30 08:03 - 00000000 ____D C:\Program Files\GUMA8A.tmp
2013-10-30 08:02 - 2013-07-30 13:44 - 00003727 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-30 08:01 - 2013-09-05 15:10 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234750219-565304826-628335460-1000Core.job
2013-10-30 08:00 - 2012-11-07 11:04 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-10-30 07:59 - 2012-11-18 12:34 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
Some content of TEMP:
====================
C:\Users\Miranda\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Miranda\AppData\Local\Temp\ResetDevice.exe
C:\Users\Miranda\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Miranda\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Miranda\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Miranda\AppData\Local\Temp\uninst1.exe
C:\Users\Miranda\AppData\Local\Temp\WindowsAPI.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-06 14:53
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01
Ran by Miranda at 2013-11-10 19:54:16
Running from C:\Users\Miranda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG Anti-Virus (Enabled - Up to date) {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AS: AVG Anti-Virus (Enabled - Up to date) {B7F27160-B86D-C455-D0D1-307E04E5E53F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (Version: 1.6.65)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.3 MUI (Version: 9.3.0)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
AVG 8.5
AVG Security Toolbar (Version: 17.0.1.12)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Compresor WinRAR
ESU for Microsoft Windows 7 (Version: 1.0.0)
Galería fotográfica de Windows Live (Version: 14.0.8117.416)
Google Chrome (Version: 30.0.1599.101)
Google Talk Plugin (Version: 4.8.2.15856)
Google Update Helper (Version: 1.3.21.165)
Herramienta de carga de Windows Live (Version: 14.0.8014.1029)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Documentation (Version: 1.1.1.0)
HP HomeBase (Version: 3.2.2.90)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.1.5)
HP QuickSync (Version: 6.2.684.10454)
HP Software Framework (Version: 4.0.39.1)
HP Support Assistant (Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.9.0)
Iminent (Version: 6.4.56.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.2.1)
Java(TM) 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8117.416)
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 25.0 (x86 es-ES) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
MSVCRT (Version: 14.0.1468.721)
Nero 7 Ultra Edition (Version: 7.02.2620)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30319)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek PCIE Card Reader (Version: 6.1.7600.00048)
Recovery Manager (Version: 5.5.3023)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.3 (Version: 6.3.107)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Windows Live Asistente para el inicio de sesión (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
WinZipper (Version: 1.4.8)
==================== Restore Points =========================
30-05-2013 10:36:22 Removed Energy Star Digital Logo
30-05-2013 10:39:14 Removed Evernote
06-06-2013 14:41:42 Punto de control programado
10-11-2013 17:47:50 Configurado PowerStarter
10-11-2013 17:53:25 Configurado Power2Go
10-11-2013 17:59:08 Removed HP Setup
10-11-2013 18:10:02 Removed Windows Movie Maker 2.6
10-11-2013 18:11:50 Removed Energy Star Digital Logo
10-11-2013 18:12:26 Removed HP QuickWeb Installer.
10-11-2013 18:25:55 Eliminado IDT Audio
10-11-2013 18:34:35 Removed Evernote
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {036CEF0F-1A5E-4F14-831C-8DCCB64579CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {06757E30-B543-4DA1-BB09-1D953EB8600C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {176B79C8-5250-4C8E-A1A2-062B80E492D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-04] (Adobe Systems Incorporated)
Task: {19F8FB9F-89EA-4EFA-B648-83B2BCAA6CF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: {459F0DE8-32D9-4435-A282-0AEBA780BEFF} - System32\Tasks\337_wallpaper_schedule_update => C:\Users\Miranda\AppData\Roaming\337\337 Wallpaper\plusapp.exe [2013-05-26] ()
Task: {6F99E99E-7D72-4D00-BFFB-9C59C1758034} - System32\Tasks\DealPly => C:\Users\Miranda\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {7437A3D9-E99D-4B7B-9EF4-3D19499214A2} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe
Task: {7C438D47-04A8-4D93-82FB-3051CCF854D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4234750219-565304826-628335460-1000UA => C:\Users\Miranda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {9FD5940C-1681-4B9D-B898-E98FFE0FBD64} - System32\Tasks\JavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18] (Sun Microsystems, Inc.)
Task: {A4CBDFFD-0DBB-4A95-9227-B944A0BA92EF} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files\Omiga Plus\omigaplus.exe
Task: {BEC9D0A4-C14A-441A-B3F6-DF25BCC4E7F6} - System32\Tasks\RunAsStdUser => C:\Program Files\Desk 365\desk365.exe
Task: {C15D85E6-5F35-421E-A6F3-88C8EB27C85A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-11-05] (Microsoft)
Task: {CEBBE015-4CEC-43C0-8F34-694643F188DA} - System32\Tasks\{370A5E39-8D5D-41B3-8986-9762C80FE025} => C:\Users\Miranda\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe
Task: {D4BEFD7E-44E1-4D15-A0CB-1401014480D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4234750219-565304826-628335460-1000Core => C:\Users\Miranda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {DCCFE0F4-DFBC-42FC-807B-A927B91FF5F6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{5117CC2D-2B00-4FA5-8B4B-3D2CA5A3B2AF}.exe
Task: {E3499FFB-DF9E-413B-BA74-789C749BD534} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {ED3EED49-020B-4B6F-A5BE-2FC63048A6EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F47757DC-76C8-46F7-BE9B-9E4F63C41C6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {F68358C0-C388-43E6-9B7E-70EBE4784D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{5117CC2D-2B00-4FA5-8B4B-3D2CA5A3B2AF}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234750219-565304826-628335460-1000Core.job => C:\Users\Miranda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234750219-565304826-628335460-1000UA.job => C:\Users\Miranda\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-11-06 21:04 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2013-05-29 11:32 - 2013-11-10 13:11 - 03368048 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/10/2013 06:47:46 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {5dbbe3db-f44d-4513-9a97-59c7c94f3d81}
Error: (11/10/2013 05:59:20 PM) (Source: Application Hang) (User: )
Description: El programa Skype.exe, versión 6.3.0.107, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
Identificador de proceso: ee8
Hora de inicio: 01cedd4dacd46a5b
Hora de finalización: 115
Ruta de acceso de la aplicación: C:\Program Files\Skype\Phone\Skype.exe
Identificador de informe: 657d9225-4a29-11e3-a74f-0021cc5a63ff
Error: (11/10/2013 11:19:40 AM) (Source: SkypeUpdate) (User: )
Description: File C:\Windows\TEMP\SKY868F.tmp has invalid signature.
Error: (11/05/2013 02:33:48 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
.
Error: (11/05/2013 02:33:48 PM) (Source: VSS) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
]
Error: (11/05/2013 02:33:48 PM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
.
Error: (11/05/2013 02:33:48 PM) (Source: VSS) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
]
Error: (11/02/2013 05:31:42 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/30/2013 08:04:53 AM) (Source: Microsoft-Windows-RestartManager) (User: Miranda-HP)
Description: No se pudo cerrar la aplicación o el servicio 'Plugin Container for Firefox'.
Error: (09/19/2013 04:44:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
System errors:
=============
Error: (11/10/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
cdrom
Error: (11/10/2013 07:31:34 PM) (Source: Service Control Manager) (User: )
Description: El servicio Wsys Service no respondió después de iniciar.
Error: (11/10/2013 07:28:22 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (11/10/2013 06:31:21 PM) (Source: Service Control Manager) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
cdrom
Error: (11/10/2013 06:30:35 PM) (Source: Service Control Manager) (User: )
Description: El servicio Wsys Service no respondió después de iniciar.
Error: (11/10/2013 06:07:15 PM) (Source: Service Control Manager) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
cdrom
Error: (11/10/2013 06:06:28 PM) (Source: Service Control Manager) (User: )
Description: El servicio Wsys Service no respondió después de iniciar.
Error: (11/10/2013 04:34:55 PM) (Source: Service Control Manager) (User: )
Description: El servicio Wsys Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
Error: (11/10/2013 04:34:26 PM) (Source: Service Control Manager) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection.
Error: (11/10/2013 00:07:04 PM) (Source: Service Control Manager) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio HPWMISVC.
Microsoft Office Sessions:
=========================
Error: (01/29/2013 09:34:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18599 seconds with 1740 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 81%
Total physical RAM: 1011.9 MB
Available physical RAM: 184.45 MB
Total Pagefile: 2035.9 MB
Available Pagefile: 922.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:215.73 GB) (Free:174.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: CFF3C22F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-10 21:41:37
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AC1 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Miranda\AppData\Local\Temp\awliykow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81C435C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C68092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] ntdll.dll!RtlExitUserThread 76E90859 5 Bytes JMP 72F8E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] ntdll.dll!KiUserExceptionDispatcher 76EA6448 5 Bytes JMP 72F8A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] ntdll.dll!LdrLoadDll 76EBF585 5 Bytes JMP 61B2F920 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!CreateProcessA 753C2062 5 Bytes JMP 72F8E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!ResumeThread 75403F14 5 Bytes JMP 72F8E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!VirtualProtect 754050AB 5 Bytes JMP 72F8E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!CreateActCtxW 754075A3 5 Bytes JMP 72F87DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!LoadLibraryExW 7540B6BF 5 Bytes JMP 72F87AD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!LoadLibraryExA 7540BC8B 5 Bytes JMP 72F8E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7540C0CF 7 Bytes JMP 622F329A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!GlobalAlloc 7540D35C 5 Bytes JMP 72F8E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!CloseHandle + 38 7541060F 7 Bytes JMP 622F32BD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!CreateFileW 75410B7D 5 Bytes JMP 72F87CC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!WriteFile 754111EC 5 Bytes JMP 72F8E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!GetProcAddress 75411857 5 Bytes JMP 72F8E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!FreeLibrary 75411A09 5 Bytes JMP 72F87BD0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!LoadLibraryA 75412884 5 Bytes JMP 72F8E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!LoadLibraryW 754128D2 5 Bytes JMP 72F8E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!CreateFileA 7541291C 5 Bytes JMP 72F8E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!ExitProcess 75412AEF 5 Bytes JMP 72F8E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!GetExitCodeProcess + 2C 7541315D 7 Bytes JMP 61B340F6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!CreateProcessInternalA 7541F596 5 Bytes JMP 72F8E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!ReplaceFile 75423660 5 Bytes JMP 72F87810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!WriteFileEx 754262BD 5 Bytes JMP 72F8E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!WriteProcessMemory 754285C1 5 Bytes JMP 72F8E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!GetThreadContext 7542964F 5 Bytes JMP 72F8E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!WinExec 7544E76D 5 Bytes JMP 72F8E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!VirtualProtectEx 7544F729 5 Bytes JMP 72F8E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] kernel32.dll!SetThreadContext 754502A3 5 Bytes JMP 72F8E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] USER32.dll!CreateWindowExW 764D0E51 5 Bytes JMP 72F87E80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] USER32.dll!GetWindowInfo 764D6A82 5 Bytes JMP 6221089F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] GDI32.dll!GetViewportOrgEx + 21C 76FD85EB 7 Bytes JMP 622F321B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!closesocket 76593BED 5 Bytes JMP 72F8E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!bind 765946BC 5 Bytes JMP 72F8E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!recv 765947DF 5 Bytes JMP 72F8E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!connect 765948BE 5 Bytes JMP 72F8E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!listen 7659A6EA 5 Bytes JMP 72F8E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!WSASocketA 7659B7FC 5 Bytes JMP 72F8E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!WSAStartup 7659C0FB 7 Bytes JMP 72F8E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!getpeername 7659C355 5 Bytes JMP 72F8E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!send 7659C4C8 5 Bytes JMP 72F8EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WS2_32.dll!accept 7659E64B 5 Bytes JMP 72F8E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] ole32.dll!StgOpenStorageEx 76BE71FF 5 Bytes JMP 72F8DB70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] SHELL32.dll!SHExtractIconsW 759C8173 5 Bytes JMP 72F943C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WININET.dll!InternetReadFile 76D7E2A4 5 Bytes JMP 72F8E8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WININET.dll!InternetQueryDataAvailable 76D8420B 5 Bytes JMP 72F8E8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WININET.dll!InternetOpenA 76D87E1C 5 Bytes JMP 72F8E860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4012] WININET.dll!InternetOpenUrlA 76D8DC18 5 Bytes JMP 72F8E880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
]
|
Baum-Darstellung