Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Yahoo Account macht sich selbstständig - Virensuche erfolglos

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.04.2013, 17:52   #1
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Hallo,

heute morgen hat sich mein Yahoo-Account verselbstständigt und E-Mails mit einem Link an mein komplettes Adressbuch verschickt. Die Mails sind auf meinem PC im gesendet-Ordner, ich hab mein PW geändert und vorsichtshalber das Adressbuch gelöscht, auch wenn das wohl jetzt nicht mehr viel bringt.
Ich greife auf meinen Account mit dem Firefoxbrowser zu, außerdem von verschiedenen Computern und übers Handy. (Da die Mails aber auf meinem Heim-PC im Gesendet-Ordner sind, verdächtige ich diesen als Übeltäter)

Ich habe mein Norton-Anti-Virus und Malwarebytes Anti-Malware drüber laufen lassen. Beide haben nichts Verdächtiges finden können. Ich sichere gerade meine Daten auf eine externe Festplatte, da die aber auch jetzt an meinem Heim-PC hängt, bringt das auch net viel wenn ich den PC neu aufsetze...
Deswegen würde ich gerne versuchen den Übeltäter auf andere Weise zu finden. Bei meiner Internetsuche bin ich dann auf dieses Forum gestoßen. (Quelle: Google )

Andere verdächtige Aktivitäten sind mir keine aufgefallen. System läuft normal. Ich bin eigentlich auch immer sehr vorsichtig aber irgendetwas muss die Mails ja verschickt haben.

Ich bitte um Hilfe!
Vielen Dank im Voraus!
lg Myriam

PS: Ich war zwar fest der Meinung im Forum "Plagegeister ..." meinen Thread zu eröffnen... aber anscheinend bin ich da verrutscht. Kann den Beitrag aber auch net löschen oder verschieben?

Ich hab inzwischen auch die OTL & GMER Anweisungen gesehen und durchgeführt. Sorry aber ich habe vor meinem ersten Post auf der Hinweisseite nicht weit genug runtergescrollt ^^

Also nachfolgend die drei Log-Dateien:

OTL

Code:
ATTFilter
OTL logfile created on: 12.04.2013 18:09:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,24% Memory free
6,20 Gb Paging File | 3,76 Gb Available in Paging File | 60,65% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 198,03 Gb Free Space | 43,94% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
Drive F: | 596,02 Gb Total Space | 542,09 Gb Free Space | 90,95% Space Free | Partition Type: FAT32
 
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 18:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myriam\Downloads\OTL.exe
PRC - [2013.04.12 12:34:03 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.12 12:06:41 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.11.01 21:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.08.03 09:44:06 | 000,498,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe
PRC - [2010.08.03 09:43:56 | 000,477,768 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2010.08.03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.08.03 09:42:52 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2010.08.03 09:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009.05.04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe
PRC - [2009.04.17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.04.07 18:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008.08.23 09:54:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008.05.02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 03:42:18 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe
PRC - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2008.05.02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:25:18 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPSideShowGadget.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.12 10:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.09.12 10:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.08.23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 12:34:00 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.04.12 12:06:41 | 016,032,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2011.04.28 19:39:18 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2008.08.23 09:54:17 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2007.08.23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - [2013.04.12 12:34:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009.05.04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009.04.17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc)
SRV - [2008.05.14 11:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008.05.14 11:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008.05.14 11:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.12 10:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys -- (jnv4_mib)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.01.18 16:39:36 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130411.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.18 16:39:36 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130411.032\NAVENG.SYS -- (NAVENG)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.24 00:28:44 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.12.24 00:28:44 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.12.21 19:04:02 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130411.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.12.13 15:28:42 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.12.13 15:26:36 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012.12.13 15:26:36 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys -- (ccSet_NAV)
DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012.04.18 04:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys -- (SymIRON)
DRV - [2012.03.26 23:10:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.02.07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.04.01 16:48:14 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.02.29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.09.12 10:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.09.12 10:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.03.01 10:25:12 | 000,008,704 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0080815
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sacajewia.yfw24.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{D348BADA-AED4-422D-84DE-B8C9BDA6386C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.sacajewia.yfw24.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.01 10:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M]
 
[2010.04.15 14:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions
[2008.10.06 22:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions\info@zla.bs
[2013.01.03 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions
[2011.04.07 19:15:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.03.08 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 12:34:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.01 14:06:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 14:06:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.01 14:06:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 14:06:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 14:06:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 14:06:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.11 18:01:33 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 129.187.254.28	asa-cluster.lrz.de
O1 - Hosts: 129.187.254.28	asa-cluster.lrz.de
O1 - Hosts: 129.187.254.28	asa-cluster.lrz.de
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD226102-D412-4584-BE6A-F573DAD411F6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03beb4c8-9fb9-11df-aff4-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{35e3ee55-70e3-11dd-8fb6-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{35e3ee55-70e3-11dd-8fb6-001e4ccc83fe}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe
O33 - MountPoints2\{35e3ee5d-70e3-11dd-8fb6-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{35e3ee5d-70e3-11dd-8fb6-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{5c8f1820-76ea-11de-be8c-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{5c8f1820-76ea-11de-be8c-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5c8f1828-76ea-11de-be8c-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{5c8f1828-76ea-11de-be8c-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{61f3db21-2b89-11e0-a7ff-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{61f3db21-2b89-11e0-a7ff-001e4ccc83fe}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O33 - MountPoints2\{ee718ece-4d09-11e2-952a-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{ee718ece-4d09-11e2-952a-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f656c8c2-f58a-11e1-8088-001e4ccc83fe}\Shell - "" = AutoRun
O33 - MountPoints2\{f656c8c2-f58a-11e1-8088-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.12 12:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.12 12:22:46 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Malwarebytes
[2013.04.12 12:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.12 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.12 12:22:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.12 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.03.20 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Local\Macromedia
[2013.03.20 13:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.03.20 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.03.20 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.03.20 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013.03.20 12:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2013.03.20 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Audacity
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 18:08:16 | 000,000,000 | ---- | M] () -- C:\Users\Myriam\defogger_reenable
[2013.04.12 17:36:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.12 17:25:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 17:25:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 17:25:27 | 000,002,016 | ---- | M] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37}
[2013.04.12 14:37:49 | 000,102,912 | ---- | M] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.12 13:54:18 | 000,691,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.12 13:54:18 | 000,649,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.12 13:54:18 | 000,154,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.12 13:54:18 | 000,126,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.12 12:30:05 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job
[2013.04.12 12:25:36 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job
[2013.04.12 12:25:14 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.12 12:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.12 07:21:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.12 03:23:01 | 000,358,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.12 03:22:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 03:20:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.11 18:01:33 | 000,000,878 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.05 15:57:38 | 000,000,965 | ---- | M] () -- C:\Users\Myriam\Desktop\Dropbox.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.20 13:14:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.03.20 11:18:31 | 000,000,806 | ---- | M] () -- C:\Users\Myriam\Desktop\Audacity.lnk
[2013.03.20 10:18:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000015B3.LCS
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.12 18:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Myriam\defogger_reenable
[2013.04.12 17:25:25 | 000,002,016 | ---- | C] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37}
[2013.04.12 12:25:37 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job
[2013.04.12 12:25:36 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job
[2013.04.12 12:25:14 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.12 12:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.20 13:14:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.03.20 11:18:31 | 000,000,806 | ---- | C] () -- C:\Users\Myriam\Desktop\Audacity.lnk
[2013.03.19 17:10:02 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000015B3.LCS
[2013.01.18 16:57:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2012.10.04 20:07:25 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.09.26 21:36:19 | 000,001,574 | ---- | C] () -- C:\Users\Myriam\.recently-used.xbel
[2011.01.27 15:46:48 | 000,000,680 | ---- | C] () -- C:\Users\Myriam\AppData\Local\d3d9caps.dat
[2010.10.27 11:15:55 | 000,001,940 | ---- | C] () -- C:\Users\Myriam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.03.12 14:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Myriam\AppData\Local\fusioncache.dat
[2010.03.10 23:29:52 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.10 23:28:30 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.07 20:10:05 | 039,048,624 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_image32.Cache
[2008.10.07 20:10:04 | 002,375,716 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_audio.Cache
[2008.08.28 17:35:31 | 000,000,270 | ---- | C] () -- C:\Users\Myriam\AppData\Roaming\wklnhst.dat
[2008.08.23 15:19:35 | 000,102,912 | ---- | C] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.10.13 16:52:51 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ankh
[2009.04.11 15:01:49 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ankh - Heart of Osiris
[2013.03.30 19:49:45 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Audacity
[2011.08.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Awem
[2012.02.21 12:50:32 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\com.llingo.tha-l00-trl
[2013.04.11 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Dropbox
[2012.07.11 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\DVDFab
[2009.11.20 01:03:31 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\everlight
[2013.03.01 19:11:19 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\F4
[2011.09.26 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\gtk-2.0
[2010.08.02 01:13:00 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Imperium Romanum
[2013.02.28 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\mp3DirectCut
[2011.03.02 20:40:36 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\MysteryStudio
[2008.12.17 16:37:56 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\NAVIGON
[2011.04.28 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\OpenOffice.org
[2011.08.29 12:11:51 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Peace Craft
[2011.08.28 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\PoBros
[2013.03.19 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\ProtectDisc
[2010.01.15 19:09:32 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\SecondLife
[2008.08.31 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Serif
[2013.04.05 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Temp
[2010.02.24 23:29:53 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Template
[2009.08.16 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\The Longest Journey
[2011.09.14 18:37:03 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Tropico 3
[2011.03.02 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ubisoft
[2010.03.11 00:34:26 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\VistaCodecs
[2009.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Vodafone
[2012.04.07 16:23:06 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\wargaming.net
[2009.09.20 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Wildlife Park 2
[2008.10.06 22:34:22 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\ZLabs
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 12.04.2013 18:09:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,24% Memory free
6,20 Gb Paging File | 3,76 Gb Available in Paging File | 60,65% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 198,03 Gb Free Space | 43,94% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
Drive F: | 596,02 Gb Total Space | 542,09 Gb Free Space | 90,95% Space Free | Partition Type: FAT32
 
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8F8E2D-677E-4047-AA24-CA20D9DE3D74}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0CC2F914-B5BC-4F42-AB32-A4D3311CEDCD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0D39A2B5-68C0-47B7-B6FC-BFCFC468A03A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1246FBDC-1E0B-47FB-BEFA-27750678113B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{46ED7DAB-D7FC-48A2-BACD-DD6E7089D769}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{507D743D-BD98-4431-9746-96229266CF0D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51E40662-C5FB-42D1-991A-4DFD7AAA4816}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{61003B25-8C50-428D-AB20-34758EBAF052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6278AC08-C05C-4659-B674-60A5EABC3B7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6960348A-6A51-44E1-9781-79893ABADB2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B44C1BE-7358-41C9-B4EE-599EBA4A07C7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76B0B33F-F528-4E84-8EDC-B94982E1F27F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7AAB8082-F175-487B-BFEB-60F3065E0F1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{816D2907-EA11-4362-8471-69B8B93AFAA1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{92FFA179-BEF6-42AC-A845-54753E9A1A9E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{A9A941B6-80A4-463C-B872-8441D12A7B82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D28D7570-029C-49F9-923F-C0E7B7F77882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D51247CA-AD98-4616-B05E-4E2A46ED25F3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D9C9BB91-D863-4E02-9610-E8187FC54B64}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery | 
"{E225B8D8-121C-4EFF-95FC-232056FCB729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEB79099-BAC0-41F9-A269-16FD6DA148F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F00DC730-88B6-467A-BAFB-DB64E231F7E1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{F019CF87-942B-42C1-AD85-336605D53FC9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F820B161-F58B-4943-A256-13CC521465A3}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015EAFED-D196-40D7-9BB7-05F7DB0954E8}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{07DC966F-AF57-42F2-93EC-598474FC7D26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{13C46594-FA44-47C4-9EAA-F7F7E282F81A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{17D20452-9800-4DD9-84D3-B2F4EC34184A}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{18AACA02-7B95-4E5A-80ED-85FC8BCA1B7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1E9400D8-BAE5-4B54-819F-E755ADD212C4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{2176A2EE-E56A-48F5-8B5A-59346CE609F4}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{26F75F16-F043-45EA-8308-3A4C8C8C4FA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{30B0C95A-A486-4899-BE43-619A3B15DC7A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{3188185F-2D62-4205-A8C8-B71D734E40DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe | 
"{367650DE-B9EE-44D7-BBC7-87DADEE68E30}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{385A4E4F-3B79-4504-B684-115EC5281BBF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{437CAFD3-5780-456C-B9EE-089A8F708549}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{45F7D31F-9318-4B15-9657-734AC3FB5E67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{4751E395-79B0-4330-96CE-39BD2880BEB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4ACEE7D6-8C43-4D7A-859E-86FED02005EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{55173B6F-586B-424A-A2EB-51D1C1BA4908}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{5674A47E-0EC6-40A5-8688-EF39B3143892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61F4A8BD-E03A-4D43-8937-5C76ADC4B7AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A2521AF-3FF6-4195-AB63-42F7B507F4C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71256B30-870D-481F-AD31-4F33B5D1FF78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7FD5E20B-37B7-4795-A441-3A5003FA32AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FD873D7-B15B-415E-8444-7305B024B4CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{81B0BCCD-3476-4AAC-907A-A993CDD5E84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{8A0B390D-E738-4EAA-8D70-9812AE4FFA18}" = protocol=6 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8D70644F-DDE7-4571-AA65-D5BA9F0E096B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{8E25BCB3-455B-4ED3-B085-6C1C177B5792}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{91B76FAB-B8DA-4F8A-A98B-4D1E3EAA1ADF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{995F8E31-62AE-4A86-B286-E4E9FDB41878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{996C5683-5301-4016-B7BC-3FD8098E0344}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{99A4B8A9-D14E-4038-8E83-1FB7F800C6A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9C28CE91-5AE9-43C9-A9BC-9AE708FF6A22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9F2CEAA9-FD44-4559-9F9D-EFF151050EC3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A0CD47D7-5B95-43D1-B046-53063E706EDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A2993279-8E58-4804-BEB1-6ABC83E03BD9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A3D04630-24B7-4C10-B62F-2DD661C2C750}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{A55E4E44-6B42-49A4-9457-CA1A361821D9}" = protocol=17 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3521D14-5E51-405D-A4A6-A2ACEAB1E914}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9F44E35-E34D-4384-94FE-35A1D8912FA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe | 
"{D26900B8-638F-4C78-92E4-17B718901F31}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{DBE48E50-7845-4C36-BB3B-ABD5A6B87FC8}" = protocol=6 | dir=out | app=system | 
"{E0DAF8DE-1037-4C58-A7F7-F418738E24A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E4154EED-EF2C-47BE-AC8C-754B8E2A1306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9A00FF0-995F-4993-886B-80513749D2AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA4FCE7C-A19A-48DB-A45C-2EF63793E92D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC80D682-CADE-4486-A4A9-610BA5704BE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EEE4C139-2C19-4C13-9A9D-0A6496DEC567}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{F0F471BE-9405-42C3-8C2C-05FFB83D6083}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{F13DA791-72CC-493E-A137-EA6C9DDAD72A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F41EE4B1-AE3B-4144-B6F6-84C838A8D0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4EE3612-6280-4596-998B-8317E2022087}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{FA50FB17-2975-4BB8-8D49-7E05D16073FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FF171E50-BC2F-4CDC-944A-5AD6981DE397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{15EA6954-DC5F-4FFE-9F99-4723A59A7489}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{225AE057-4BFF-4FA9-9C29-7ED5621E80A5}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{3ECFD284-C5C5-4701-B75A-8EF249D05C05}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{43B63FAB-7A1A-4950-ACF7-6E113D7F83D4}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"TCP Query User{4920D7BB-0C6C-431E-9029-79044BD61ED6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{5CB060C1-4B2D-4243-8E58-9E2ABF2B3D43}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{5FCCF948-FB48-4861-9384-51C777EAED63}C:\users\myriam\downloads\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe | 
"TCP Query User{74C8D1F1-4980-4FCC-AF88-532944F43415}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{AB399E19-7F47-4CA3-AD21-6C237236F08A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{C82C56EA-6252-4FB1-9741-F3E9DAC58065}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{CE606602-90A2-4F64-BBBB-6528E452D021}C:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"TCP Query User{D92F0F33-47D8-4046-807E-DF026547032A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{EC4CA91E-1EFD-4171-8730-4E4719D83094}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{00D8DCE6-ABC6-4D4F-B259-123EE5B9B1AE}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{3B2DB38F-F922-44F9-9D86-9B763454FEDB}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{3B3A35D8-42E0-4E73-9280-13D50C5F90D0}C:\users\myriam\downloads\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe | 
"UDP Query User{3C83304D-6010-4FD6-A2FC-F4B1FBABB74C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{3D4E8D28-6583-4F3F-ABB6-61F7D0BB8D33}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{50AA09BD-BFA4-431F-816C-98CE0E2F3BDC}C:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"UDP Query User{646E7007-8F04-4A61-8FDC-183EAABC9BAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{65AC74DF-E366-4912-BAF3-5BF615C5F6D5}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{6D0E4FAD-8789-4B9C-9BE4-8297132442D7}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{A6A49604-E714-4DDE-BF26-AC964A7569B6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{B8AE7ACA-D04F-476E-8479-26BA1A0A5F67}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{D8E4F352-81EC-4EDD-8008-23D8FEA2607D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{FF3DD940-C197-4E0A-885B-83B62874F008}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07222CAA-F008-48D1-B09F-3F23FCCD610C}" = IBM SPSS Statistics 19 Help Packs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = Kodak All-in-One-Druckersoftware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Bink and Smacker" = Bink and Smacker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"f42012" = f4 2012
"Google Desktop" = Google Desktop
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NAVIGON Fresh" = NAVIGON Fresh 1.6.2
"NAVIGON Sync" = NAVIGON Sync 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.07.2010 06:08:21 | Computer Name = Myriam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EKDiscovery.exe, Version 4.0.0.1, Zeitstempel
 0x499f1d83, fehlerhaftes Modul EKDiscovery.exe, Version 4.0.0.1, Zeitstempel 0x499f1d83,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00008e30,  Prozess-ID 0x”±Ú ”±Ú $, Anwendungsstartzeit
 ”±Ú ”±Ú $.
 
Error - 14.07.2010 06:42:46 | Computer Name = Myriam-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 14.07.2010 06:43:59 | Computer Name = Myriam-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2010 06:46:59 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:47:05 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:47:12 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:47:32 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:47:35 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:48:41 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:50:30 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 06:57:33 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.07.2010 09:55:40 | Computer Name = Myriam-PC | Source = Application Error | ID = 1000
 
Error encountered while reading event logs.
 
< End of report >
         
GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 21:32:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys


---- System - GMER 2.1 ----

SSDT            885AAF10                                                                                                             ZwAlertResumeThread
SSDT            885AAFD0                                                                                                             ZwAlertThread
SSDT            84B5D050                                                                                                             ZwAllocateVirtualMemory
SSDT            884AB740                                                                                                             ZwAlpcConnectPort
SSDT            885AA528                                                                                                             ZwAssignProcessToJobObject
SSDT            885A5C70                                                                                                             ZwCreateMutant
SSDT            885AA248                                                                                                             ZwCreateSymbolicLinkObject
SSDT            87C195A0                                                                                                             ZwCreateThread
SSDT            889DA400                                                                                                             ZwDebugActiveProcess
SSDT            884A7290                                                                                                             ZwDuplicateObject
SSDT            885A8E48                                                                                                             ZwFreeVirtualMemory
SSDT            885A5D60                                                                                                             ZwImpersonateAnonymousToken
SSDT            885AA910                                                                                                             ZwImpersonateThread
SSDT            884AB6A8                                                                                                             ZwLoadDriver
SSDT            885A8D68                                                                                                             ZwMapViewOfSection
SSDT            87C1BF48                                                                                                             ZwOpenEvent
SSDT            883AD308                                                                                                             ZwOpenProcess
SSDT            87C2D588                                                                                                             ZwOpenProcessToken
SSDT            87C6C1B8                                                                                                             ZwOpenSection
SSDT            87C2D5C0                                                                                                             ZwOpenThread
SSDT            885AA438                                                                                                             ZwProtectVirtualMemory
SSDT            885BCB70                                                                                                             ZwResumeThread
SSDT            885B8C98                                                                                                             ZwSetContextThread
SSDT            885B8D58                                                                                                             ZwSetInformationProcess
SSDT            889DA4C0                                                                                                             ZwSetSystemInformation
SSDT            87C1BE88                                                                                                             ZwSuspendProcess
SSDT            885BC930                                                                                                             ZwSuspendThread
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                                   ZwTerminateProcess [0xDD54A640]
SSDT            885BC9F0                                                                                                             ZwTerminateThread
SSDT            885B8F48                                                                                                             ZwUnmapViewOfSection
SSDT            885AADB0                                                                                                             ZwWriteVirtualMemory
SSDT            885AA338                                                                                                             ZwCreateThreadEx

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                                        826B4860 8 Bytes  [10, AF, 5A, 88, D0, AF, 5A, ...]
.text           ntkrnlpa.exe!KeSetEvent + 131                                                                                        826B4874 4 Bytes  [50, D0, B5, 84]
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                        826B4880 4 Bytes  [40, B7, 4A, 88]
.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                        826B48D4 4 Bytes  [28, A5, 5A, 88]
.text           ntkrnlpa.exe!KeSetEvent + 1F5                                                                                        826B4938 4 Bytes  [70, 5C, 5A, 88]
.text           ...                                                                                                                  
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                             entry point in ".vmp2" section [0xA92FB69D]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateFile + 6               7743424A 4 Bytes  [28, 68, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateFile + B               7743424F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateKey + 6                7743428A 4 Bytes  [68, 69, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateKey + B                7743428F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateMutant + 6             774342BA 4 Bytes  [28, 6A, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateMutant + B             774342BF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateSection + 6            7743433A 4 Bytes  [68, 6A, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateSection + B            7743433F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtMapViewOfSection + 6         7743499A 4 Bytes  [A8, 6C, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtMapViewOfSection + B         7743499F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenFile + 6                 77434A2A 4 Bytes  [68, 68, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenFile + B                 77434A2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenKey + 6                  77434A5A 4 Bytes  [A8, 69, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenKey + B                  77434A5F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenMutant + B               77434A7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcess + 6              77434AAA 4 Bytes  [28, 6B, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcess + B              77434AAF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessToken + 6         77434ABA 4 Bytes  [68, 6B, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessToken + B         77434ABF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessTokenEx + 6       77434ACA 4 Bytes  [28, 6C, 06, 00] {SUB [ESI+EAX+0x0], CH}
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessTokenEx + B       77434ACF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenSection + 6              77434ADA 4 Bytes  [A8, 6A, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenSection + B              77434ADF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThread + B               77434B1F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadToken + B          77434B2F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadTokenEx + 6        77434B3A 4 Bytes  [68, 6C, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadTokenEx + B        77434B3F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryAttributesFile + 6      77434BCA 4 Bytes  [A8, 68, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryAttributesFile + B      77434BCF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryFullAttributesFile + B  77434C7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationFile + 6       7743515A 4 Bytes  [28, 69, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationFile + B       7743515F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationThread + 6     774351AA 4 Bytes  [A8, 6B, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationThread + B     774351AF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtUnmapViewOfSection + B       7743544F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateProcessW              76151BF3 5 Bytes  JMP 000800B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateProcessA              76151C28 5 Bytes  JMP 000800F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!OpenEventW                  7616C023 5 Bytes  JMP 00080070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateEventW                7619B85E 5 Bytes  JMP 00080030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!DeleteObject                   77385A37 5 Bytes  JMP 000B01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetDeviceCaps                  7738617F 5 Bytes  JMP 000B03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectObject                   773862A0 5 Bytes  JMP 000B05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetTextColor                   7738666B 5 Bytes  JMP 000B0A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetBkMode                      77386716 5 Bytes  JMP 000B08F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!DeleteDC                       773868CD 5 Bytes  JMP 000B0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetCurrentObject               77386B58 5 Bytes  JMP 000B0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetStretchBltMode              77387206 5 Bytes  JMP 000B06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SaveDC                         773875BA 5 Bytes  JMP 000B0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!RestoreDC                      77387675 5 Bytes  JMP 000B0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StretchDIBits                  773878CF 5 Bytes  JMP 000B0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtSelectClipRgn               773879F8 5 Bytes  JMP 000B02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectClipRgn                  77387AF9 5 Bytes  JMP 000B05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!MoveToEx                       77387C33 5 Bytes  JMP 000B0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!Rectangle                      77387EA9 5 Bytes  JMP 000B09B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextAlign                   773882E0 5 Bytes  JMP 000B0D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetTextAlign                   773885CB 5 Bytes  JMP 000B09F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtTextOutW                    7738872B 5 Bytes  JMP 000B0970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextMetricsW                77388A81 5 Bytes  JMP 000B0E30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!IntersectClipRect              77388B64 5 Bytes  JMP 000B03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetClipBox                     77389071 5 Bytes  JMP 000B0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetICMMode                     773894E7 5 Bytes  JMP 000B0DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateDCW                      7738A91D 5 Bytes  JMP 000B00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateDCA                      7738AA49 5 Bytes  JMP 000B00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateICW                      7738B2E9 5 Bytes  JMP 000B0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextFaceW                   7738B637 5 Bytes  JMP 000B0D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetFontData                    7738BA6C 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetFontData                    7738BA6C 5 Bytes  JMP 000B0C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextExtentPoint32W          7738C01A 5 Bytes  JMP 000B0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetWorldTransform              7738C46A 5 Bytes  JMP 000B06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!LineTo                         7738C65E 5 Bytes  JMP 000B0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextMetricsA                7738CCEB 5 Bytes  JMP 000B0DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtTextOutA                    773900A5 5 Bytes  JMP 000B0930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextExtentPoint32A          77390E58 5 Bytes  JMP 000B0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtEscape                      773922A7 5 Bytes  JMP 000B02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!Escape                         773927F1 5 Bytes  JMP 000B0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ResetDCW                       77393132 5 Bytes  JMP 000B0AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndPage                        7739375E 5 Bytes  JMP 000B0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetPolyFillMode                773961D3 5 Bytes  JMP 000B0B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetMiterLimit                  773962E2 5 Bytes  JMP 000B0B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextFaceA                   7739F4C5 5 Bytes  JMP 000B0CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetGlyphOutlineW               773AA41F 5 Bytes  JMP 000B0CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateScalableFontResourceW    773AC88B 5 Bytes  JMP 000B0BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!AddFontResourceW               773ACC93 5 Bytes  JMP 000B0BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!RemoveFontResourceW            773AD129 5 Bytes  JMP 000B0C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!AbortDoc                       773B2CC4 5 Bytes  JMP 000B0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndDoc                         773B30D8 5 Bytes  JMP 000B01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StartPage                      773B31C3 5 Bytes  JMP 000B0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StartDocW                      773B3CA7 5 Bytes  JMP 000B07F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!BeginPath                      773B4465 5 Bytes  JMP 000B0830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectClipPath                 773B44BC 5 Bytes  JMP 000B0AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CloseFigure                    773B4517 5 Bytes  JMP 000B0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndPath                        773B456E 5 Bytes  JMP 000B0A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StrokePath                     773B47A0 5 Bytes  JMP 000B07B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!FillPath                       773B482C 5 Bytes  JMP 000B0870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolylineTo                     773B4C95 5 Bytes  JMP 000B04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolyBezierTo                   773B4D25 5 Bytes  JMP 000B04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolyDraw                       773B4DD6 5 Bytes  JMP 000B08B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetCursor                     75A7D37D 5 Bytes  JMP 000C0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatW      75A7D6AC 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatW      75A7D6AC 5 Bytes  JMP 000C02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ActivateKeyboardLayout        75A8478C 5 Bytes  JMP 000C04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!IsWindowVisible               75A8878A 7 Bytes  JMP 000C06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!MonitorFromWindow             75A888D4 7 Bytes  JMP 000C0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ScreenToClient                75A88C56 7 Bytes  JMP 000C0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClientRect                 75A88F0D 7 Bytes  JMP 000C05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetParent                     75A890AA 7 Bytes  JMP 000C06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatA      75A8A111 5 Bytes  JMP 000C02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!PostMessageW                  75A8A175 5 Bytes  JMP 000C05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!MapWindowPoints               75A8A30D 5 Bytes  JMP 000C0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardFormatNameA       75A8A552 5 Bytes  JMP 000C0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetOpenClipboardWindow        75A926A6 5 Bytes  JMP 000C03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetClipboardViewer            75A9BA2D 5 Bytes  JMP 000C04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!IsClipboardFormatAvailable    75A9C2E3 5 Bytes  JMP 000C00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!CloseClipboard                75A9C2F7 5 Bytes  JMP 000C00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!OpenClipboard                 75A9C31D 5 Bytes  JMP 000C0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetTopWindow                  75A9CE0A 7 Bytes  JMP 000C0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardSequenceNumber    75A9D8B7 5 Bytes  JMP 000C0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ChangeClipboardChain          75A9DF83 5 Bytes  JMP 000C0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!CountClipboardFormats         75AA0048 5 Bytes  JMP 000C01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardOwner             75AA26EF 5 Bytes  JMP 000C0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetClipboardData              75AB6410 5 Bytes  JMP 000C0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!EnumClipboardFormats          75AB6D16 5 Bytes  JMP 000C01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetCursorPos                  75AB6FB2 5 Bytes  JMP 000C0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardData              75AB715A 5 Bytes  JMP 000C0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardFormatNameW       75ABA99F 5 Bytes  JMP 000C0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!EmptyClipboard                75AD398B 5 Bytes  JMP 000C0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardViewer            75AD39ED 5 Bytes  JMP 000C0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetPriorityClipboardFormat    75AD3AEF 5 Bytes  JMP 000C03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleGetClipboard                762A74C9 5 Bytes  JMP 000D00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleSetClipboard                762D11E3 5 Bytes  JMP 000D0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleIsCurrentClipboard          762DA8F9 5 Bytes  JMP 000D0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!FreeContextBuffer            75902D83 5 Bytes  JMP 000F00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!DeleteSecurityContext        75902F18 5 Bytes  JMP 000F0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!FreeCredentialsHandle        75903598 5 Bytes  JMP 000F0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!EncryptMessage               75903745 5 Bytes  JMP 000F01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!DecryptMessage               75903813 5 Bytes  JMP 000F0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!InitializeSecurityContextA   759087DF 5 Bytes  JMP 000F0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!AcquireCredentialsHandleA    75908A43 5 Bytes  JMP 000F0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!QueryContextAttributesA      75908E77 5 Bytes  JMP 000F0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!ApplyControlToken            7590DE4F 5 Bytes  JMP 000F01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!QueryCredentialsAttributesA  7590E052 5 Bytes  JMP 000F00B0 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!InSendMessageEx + 4C9                         75A7E7C8 7 Bytes  JMP 59B343E6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!CreateWindowExW + AA                          75A813AF 7 Bytes  JMP 59B34375 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!GetWindowInfo                                 75A8428E 5 Bytes  JMP 5977E50D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!SetMenuItemBitmaps + 71                       75A914EE 7 Bytes  JMP 5977E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[7716] ntdll.dll!LdrLoadDll                                              773F9378 5 Bytes  JMP 595A6D70 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!HeapSetInformation + 26                              7617A8B0 7 Bytes  JMP 595C1C62 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!LockResource + C                                     76196ACB 7 Bytes  JMP 598FD713 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!VirtualAllocEx + 54                                  7619AF50 7 Bytes  JMP 598FD736 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[7716] USER32.dll!GetWindowInfo                                          75A8428E 5 Bytes  JMP 59786045 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[7716] GDI32.dll!SetStretchBltMode + 256                                 7738745C 7 Bytes  JMP 598FD694 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

Device          \Driver\BTHUSB \Device\0000008e                                                                                      bthport.sys

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                              SYMTDIV.SYS

Device          \Driver\BTHUSB \Device\0000008c                                                                                      bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                             fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccc83fe                                          
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ccc83fe (not active ControlSet)                      

---- EOF - GMER 2.1 ----
         
Ich hoffe das war jetzt alles an Vorbereitung und ich hab nix mehr übersehen
lg Myriam

Alt 13.04.2013, 17:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 13.04.2013, 19:46   #3
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Hallo Cosinus,

vielen Dank schon mal für deine Hilfe. Ich bin grad in der Arbeit, bin aber morgen Nachmittag wieder daheim und setz mich dann gleich dran!

Noch ein Update zur Yahoo-Situation:

Bisher keine neuen Mails mehr rausgegangen, kurzzeitige Sperrung durch Yahoo wegen verdächtigen Aktivitäten. PW erneut geändert.

Kann bei Yahoo letzte Anmeldeaktivitäten einsehen: einige Minuten bevor die Spam-Mails rausgingen hat sich ne IP in Malaysia eingeloggt: 183.78.27.168. Wenn ich jetzt mit meinem Heim-PC in Yahoo gegangen bin wurde eine IP in Canada angezeigt. Fehler? Oder heißt das ich hab definitiv was im System? Die canadische IP wird erst seit dem Malaysia-Login angezeigt. Kann aber nicht sicher sagen, ob sich das verändert hat, oder die Daten nicht weit genug zurück angezeigt werden...

Edit: Das mit der canadischen IP könnte mit dem LTE von Vodafone zusammenhängen. Hab da ähnliches hier (hxxp://www.boerse.bz/hard-software/netzwerk-internetzugaenge-und-router/1302676-ip-problem.html) gefunden. Also wäre es eventuell möglich dass meine IP immer kanadisch ist, wenn ich mich nicht ins VPN einlogge (hab ich mich gestern nicht mehr getraut um nicht noch mehr Passwörter zu verraten). Wieder was gelernt. Sorry hab mich mit IP-Adressen bis jetzt so gut wie garnicht beschäftigt. Und das heißt eventuell besteht doch tatsächlich eventuell die Hoffnung dass mein System garnicht übernommen wurde, sonden "nur" der Mailaccount...
Ich will aber unbedingt auf Nummer sicher gehen!!

Nochmal vielen Dank und bis morgen!
lg Myriam

So alle Scans erledigt. Sieht eigentlich gut aus oder?

MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.14.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
Myriam :: MYRIAM-PC [administrator]

14.04.2013 16:36:01
mbar-log-2013-04-14 (16-36-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27530
Time elapsed: 31 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-14 16:40:34
-----------------------------
16:40:34.923    OS Version: Windows 6.0.6002 Service Pack 2
16:40:34.923    Number of processors: 4 586 0xF0B
16:40:34.926    ComputerName: MYRIAM-PC  UserName: Myriam
16:40:38.421    Initialize success
16:42:09.952    AVAST engine defs: 13041400
16:42:14.447    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:42:14.450    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 3
16:42:14.635    Disk 0 MBR read successfully
16:42:14.638    Disk 0 MBR scan
16:42:14.683    Disk 0 Windows VISTA default MBR code
16:42:14.686    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       70 MB offset 63
16:42:14.726    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15360 MB offset 145408
16:42:14.743    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       461508 MB offset 31602688
16:42:14.771    Disk 0 scanning sectors +976771072
16:42:14.849    Disk 0 scanning C:\Windows\system32\drivers
16:42:32.745    Service scanning
16:42:55.375    Modules scanning
16:43:06.867    Disk 0 trace - called modules:
16:43:06.887    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
16:43:06.895    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87253ac8]
16:43:06.902    3 CLASSPNP.SYS[8afa28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86546028]
16:43:10.286    AVAST engine scan C:\Windows
16:43:17.642    AVAST engine scan C:\Windows\system32
16:48:54.510    AVAST engine scan C:\Windows\system32\drivers
16:49:56.234    AVAST engine scan C:\Users\Myriam
17:47:13.306    AVAST engine scan C:\ProgramData
17:56:23.982    Scan finished successfully
17:59:30.633    Disk 0 MBR has been saved successfully to "C:\Users\Myriam\Desktop\MBR.dat"
17:59:30.641    The log file has been saved successfully to "C:\Users\Myriam\Desktop\aswMBR.txt"
         
TDSS
Code:
ATTFilter
18:01:41.0106 3804  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:01:41.0463 3804  ============================================================
18:01:41.0463 3804  Current date / time: 2013/04/14 18:01:41.0463
18:01:41.0463 3804  SystemInfo:
18:01:41.0463 3804  
18:01:41.0463 3804  OS Version: 6.0.6002 ServicePack: 2.0
18:01:41.0463 3804  Product type: Workstation
18:01:41.0464 3804  ComputerName: MYRIAM-PC
18:01:41.0464 3804  UserName: Myriam
18:01:41.0464 3804  Windows directory: C:\Windows
18:01:41.0464 3804  System windows directory: C:\Windows
18:01:41.0464 3804  Processor architecture: Intel x86
18:01:41.0464 3804  Number of processors: 4
18:01:41.0464 3804  Page size: 0x1000
18:01:41.0464 3804  Boot type: Normal boot
18:01:41.0464 3804  ============================================================
18:01:42.0372 3804  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:01:42.0413 3804  ============================================================
18:01:42.0413 3804  \Device\Harddisk0\DR0:
18:01:42.0414 3804  MBR partitions:
18:01:42.0414 3804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
18:01:42.0414 3804  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x38562000
18:01:42.0414 3804  ============================================================
18:01:42.0465 3804  C: <-> \Device\Harddisk0\DR0\Partition2
18:01:42.0513 3804  D: <-> \Device\Harddisk0\DR0\Partition1
18:01:42.0513 3804  ============================================================
18:01:42.0513 3804  Initialize success
18:01:42.0513 3804  ============================================================
18:04:23.0927 2924  ============================================================
18:04:23.0927 2924  Scan started
18:04:23.0927 2924  Mode: Manual; SigCheck; TDLFS; 
18:04:23.0927 2924  ============================================================
18:04:26.0684 2924  ================ Scan system memory ========================
18:04:26.0684 2924  System memory - ok
18:04:26.0685 2924  ================ Scan services =============================
18:04:27.0160 2924  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:04:27.0289 2924  !SASCORE - ok
18:04:28.0993 2924  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
18:04:29.0149 2924  acedrv11 - ok
18:04:29.0247 2924  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:04:29.0285 2924  ACPI - ok
18:04:29.0332 2924  [ D2523D28674B03976AFC1AB6EF712F27 ] acsint          C:\Windows\system32\DRIVERS\acsint.sys
18:04:29.0456 2924  acsint - ok
18:04:29.0525 2924  [ 9A7D29DAE24A01DCD33D8F563559B3AB ] acsmux          C:\Windows\system32\DRIVERS\acsmux.sys
18:04:29.0622 2924  acsmux - ok
18:04:29.0862 2924  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:04:30.0070 2924  adp94xx - ok
18:04:30.0155 2924  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:04:30.0193 2924  adpahci - ok
18:04:30.0220 2924  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:04:30.0275 2924  adpu160m - ok
18:04:30.0361 2924  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:04:30.0389 2924  adpu320 - ok
18:04:30.0463 2924  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:04:31.0160 2924  AeLookupSvc - ok
18:04:31.0207 2924  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
18:04:31.0300 2924  AFD - ok
18:04:31.0355 2924  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:04:31.0405 2924  agp440 - ok
18:04:31.0443 2924  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:04:31.0512 2924  aic78xx - ok
18:04:31.0561 2924  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:04:31.0726 2924  ALG - ok
18:04:31.0743 2924  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:04:31.0756 2924  aliide - ok
18:04:31.0776 2924  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:04:31.0789 2924  amdagp - ok
18:04:31.0800 2924  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:04:31.0813 2924  amdide - ok
18:04:31.0836 2924  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:04:31.0888 2924  AmdK7 - ok
18:04:31.0906 2924  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:04:31.0930 2924  AmdK8 - ok
18:04:31.0971 2924  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:04:32.0098 2924  Appinfo - ok
18:04:32.0139 2924  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
18:04:32.0165 2924  arc - ok
18:04:32.0187 2924  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:04:32.0202 2924  arcsas - ok
18:04:32.0292 2924  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:04:32.0393 2924  aspnet_state - ok
18:04:32.0413 2924  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:32.0470 2924  AsyncMac - ok
18:04:32.0528 2924  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:04:32.0541 2924  atapi - ok
18:04:32.0585 2924  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:32.0644 2924  AudioEndpointBuilder - ok
18:04:32.0658 2924  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:04:32.0679 2924  Audiosrv - ok
18:04:32.0726 2924  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:04:32.0771 2924  Beep - ok
18:04:32.0813 2924  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
18:04:32.0867 2924  BFE - ok
18:04:33.0188 2924  [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
18:04:33.0231 2924  BHDrvx86 - ok
18:04:33.0353 2924  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
18:04:33.0523 2924  BITS - ok
18:04:33.0594 2924  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:04:33.0618 2924  blbdrive - ok
18:04:33.0802 2924  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:33.0828 2924  Bonjour Service - ok
18:04:33.0862 2924  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:04:33.0994 2924  bowser - ok
18:04:34.0032 2924  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:04:34.0074 2924  BrFiltLo - ok
18:04:34.0103 2924  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:04:34.0162 2924  BrFiltUp - ok
18:04:34.0195 2924  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:04:34.0272 2924  Browser - ok
18:04:34.0305 2924  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:04:34.0465 2924  Brserid - ok
18:04:34.0495 2924  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:04:34.0539 2924  BrSerWdm - ok
18:04:34.0580 2924  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:04:34.0658 2924  BrUsbMdm - ok
18:04:34.0677 2924  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:04:34.0739 2924  BrUsbSer - ok
18:04:34.0788 2924  [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
18:04:34.0895 2924  BTCFilterService - ok
18:04:34.0965 2924  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
18:04:35.0037 2924  BthEnum - ok
18:04:35.0086 2924  [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:04:35.0128 2924  BTHMODEM - ok
18:04:35.0159 2924  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:04:35.0212 2924  BthPan - ok
18:04:35.0347 2924  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
18:04:35.0401 2924  BTHPORT - ok
18:04:35.0499 2924  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
18:04:35.0577 2924  BthServ - ok
18:04:35.0604 2924  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
18:04:35.0655 2924  BTHUSB - ok
18:04:35.0719 2924  [ FC23E3A7AE18B02DCC1A34CBEF3F80AF ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:04:35.0732 2924  btwaudio - ok
18:04:35.0757 2924  [ 5E14C92763E51130BFB9A670AFD7EDDF ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
18:04:35.0769 2924  btwavdt - ok
18:04:35.0790 2924  [ AC3FD5A3BBFA114098F75B80C4C1F3E7 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:04:35.0801 2924  btwrchid - ok
18:04:35.0977 2924  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV       C:\Windows\system32\drivers\NAV\1309010.00E\ccSetx86.sys
18:04:35.0995 2924  ccSet_NAV - ok
18:04:36.0036 2924  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:04:36.0087 2924  cdfs - ok
18:04:36.0137 2924  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:04:36.0212 2924  cdrom - ok
18:04:36.0262 2924  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:04:36.0321 2924  CertPropSvc - ok
18:04:36.0347 2924  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
18:04:36.0414 2924  circlass - ok
18:04:36.0486 2924  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
18:04:36.0534 2924  CLFS - ok
18:04:36.0614 2924  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:36.0631 2924  clr_optimization_v2.0.50727_32 - ok
18:04:36.0674 2924  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:36.0745 2924  clr_optimization_v4.0.30319_32 - ok
18:04:36.0757 2924  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:04:36.0770 2924  cmdide - ok
18:04:36.0781 2924  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:04:36.0795 2924  Compbatt - ok
18:04:36.0799 2924  COMSysApp - ok
18:04:36.0804 2924  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:04:36.0817 2924  crcdisk - ok
18:04:36.0835 2924  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:04:36.0896 2924  Crusoe - ok
18:04:36.0938 2924  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:04:37.0084 2924  CryptSvc - ok
18:04:37.0221 2924  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:04:37.0299 2924  DcomLaunch - ok
18:04:37.0330 2924  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:04:37.0401 2924  DfsC - ok
18:04:37.0496 2924  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
18:04:37.0661 2924  DFSR - ok
18:04:37.0726 2924  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:04:37.0778 2924  Dhcp - ok
18:04:37.0830 2924  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
18:04:37.0845 2924  disk - ok
18:04:37.0879 2924  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:04:37.0988 2924  Dnscache - ok
18:04:38.0142 2924  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:04:38.0213 2924  dot3svc - ok
18:04:38.0248 2924  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
18:04:38.0298 2924  DPS - ok
18:04:38.0334 2924  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:04:38.0390 2924  drmkaud - ok
18:04:38.0557 2924  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:04:38.0644 2924  DXGKrnl - ok
18:04:38.0690 2924  [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
18:04:38.0706 2924  e1express - ok
18:04:38.0753 2924  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:04:38.0803 2924  E1G60 - ok
18:04:38.0845 2924  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:04:38.0891 2924  EapHost - ok
18:04:38.0948 2924  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:04:38.0964 2924  Ecache - ok
18:04:39.0328 2924  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:04:39.0356 2924  eeCtrl - ok
18:04:39.0498 2924  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:04:39.0595 2924  ehRecvr - ok
18:04:39.0635 2924  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
18:04:39.0801 2924  ehSched - ok
18:04:39.0813 2924  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:04:39.0861 2924  ehstart - ok
18:04:39.0927 2924  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:04:39.0960 2924  elxstor - ok
18:04:40.0063 2924  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:04:40.0179 2924  EMDMgmt - ok
18:04:40.0221 2924  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
18:04:40.0232 2924  EraserUtilDrv11220 - ok
18:04:40.0260 2924  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:04:40.0303 2924  ErrDev - ok
18:04:40.0346 2924  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
18:04:40.0395 2924  EventSystem - ok
18:04:40.0475 2924  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
18:04:40.0572 2924  exfat - ok
18:04:40.0619 2924  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:04:40.0671 2924  fastfat - ok
18:04:40.0691 2924  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:04:40.0740 2924  fdc - ok
18:04:40.0776 2924  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:04:40.0827 2924  fdPHost - ok
18:04:40.0873 2924  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:04:40.0932 2924  FDResPub - ok
18:04:40.0992 2924  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:04:41.0007 2924  FileInfo - ok
18:04:41.0048 2924  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:04:41.0114 2924  Filetrace - ok
18:04:41.0133 2924  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:41.0216 2924  flpydisk - ok
18:04:41.0331 2924  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:04:41.0348 2924  FltMgr - ok
18:04:41.0430 2924  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
18:04:41.0621 2924  FontCache - ok
18:04:41.0739 2924  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:41.0754 2924  FontCache3.0.0.0 - ok
18:04:41.0837 2924  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:04:41.0942 2924  Fs_Rec - ok
18:04:41.0991 2924  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:04:42.0031 2924  gagp30kx - ok
18:04:42.0077 2924  [ 52ADA45F60D6382C9B3C52826CDB9D26 ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
18:04:42.0117 2924  ggsemc ( UnsignedFile.Multi.Generic ) - warning
18:04:42.0117 2924  ggsemc - detected UnsignedFile.Multi.Generic (1)
18:04:42.0191 2924  [ FF0E0E6E5768B82BEAD44BFBCB9BDFE6 ] GoogleDesktopManager-010708-104812 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:04:42.0202 2924  GoogleDesktopManager-010708-104812 - ok
18:04:42.0407 2924  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:04:42.0534 2924  gpsvc - ok
18:04:42.0580 2924  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:04:42.0593 2924  gupdate - ok
18:04:42.0598 2924  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:04:42.0608 2924  gupdatem - ok
18:04:42.0675 2924  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:42.0769 2924  HdAudAddService - ok
18:04:42.0875 2924  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:04:43.0045 2924  HDAudBus - ok
18:04:43.0114 2924  [ 204C3B1846E9CBAAEF88B8E1F86782F8 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:04:43.0185 2924  HidBth - ok
18:04:43.0240 2924  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:04:43.0338 2924  HidIr - ok
18:04:43.0370 2924  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
18:04:43.0431 2924  hidserv - ok
18:04:43.0464 2924  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:04:43.0516 2924  HidUsb - ok
18:04:43.0558 2924  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:04:43.0648 2924  hkmsvc - ok
18:04:43.0676 2924  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:04:43.0709 2924  HpCISSs - ok
18:04:43.0928 2924  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:04:43.0999 2924  HTTP - ok
18:04:44.0053 2924  [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:04:44.0149 2924  hwdatacard - ok
18:04:44.0165 2924  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:04:44.0178 2924  i2omp - ok
18:04:44.0215 2924  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:44.0270 2924  i8042prt - ok
18:04:44.0671 2924  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:04:44.0722 2924  IAANTMON - ok
18:04:44.0755 2924  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\drivers\iastor.sys
18:04:44.0771 2924  iaStor - ok
18:04:44.0834 2924  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:04:44.0928 2924  iaStorV - ok
18:04:45.0013 2924  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:04:45.0059 2924  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:04:45.0059 2924  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:04:45.0149 2924  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:45.0253 2924  idsvc - ok
18:04:45.0547 2924  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130412.001\IDSvix86.sys
18:04:45.0630 2924  IDSVix86 - ok
18:04:45.0647 2924  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:04:45.0672 2924  iirsp - ok
18:04:45.0715 2924  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:04:45.0791 2924  IKEEXT - ok
18:04:45.0842 2924  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:04:45.0855 2924  intelide - ok
18:04:45.0879 2924  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:04:45.0938 2924  intelppm - ok
18:04:45.0993 2924  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:04:46.0121 2924  IPBusEnum - ok
18:04:46.0142 2924  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:46.0198 2924  IpFilterDriver - ok
18:04:46.0259 2924  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:04:46.0368 2924  iphlpsvc - ok
18:04:46.0372 2924  IpInIp - ok
18:04:46.0384 2924  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:04:46.0408 2924  IPMIDRV - ok
18:04:46.0423 2924  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:04:46.0449 2924  IPNAT - ok
18:04:46.0459 2924  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:04:46.0483 2924  IRENUM - ok
18:04:46.0536 2924  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:04:46.0560 2924  isapnp - ok
18:04:46.0593 2924  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:04:46.0622 2924  iScsiPrt - ok
18:04:46.0652 2924  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:04:46.0664 2924  iteatapi - ok
18:04:46.0701 2924  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:04:46.0714 2924  iteraid - ok
18:04:47.0089 2924  jnv4_mib - ok
18:04:47.0100 2924  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:47.0113 2924  kbdclass - ok
18:04:47.0253 2924  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:47.0308 2924  kbdhid - ok
18:04:47.0432 2924  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
18:04:47.0570 2924  KeyIso - ok
18:04:47.0741 2924  [ EAEF6257EEAD7CDAD19ECE129DE2FAEA ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
18:04:47.0778 2924  Kodak AiO Network Discovery Service - ok
18:04:47.0832 2924  [ 9999AE8ACE65298C56E89100F6483292 ] KodakSvc        C:\Program Files\Kodak\AiO\center\KodakSvc.exe
18:04:47.0871 2924  KodakSvc ( UnsignedFile.Multi.Generic ) - warning
18:04:47.0871 2924  KodakSvc - detected UnsignedFile.Multi.Generic (1)
18:04:47.0909 2924  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:04:47.0970 2924  KSecDD - ok
18:04:48.0009 2924  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:04:48.0086 2924  KtmRm - ok
18:04:48.0119 2924  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:04:48.0221 2924  LanmanServer - ok
18:04:48.0314 2924  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:48.0402 2924  LanmanWorkstation - ok
18:04:48.0490 2924  [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ         C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
18:04:48.0502 2924  LBTServ - ok
18:04:48.0574 2924  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
18:04:48.0611 2924  LGBusEnum - ok
18:04:48.0687 2924  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
18:04:48.0718 2924  LGVirHid - ok
18:04:48.0756 2924  [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:04:48.0767 2924  LHidFilt - ok
18:04:48.0796 2924  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:04:48.0866 2924  lltdio - ok
18:04:48.0995 2924  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:04:49.0023 2924  lltdsvc - ok
18:04:49.0037 2924  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:04:49.0076 2924  lmhosts - ok
18:04:49.0198 2924  [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:04:49.0234 2924  LMouFilt - ok
18:04:49.0271 2924  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:04:49.0313 2924  LSI_FC - ok
18:04:49.0329 2924  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:04:49.0343 2924  LSI_SAS - ok
18:04:49.0368 2924  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:04:49.0428 2924  LSI_SCSI - ok
18:04:49.0452 2924  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:04:49.0510 2924  luafv - ok
18:04:49.0535 2924  massfilter - ok
18:04:49.0604 2924  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:04:49.0617 2924  MBAMProtector - ok
18:04:49.0735 2924  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:04:49.0833 2924  MBAMScheduler - ok
18:04:49.0862 2924  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:49.0931 2924  MBAMService - ok
18:04:49.0969 2924  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:04:50.0053 2924  Mcx2Svc - ok
18:04:50.0109 2924  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:04:50.0123 2924  megasas - ok
18:04:50.0160 2924  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:04:50.0182 2924  MegaSR - ok
18:04:50.0198 2924  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:04:50.0261 2924  MMCSS - ok
18:04:50.0287 2924  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:04:50.0362 2924  Modem - ok
18:04:50.0397 2924  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:04:50.0461 2924  monitor - ok
18:04:50.0519 2924  [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
18:04:50.0598 2924  motccgp - ok
18:04:50.0695 2924  [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
18:04:50.0736 2924  motccgpfl - ok
18:04:50.0801 2924  [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
18:04:50.0878 2924  motmodem - ok
18:04:51.0072 2924  [ 3BBC6C2402242401F791548AAEBF3D39 ] MotoHelper      C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
18:04:51.0087 2924  MotoHelper - ok
18:04:51.0125 2924  [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
18:04:51.0178 2924  MotoSwitchService - ok
18:04:51.0204 2924  [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
18:04:51.0248 2924  Motousbnet - ok
18:04:51.0330 2924  [ F18898D418F43E74A93EDC57E1F28BC9 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
18:04:51.0441 2924  motusbdevice - ok
18:04:51.0463 2924  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:04:51.0476 2924  mouclass - ok
18:04:51.0509 2924  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:04:51.0552 2924  mouhid - ok
18:04:51.0578 2924  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:04:51.0592 2924  MountMgr - ok
18:04:51.0660 2924  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:51.0723 2924  MozillaMaintenance - ok
18:04:51.0774 2924  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:04:51.0789 2924  mpio - ok
18:04:51.0814 2924  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:04:51.0876 2924  mpsdrv - ok
18:04:52.0140 2924  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:04:52.0203 2924  MpsSvc - ok
18:04:52.0233 2924  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:04:52.0264 2924  Mraid35x - ok
18:04:52.0303 2924  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:04:52.0356 2924  MRxDAV - ok
18:04:52.0416 2924  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:52.0510 2924  mrxsmb - ok
18:04:52.0686 2924  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:52.0709 2924  mrxsmb10 - ok
18:04:52.0714 2924  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:52.0729 2924  mrxsmb20 - ok
18:04:52.0754 2924  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
18:04:52.0782 2924  msahci - ok
18:04:52.0804 2924  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:04:52.0819 2924  msdsm - ok
18:04:52.0829 2924  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:04:52.0869 2924  MSDTC - ok
18:04:52.0881 2924  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:04:52.0905 2924  Msfs - ok
18:04:52.0921 2924  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:04:52.0934 2924  msisadrv - ok
18:04:52.0959 2924  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:04:53.0008 2924  MSiSCSI - ok
18:04:53.0012 2924  msiserver - ok
18:04:53.0045 2924  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:04:53.0094 2924  MSKSSRV - ok
18:04:53.0121 2924  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:53.0169 2924  MSPCLOCK - ok
18:04:53.0198 2924  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:04:53.0242 2924  MSPQM - ok
18:04:53.0335 2924  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:04:53.0353 2924  MsRPC - ok
18:04:53.0398 2924  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:04:53.0427 2924  mssmbios - ok
18:04:53.0452 2924  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:04:53.0476 2924  MSTEE - ok
18:04:53.0510 2924  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:04:53.0547 2924  Mup - ok
18:04:53.0653 2924  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
18:04:53.0712 2924  napagent - ok
18:04:53.0755 2924  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:04:53.0816 2924  NativeWifiP - ok
18:04:54.0028 2924  [ F2840DBFE9322F35557219AE82CC4597 ] NAV             C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
18:04:54.0040 2924  NAV - ok
18:04:54.0214 2924  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130413.016\NAVENG.SYS
18:04:54.0227 2924  NAVENG - ok
18:04:54.0415 2924  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130413.016\NAVEX15.SYS
18:04:54.0493 2924  NAVEX15 - ok
18:04:54.0556 2924  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:04:54.0645 2924  NDIS - ok
18:04:54.0678 2924  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:54.0745 2924  NdisTapi - ok
18:04:54.0774 2924  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:54.0798 2924  Ndisuio - ok
18:04:54.0864 2924  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:54.0912 2924  NdisWan - ok
18:04:54.0949 2924  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:04:54.0969 2924  NDProxy - ok
18:04:54.0996 2924  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:04:55.0077 2924  NetBIOS - ok
18:04:55.0191 2924  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:04:55.0266 2924  netbt - ok
18:04:55.0301 2924  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
18:04:55.0333 2924  Netlogon - ok
18:04:55.0372 2924  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
18:04:55.0467 2924  Netman - ok
18:04:55.0786 2924  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:55.0881 2924  NetMsmqActivator - ok
18:04:55.0885 2924  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:55.0897 2924  NetPipeActivator - ok
18:04:55.0991 2924  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
18:04:56.0068 2924  netprofm - ok
18:04:56.0072 2924  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:56.0083 2924  NetTcpActivator - ok
18:04:56.0088 2924  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:04:56.0099 2924  NetTcpPortSharing - ok
18:04:56.0190 2924  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:04:56.0214 2924  nfrd960 - ok
18:04:56.0242 2924  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:04:56.0291 2924  NlaSvc - ok
18:04:56.0357 2924  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:04:56.0434 2924  Npfs - ok
18:04:56.0479 2924  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:04:56.0540 2924  nsi - ok
18:04:56.0566 2924  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:04:56.0614 2924  nsiproxy - ok
18:04:56.0748 2924  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:04:56.0796 2924  Ntfs - ok
18:04:56.0820 2924  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:04:56.0878 2924  ntrigdigi - ok
18:04:56.0907 2924  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:04:56.0951 2924  Null - ok
18:04:57.0567 2924  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:04:58.0042 2924  nvlddmkm - ok
18:04:58.0205 2924  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:04:58.0235 2924  nvraid - ok
18:04:58.0267 2924  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:04:58.0302 2924  nvstor - ok
18:04:58.0458 2924  [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:04:58.0532 2924  nvsvc - ok
18:04:58.0989 2924  [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:04:59.0132 2924  nvUpdatusService - ok
18:04:59.0205 2924  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:04:59.0302 2924  nv_agp - ok
18:04:59.0306 2924  NwlnkFlt - ok
18:04:59.0312 2924  NwlnkFwd - ok
18:04:59.0369 2924  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:04:59.0428 2924  ohci1394 - ok
18:04:59.0536 2924  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:04:59.0705 2924  p2pimsvc - ok
18:04:59.0721 2924  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:04:59.0748 2924  p2psvc - ok
18:04:59.0800 2924  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:04:59.0848 2924  Parport - ok
18:04:59.0944 2924  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:04:59.0958 2924  partmgr - ok
18:04:59.0973 2924  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:05:00.0042 2924  Parvdm - ok
18:05:00.0187 2924  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:05:00.0289 2924  PcaSvc - ok
18:05:00.0330 2924  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
18:05:00.0372 2924  pci - ok
18:05:00.0403 2924  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
18:05:00.0442 2924  pciide - ok
18:05:00.0467 2924  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:05:00.0482 2924  pcmcia - ok
18:05:00.0536 2924  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:05:00.0607 2924  PEAUTH - ok
18:05:00.0852 2924  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
18:05:01.0012 2924  pla - ok
18:05:01.0085 2924  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:05:01.0150 2924  PlugPlay - ok
18:05:01.0228 2924  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:05:01.0269 2924  PNRPAutoReg - ok
18:05:01.0301 2924  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:05:01.0326 2924  PNRPsvc - ok
18:05:01.0450 2924  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:05:01.0562 2924  PolicyAgent - ok
18:05:01.0607 2924  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:05:01.0676 2924  PptpMiniport - ok
18:05:01.0776 2924  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
18:05:01.0859 2924  Processor - ok
18:05:01.0930 2924  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:05:02.0001 2924  ProfSvc - ok
18:05:02.0019 2924  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:02.0073 2924  ProtectedStorage - ok
18:05:02.0102 2924  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:05:02.0167 2924  PSched - ok
18:05:02.0213 2924  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:05:02.0225 2924  PxHelp20 - ok
18:05:02.0376 2924  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:05:02.0432 2924  ql2300 - ok
18:05:02.0496 2924  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:05:02.0510 2924  ql40xx - ok
18:05:02.0538 2924  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
18:05:02.0557 2924  QWAVE - ok
18:05:02.0585 2924  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:05:02.0599 2924  QWAVEdrv - ok
18:05:02.0790 2924  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
18:05:03.0025 2924  R300 - ok
18:05:03.0047 2924  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:05:03.0105 2924  RasAcd - ok
18:05:03.0137 2924  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:05:03.0232 2924  RasAuto - ok
18:05:03.0258 2924  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:03.0303 2924  Rasl2tp - ok
18:05:03.0343 2924  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
18:05:03.0396 2924  RasMan - ok
18:05:03.0458 2924  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:03.0509 2924  RasPppoe - ok
18:05:03.0555 2924  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:05:03.0593 2924  RasSstp - ok
18:05:03.0624 2924  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:05:03.0658 2924  rdbss - ok
18:05:03.0691 2924  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:03.0740 2924  RDPCDD - ok
18:05:03.0816 2924  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:05:03.0863 2924  rdpdr - ok
18:05:03.0871 2924  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:05:03.0952 2924  RDPENCDD - ok
18:05:04.0000 2924  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:05:04.0055 2924  RDPWD - ok
18:05:04.0092 2924  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:05:04.0117 2924  RemoteAccess - ok
18:05:04.0140 2924  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:05:04.0188 2924  RemoteRegistry - ok
18:05:04.0225 2924  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:04.0309 2924  RFCOMM - ok
18:05:04.0535 2924  [ FDED778DAF09235E4580F1B9046946B6 ] RoxLiveShare10  C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
18:05:04.0591 2924  RoxLiveShare10 - ok
18:05:04.0678 2924  [ E054A2CAF0E2A55C9AAC0BF1CCC558A5 ] RoxMediaDB10    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:05:04.0765 2924  RoxMediaDB10 - ok
18:05:04.0845 2924  [ C75FDA9AB3314E555123673E08F9D86D ] RoxWatch10      C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
18:05:04.0858 2924  RoxWatch10 - ok
18:05:04.0879 2924  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:05:04.0909 2924  RpcLocator - ok
18:05:04.0986 2924  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
18:05:05.0059 2924  RpcSs - ok
18:05:05.0093 2924  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:05:05.0152 2924  rspndr - ok
18:05:05.0170 2924  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
18:05:05.0184 2924  SamSs - ok
18:05:05.0344 2924  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:05:05.0379 2924  SASDIFSV - ok
18:05:05.0411 2924  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:05:05.0423 2924  SASKUTIL - ok
18:05:05.0470 2924  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:05:05.0491 2924  sbp2port - ok
18:05:05.0524 2924  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:05:05.0546 2924  SCardSvr - ok
18:05:05.0775 2924  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
18:05:05.0915 2924  Schedule - ok
18:05:05.0950 2924  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:05:05.0994 2924  SCPolicySvc - ok
18:05:06.0027 2924  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:05:06.0307 2924  SDRSVC - ok
18:05:06.0331 2924  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:05:06.0383 2924  seclogon - ok
18:05:06.0419 2924  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:05:06.0494 2924  SENS - ok
18:05:06.0526 2924  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:05:06.0565 2924  Serenum - ok
18:05:06.0594 2924  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
18:05:06.0669 2924  Serial - ok
18:05:06.0709 2924  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:05:06.0733 2924  sermouse - ok
18:05:06.0771 2924  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:05:06.0818 2924  SessionEnv - ok
18:05:06.0821 2924  SessionLauncher - ok
18:05:06.0844 2924  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:05:06.0897 2924  sffdisk - ok
18:05:06.0923 2924  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:05:06.0983 2924  sffp_mmc - ok
18:05:06.0999 2924  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:05:07.0047 2924  sffp_sd - ok
18:05:07.0089 2924  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:05:07.0165 2924  sfloppy - ok
18:05:07.0255 2924  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:05:07.0300 2924  SharedAccess - ok
18:05:07.0359 2924  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:07.0479 2924  ShellHWDetection - ok
18:05:07.0493 2924  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:05:07.0521 2924  sisagp - ok
18:05:07.0536 2924  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:05:07.0549 2924  SiSRaid2 - ok
18:05:07.0570 2924  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:05:07.0584 2924  SiSRaid4 - ok
18:05:07.0899 2924  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
18:05:08.0057 2924  slsvc - ok
18:05:08.0174 2924  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:05:08.0242 2924  SLUINotify - ok
18:05:08.0280 2924  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:05:08.0332 2924  Smb - ok
18:05:08.0375 2924  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:05:08.0412 2924  SNMPTRAP - ok
18:05:08.0481 2924  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:05:08.0494 2924  spldr - ok
18:05:08.0535 2924  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
18:05:08.0639 2924  Spooler - ok
18:05:08.0748 2924  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\NAV\1309010.00E\SRTSP.SYS
18:05:08.0777 2924  SRTSP - ok
18:05:08.0797 2924  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\NAV\1309010.00E\SRTSPX.SYS
18:05:08.0808 2924  SRTSPX - ok
18:05:08.0929 2924  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:05:09.0022 2924  srv - ok
18:05:09.0048 2924  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:05:09.0128 2924  srv2 - ok
18:05:09.0153 2924  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:05:09.0212 2924  srvnet - ok
18:05:09.0250 2924  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:05:09.0277 2924  SSDPSRV - ok
18:05:09.0294 2924  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:05:09.0311 2924  SstpSvc - ok
18:05:09.0333 2924  [ B218068EBA6F46F102B4218BDB81BE0B ] STacSV          C:\Windows\system32\STacSV.exe
18:05:09.0448 2924  STacSV - ok
18:05:09.0485 2924  Steam Client Service - ok
18:05:09.0558 2924  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:05:09.0588 2924  Stereo Service - ok
18:05:09.0627 2924  [ 167909A1C36AA3E8F2582962F0CCC748 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
18:05:09.0684 2924  STHDA - ok
18:05:09.0747 2924  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
18:05:09.0808 2924  stisvc - ok
18:05:10.0034 2924  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:05:10.0047 2924  stllssvr - ok
18:05:10.0088 2924  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:05:10.0123 2924  swenum - ok
18:05:10.0156 2924  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
18:05:10.0202 2924  swprv - ok
18:05:10.0248 2924  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:05:10.0260 2924  Symc8xx - ok
18:05:10.0416 2924  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\NAV\1309010.00E\SYMDS.SYS
18:05:10.0435 2924  SymDS - ok
18:05:10.0468 2924  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\NAV\1309010.00E\SYMEFA.SYS
18:05:10.0556 2924  SymEFA - ok
18:05:10.0705 2924  [ 555FB450FE6908600310E990738B41D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
18:05:10.0717 2924  SymEvent - ok
18:05:10.0722 2924  SymIMMP - ok
18:05:10.0754 2924  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\NAV\1309010.00E\Ironx86.SYS
18:05:10.0767 2924  SymIRON - ok
18:05:10.0783 2924  [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv         C:\Windows\System32\Drivers\NAV\1309010.00E\SYMTDIV.SYS
18:05:10.0833 2924  SYMTDIv - ok
18:05:10.0856 2924  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:05:10.0889 2924  Sym_hi - ok
18:05:10.0920 2924  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:05:10.0943 2924  Sym_u3 - ok
18:05:11.0113 2924  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
18:05:11.0154 2924  SysMain - ok
18:05:11.0190 2924  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:11.0283 2924  TabletInputService - ok
18:05:11.0320 2924  [ D8C94D074FE516A8509DFA1D81F8AD17 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
18:05:11.0393 2924  tap0901 - ok
18:05:11.0592 2924  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:05:11.0648 2924  TapiSrv - ok
18:05:11.0675 2924  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:05:11.0745 2924  TBS - ok
18:05:11.0858 2924  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:05:11.0993 2924  Tcpip - ok
18:05:12.0036 2924  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:05:12.0074 2924  Tcpip6 - ok
18:05:12.0189 2924  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:05:12.0339 2924  tcpipreg - ok
18:05:12.0458 2924  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:05:12.0481 2924  TDPIPE - ok
18:05:12.0513 2924  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:05:12.0589 2924  TDTCP - ok
18:05:12.0660 2924  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:05:12.0680 2924  tdx - ok
18:05:12.0699 2924  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:05:12.0739 2924  TermDD - ok
18:05:12.0862 2924  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
18:05:12.0971 2924  TermService - ok
18:05:13.0089 2924  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
18:05:13.0105 2924  Themes - ok
18:05:13.0152 2924  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:05:13.0196 2924  THREADORDER - ok
18:05:13.0318 2924  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:05:13.0396 2924  TrkWks - ok
18:05:13.0502 2924  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:13.0522 2924  TrustedInstaller - ok
18:05:13.0609 2924  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:13.0662 2924  tssecsrv - ok
18:05:13.0695 2924  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:05:13.0766 2924  tunmp - ok
18:05:13.0850 2924  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:05:13.0900 2924  tunnel - ok
18:05:13.0988 2924  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:05:14.0040 2924  uagp35 - ok
18:05:14.0130 2924  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:05:14.0170 2924  udfs - ok
18:05:14.0300 2924  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:05:14.0332 2924  UI0Detect - ok
18:05:14.0357 2924  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:05:14.0387 2924  uliagpkx - ok
18:05:14.0421 2924  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:05:14.0455 2924  uliahci - ok
18:05:14.0481 2924  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:05:14.0514 2924  UlSata - ok
18:05:14.0537 2924  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:05:14.0571 2924  ulsata2 - ok
18:05:14.0584 2924  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:05:14.0608 2924  umbus - ok
18:05:14.0622 2924  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
18:05:14.0678 2924  upnphost - ok
18:05:14.0723 2924  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:14.0744 2924  usbccgp - ok
18:05:14.0770 2924  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:05:14.0844 2924  usbcir - ok
18:05:14.0910 2924  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:05:14.0971 2924  usbehci - ok
18:05:15.0064 2924  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:05:15.0125 2924  usbhub - ok
18:05:15.0146 2924  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:05:15.0228 2924  usbohci - ok
18:05:15.0256 2924  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:05:15.0283 2924  usbprint - ok
18:05:15.0360 2924  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:05:15.0404 2924  usbscan - ok
18:05:15.0434 2924  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:15.0460 2924  USBSTOR - ok
18:05:15.0474 2924  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:05:15.0522 2924  usbuhci - ok
18:05:15.0666 2924  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
18:05:15.0725 2924  UxSms - ok
18:05:15.0863 2924  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
18:05:15.0901 2924  vds - ok
18:05:15.0958 2924  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:16.0053 2924  vga - ok
18:05:16.0086 2924  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:05:16.0140 2924  VgaSave - ok
18:05:16.0173 2924  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:05:16.0188 2924  viaagp - ok
18:05:16.0218 2924  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:05:16.0242 2924  ViaC7 - ok
18:05:16.0274 2924  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:05:16.0307 2924  viaide - ok
18:05:16.0333 2924  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:05:16.0366 2924  volmgr - ok
18:05:16.0451 2924  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:05:16.0471 2924  volmgrx - ok
18:05:16.0609 2924  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:05:16.0709 2924  volsnap - ok
18:05:16.0939 2924  [ 19AFBA7191A78EDCA6D235456D65E002 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:05:16.0971 2924  vpnagent - ok
18:05:16.0996 2924  [ EA39F36302DACBCDCDB113313718E768 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
18:05:17.0018 2924  vpnva - ok
18:05:17.0072 2924  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:05:17.0087 2924  vsmraid - ok
18:05:17.0195 2924  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
18:05:17.0289 2924  VSS - ok
18:05:17.0340 2924  [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2        C:\Windows\system32\DRIVERS\VSTBS23.SYS
18:05:17.0401 2924  VSTHWBS2 - ok
18:05:17.0464 2924  [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:05:17.0568 2924  VST_DPV - ok
18:05:17.0619 2924  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
18:05:17.0644 2924  W32Time - ok
18:05:17.0660 2924  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:05:17.0761 2924  WacomPen - ok
18:05:17.0795 2924  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:05:17.0882 2924  Wanarp - ok
18:05:17.0893 2924  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:05:17.0911 2924  Wanarpv6 - ok
18:05:18.0059 2924  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:05:18.0143 2924  wcncsvc - ok
18:05:18.0171 2924  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:18.0231 2924  WcsPlugInService - ok
18:05:18.0256 2924  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
18:05:18.0290 2924  Wd - ok
18:05:18.0349 2924  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:05:18.0426 2924  Wdf01000 - ok
18:05:18.0457 2924  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:05:18.0512 2924  WdiServiceHost - ok
18:05:18.0515 2924  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:05:18.0541 2924  WdiSystemHost - ok
18:05:18.0586 2924  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
18:05:18.0682 2924  WebClient - ok
18:05:18.0762 2924  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:05:18.0928 2924  Wecsvc - ok
18:05:18.0952 2924  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:05:19.0002 2924  wercplsupport - ok
18:05:19.0039 2924  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:05:19.0078 2924  WerSvc - ok
18:05:19.0115 2924  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:05:19.0196 2924  winachsf - ok
18:05:19.0376 2924  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:05:19.0415 2924  WinDefend - ok
18:05:19.0421 2924  WinHttpAutoProxySvc - ok
18:05:19.0766 2924  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:05:19.0808 2924  Winmgmt - ok
18:05:20.0146 2924  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:05:20.0261 2924  WinRM - ok
18:05:20.0313 2924  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.SYS
18:05:20.0379 2924  WinUsb - ok
18:05:20.0410 2924  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:05:20.0487 2924  Wlansvc - ok
18:05:20.0521 2924  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:05:20.0594 2924  WmiAcpi - ok
18:05:20.0670 2924  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:05:20.0702 2924  wmiApSrv - ok
18:05:20.0982 2924  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:05:21.0196 2924  WMPNetworkSvc - ok
18:05:21.0305 2924  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:05:21.0414 2924  WPCSvc - ok
18:05:21.0454 2924  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:05:21.0564 2924  WPDBusEnum - ok
18:05:21.0624 2924  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:05:21.0679 2924  WpdUsb - ok
18:05:21.0975 2924  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:05:22.0035 2924  WPFFontCache_v0400 - ok
18:05:22.0059 2924  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:05:22.0108 2924  ws2ifsl - ok
18:05:22.0197 2924  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
18:05:22.0256 2924  wscsvc - ok
18:05:22.0260 2924  WSearch - ok
18:05:22.0688 2924  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:05:22.0873 2924  wuauserv - ok
18:05:22.0932 2924  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:05:23.0677 2924  WudfPf - ok
18:05:23.0799 2924  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:23.0862 2924  WUDFRd - ok
18:05:23.0929 2924  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:05:23.0975 2924  wudfsvc - ok
18:05:24.0003 2924  ZTEusbmdm6k - ok
18:05:24.0024 2924  ZTEusbnmea - ok
18:05:24.0035 2924  ZTEusbser6k - ok
18:05:24.0073 2924  ================ Scan global ===============================
18:05:24.0147 2924  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:05:24.0262 2924  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:05:24.0322 2924  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:05:24.0437 2924  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:05:24.0465 2924  [Global] - ok
18:05:24.0465 2924  ================ Scan MBR ==================================
18:05:24.0494 2924  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:05:27.0082 2924  \Device\Harddisk0\DR0 - ok
18:05:27.0082 2924  ================ Scan VBR ==================================
18:05:27.0115 2924  [ C5729975CDB07999FC37B2699DB083B7 ] \Device\Harddisk0\DR0\Partition1
18:05:27.0124 2924  \Device\Harddisk0\DR0\Partition1 - ok
18:05:27.0165 2924  [ 246605E9FA7AB375DD7D32FA0604CC11 ] \Device\Harddisk0\DR0\Partition2
18:05:27.0189 2924  \Device\Harddisk0\DR0\Partition2 - ok
18:05:27.0189 2924  ============================================================
18:05:27.0189 2924  Scan finished
18:05:27.0189 2924  ============================================================
18:05:27.0199 1156  Detected object count: 3
18:05:27.0199 1156  Actual detected object count: 3
18:07:41.0052 1156  ggsemc ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:41.0052 1156  ggsemc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:07:41.0055 1156  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:41.0055 1156  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:07:41.0057 1156  KodakSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:41.0057 1156  KodakSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:09:57.0786 6020  Deinitialize success
         
Liebe Grüße
Myriam
__________________

Geändert von Sacajewia (13.04.2013 um 20:00 Uhr)

Alt 15.04.2013, 11:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2013, 12:52   #5
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Combofix erledigt
Code:
ATTFilter
ComboFix 13-04-15.01 - Myriam 15.04.2013  12:38:37.1.4 - x86
ausgeführt von:: c:\users\Myriam\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-15 bis 2013-04-15  ))))))))))))))))))))))))))))))
.
.
2013-04-15 10:46 . 2013-04-15 10:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-15 10:46 . 2013-04-15 10:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-14 13:46 . 2013-04-14 13:46	--------	d-----w-	C:\found.000
2013-04-12 12:18 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A9BFB70-6A8B-4D8F-A847-33047DAF3F89}\mpengine.dll
2013-04-12 10:34 . 2013-04-12 10:34	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-04-12 10:25 . 2013-04-12 10:25	--------	d-----w-	c:\users\Myriam\AppData\Roaming\SUPERAntiSpyware.com
2013-04-12 10:25 . 2013-04-12 10:25	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-04-12 10:25 . 2013-04-12 10:25	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-04-12 10:22 . 2013-04-12 10:22	--------	d-----w-	c:\users\Myriam\AppData\Roaming\Malwarebytes
2013-04-12 10:22 . 2013-04-12 10:22	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-12 10:22 . 2013-04-12 10:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-04-12 10:22 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-05 13:55 . 2013-04-05 13:55	--------	d-----w-	c:\program files\Dropbox
2013-03-20 11:21 . 2013-03-20 11:21	--------	d-----w-	c:\users\Myriam\AppData\Local\Macromedia
2013-03-20 11:14 . 2013-03-20 11:14	--------	d-----w-	c:\programdata\Apple Computer
2013-03-20 11:10 . 2013-03-20 11:10	--------	d-----w-	c:\program files\Apple Software Update
2013-03-20 10:37 . 2013-03-20 10:37	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 10:22 . 2013-03-20 10:22	--------	d-----w-	c:\program files\Lame For Audacity
2013-03-20 09:18 . 2013-04-15 08:55	--------	d-----w-	c:\users\Myriam\AppData\Roaming\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 10:06 . 2012-05-14 08:52	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-12 10:06 . 2012-03-06 12:34	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 10:37 . 2013-01-18 14:53	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-20 10:37 . 2011-04-27 18:44	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-11 23:10 . 2009-11-09 21:12	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-02-25 22:22 . 2013-02-25 22:22	1985824	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:22 . 2012-02-09 20:43	1017120	----a-w-	c:\windows\system32\nvdispco32.dll
2013-02-25 22:22 . 2013-02-25 22:22	6262608	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:22 . 2013-01-09 12:25	12641992	----a-w-	c:\windows\system32\nvwgf2um.dll
2013-02-25 22:22 . 2012-10-10 20:14	892704	----a-w-	c:\windows\system32\nvdispgenco32.dll
2013-02-25 22:22 . 2008-08-15 03:49	2505144	----a-w-	c:\windows\system32\nvapi.dll
2013-02-25 22:22 . 2012-10-10 20:14	15129960	----a-w-	c:\windows\system32\nvd3dum.dll
2013-02-25 22:22 . 2013-02-25 22:22	7932256	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:22 . 2013-02-25 22:22	17560352	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:22 . 2013-02-25 22:22	20449056	----a-w-	c:\windows\system32\nvoglv32.dll
2013-02-25 22:22 . 2013-02-25 22:22	8939296	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:22 . 2013-02-25 22:22	2720544	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-12 01:57 . 2013-03-14 22:22	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-01-18 14:21 . 2010-01-11 21:18	4133664	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-18 14:21 . 2010-01-11 21:18	3005728	----a-w-	c:\windows\system32\nvsvc.dll
2013-01-18 14:20 . 2010-01-11 21:18	639776	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-18 14:20 . 2010-01-11 21:18	62752	----a-w-	c:\windows\system32\nvshext.dll
2013-01-18 14:20 . 2010-01-11 21:18	2557728	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-18 14:20 . 2010-01-11 21:18	108832	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-18 06:15 . 2013-01-18 06:15	550176	----a-w-	c:\windows\system32\nvStreaming.exe
2013-04-12 10:34 . 2013-03-08 10:18	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Myriam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Myriam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Myriam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:45]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:45]
.
2013-04-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sacajewia.yfw24.de/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\8ktg4j01.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sacajewia.yfw24.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - ExtSQL: !HIDDEN! 2009-07-30 19:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-15 12:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-15  12:47:48
ComboFix-quarantined-files.txt  2013-04-15 10:47
.
Vor Suchlauf: 13 Verzeichnis(se), 186.379.706.368 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 208.096.780.288 Bytes frei
.
- - End Of File - - C0A12D1D857890F07131D31AB5A61B9D
         
lg Myriam


Alt 15.04.2013, 13:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Yahoo Account macht sich selbstständig - Virensuche erfolglos

Alt 15.04.2013, 14:07   #7
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Done

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Myriam on 15.04.2013 at 13:28:42,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\Myriam\AppData\Roaming\mozilla\firefox\profiles\8ktg4j01.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2013 at 13:32:27,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 15/04/2013 um 13:34:55 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Myriam - MYRIAM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Myriam\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19412

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\8ktg4j01.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2022 octets] - [15/04/2013 13:34:55]

########## EOF - C:\AdwCleaner[S1].txt - [2082 octets] ##########
         
OTL
Code:
ATTFilter
OTL logfile created on: 15.04.2013 13:44:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,50% Memory free
6,19 Gb Paging File | 4,38 Gb Available in Paging File | 70,81% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 195,76 Gb Free Space | 43,44% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
 
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Myriam\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
PRC - C:\Programme\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll ()
MOD - C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
SRV - (KodakSvc) -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
SRV - (RoxLiveShare10) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (jnv4_mib) -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Myriam\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130414.006\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130414.006\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130412.001\IDSvix86.sys (Symantec Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NAV\1309010.00E\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sacajewia.yfw24.de/
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\SearchScopes\{D348BADA-AED4-422D-84DE-B8C9BDA6386C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.sacajewia.yfw24.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.01 10:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M]
 
[2010.04.15 14:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions
[2008.10.06 22:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions\info@zla.bs
[2013.01.03 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions
[2011.04.07 19:15:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.03.08 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 12:34:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.01 14:06:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 14:06:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.01 14:06:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 14:06:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 14:06:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 14:06:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.15 12:46:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2809407004-3813944969-3761871581-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD226102-D412-4584-BE6A-F573DAD411F6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.15 13:28:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.15 13:28:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.15 12:47:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.15 12:47:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.15 12:34:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.15 12:34:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.15 12:34:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.15 12:34:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.15 12:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.15 12:29:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.14 15:46:53 | 000,000,000 | ---D | C] -- C:\found.000
[2013.04.12 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.12 12:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.12 12:22:46 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Malwarebytes
[2013.04.12 12:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.12 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.12 12:22:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.12 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.11 18:10:52 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.11 18:10:52 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.11 18:10:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.11 18:10:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.11 18:10:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.11 18:10:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.04.11 18:10:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.11 18:10:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.11 18:10:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.11 18:10:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.11 18:10:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.11 18:10:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.11 18:10:46 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.11 18:10:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.11 18:10:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.11 18:10:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.11 18:10:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.11 18:10:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.11 18:10:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.11 18:10:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.11 18:10:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.11 18:10:44 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.11 18:10:44 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.05 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.03.20 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Local\Macromedia
[2013.03.20 13:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.03.20 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.03.20 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.03.20 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013.03.20 12:38:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.20 12:37:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.20 12:37:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.20 12:37:27 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.20 12:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2013.03.20 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Audacity
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 13:37:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 13:36:59 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 13:36:59 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 13:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 13:35:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.15 12:46:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.15 12:36:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 12:25:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job
[2013.04.15 11:09:19 | 000,691,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.15 11:09:19 | 000,649,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 11:09:19 | 000,154,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.15 11:09:19 | 000,126,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.15 02:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job
[2013.04.14 17:59:30 | 000,000,512 | ---- | M] () -- C:\Users\Myriam\Desktop\MBR.dat
[2013.04.12 22:32:58 | 000,105,472 | ---- | M] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.12 18:08:16 | 000,000,000 | ---- | M] () -- C:\Users\Myriam\defogger_reenable
[2013.04.12 17:25:27 | 000,002,016 | ---- | M] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37}
[2013.04.12 12:25:14 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.12 12:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.12 12:06:41 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.12 12:06:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.12 03:23:01 | 000,358,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.05 15:57:38 | 000,000,965 | ---- | M] () -- C:\Users\Myriam\Desktop\Dropbox.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.20 13:14:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.03.20 12:37:12 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.20 12:37:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.20 12:37:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.20 12:37:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.20 12:37:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.03.20 12:37:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.20 11:18:31 | 000,000,806 | ---- | M] () -- C:\Users\Myriam\Desktop\Audacity.lnk
[2013.03.20 10:18:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000015B3.LCS
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.15 12:34:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.15 12:34:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.15 12:34:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.15 12:34:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.15 12:34:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.14 17:59:30 | 000,000,512 | ---- | C] () -- C:\Users\Myriam\Desktop\MBR.dat
[2013.04.12 18:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Myriam\defogger_reenable
[2013.04.12 17:25:25 | 000,002,016 | ---- | C] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37}
[2013.04.12 12:25:37 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job
[2013.04.12 12:25:36 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job
[2013.04.12 12:25:14 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.12 12:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.20 13:14:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.03.20 11:18:31 | 000,000,806 | ---- | C] () -- C:\Users\Myriam\Desktop\Audacity.lnk
[2013.03.19 17:10:02 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000015B3.LCS
[2013.01.18 16:57:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2012.10.04 20:07:25 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.09.26 21:36:19 | 000,001,574 | ---- | C] () -- C:\Users\Myriam\.recently-used.xbel
[2011.01.27 15:46:48 | 000,000,680 | ---- | C] () -- C:\Users\Myriam\AppData\Local\d3d9caps.dat
[2010.10.27 11:15:55 | 000,001,940 | ---- | C] () -- C:\Users\Myriam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.03.12 14:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Myriam\AppData\Local\fusioncache.dat
[2010.03.10 23:29:52 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.10 23:28:30 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.07 20:10:05 | 039,048,624 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_image32.Cache
[2008.10.07 20:10:04 | 002,375,716 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_audio.Cache
[2008.08.28 17:35:31 | 000,000,270 | ---- | C] () -- C:\Users\Myriam\AppData\Roaming\wklnhst.dat
[2008.08.23 15:19:35 | 000,105,472 | ---- | C] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 15.04.2013 13:44:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,50% Memory free
6,19 Gb Paging File | 4,38 Gb Available in Paging File | 70,81% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 195,76 Gb Free Space | 43,44% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
 
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8F8E2D-677E-4047-AA24-CA20D9DE3D74}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0CC2F914-B5BC-4F42-AB32-A4D3311CEDCD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0D39A2B5-68C0-47B7-B6FC-BFCFC468A03A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1246FBDC-1E0B-47FB-BEFA-27750678113B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{46ED7DAB-D7FC-48A2-BACD-DD6E7089D769}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{507D743D-BD98-4431-9746-96229266CF0D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51E40662-C5FB-42D1-991A-4DFD7AAA4816}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{61003B25-8C50-428D-AB20-34758EBAF052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6278AC08-C05C-4659-B674-60A5EABC3B7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6960348A-6A51-44E1-9781-79893ABADB2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B44C1BE-7358-41C9-B4EE-599EBA4A07C7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76B0B33F-F528-4E84-8EDC-B94982E1F27F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7AAB8082-F175-487B-BFEB-60F3065E0F1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{816D2907-EA11-4362-8471-69B8B93AFAA1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{92FFA179-BEF6-42AC-A845-54753E9A1A9E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{A9A941B6-80A4-463C-B872-8441D12A7B82}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D28D7570-029C-49F9-923F-C0E7B7F77882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D51247CA-AD98-4616-B05E-4E2A46ED25F3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D9C9BB91-D863-4E02-9610-E8187FC54B64}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery | 
"{E225B8D8-121C-4EFF-95FC-232056FCB729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEB79099-BAC0-41F9-A269-16FD6DA148F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F00DC730-88B6-467A-BAFB-DB64E231F7E1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{F019CF87-942B-42C1-AD85-336605D53FC9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F820B161-F58B-4943-A256-13CC521465A3}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015EAFED-D196-40D7-9BB7-05F7DB0954E8}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{07DC966F-AF57-42F2-93EC-598474FC7D26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{13C46594-FA44-47C4-9EAA-F7F7E282F81A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{17D20452-9800-4DD9-84D3-B2F4EC34184A}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{18AACA02-7B95-4E5A-80ED-85FC8BCA1B7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1E9400D8-BAE5-4B54-819F-E755ADD212C4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{2176A2EE-E56A-48F5-8B5A-59346CE609F4}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{26F75F16-F043-45EA-8308-3A4C8C8C4FA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{30B0C95A-A486-4899-BE43-619A3B15DC7A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{3188185F-2D62-4205-A8C8-B71D734E40DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe | 
"{367650DE-B9EE-44D7-BBC7-87DADEE68E30}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{385A4E4F-3B79-4504-B684-115EC5281BBF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{437CAFD3-5780-456C-B9EE-089A8F708549}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{45F7D31F-9318-4B15-9657-734AC3FB5E67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{4751E395-79B0-4330-96CE-39BD2880BEB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4ACEE7D6-8C43-4D7A-859E-86FED02005EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{55173B6F-586B-424A-A2EB-51D1C1BA4908}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{5674A47E-0EC6-40A5-8688-EF39B3143892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61F4A8BD-E03A-4D43-8937-5C76ADC4B7AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A2521AF-3FF6-4195-AB63-42F7B507F4C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71256B30-870D-481F-AD31-4F33B5D1FF78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7FD5E20B-37B7-4795-A441-3A5003FA32AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FD873D7-B15B-415E-8444-7305B024B4CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{81B0BCCD-3476-4AAC-907A-A993CDD5E84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{8A0B390D-E738-4EAA-8D70-9812AE4FFA18}" = protocol=6 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8D70644F-DDE7-4571-AA65-D5BA9F0E096B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{8E25BCB3-455B-4ED3-B085-6C1C177B5792}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{91B76FAB-B8DA-4F8A-A98B-4D1E3EAA1ADF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{995F8E31-62AE-4A86-B286-E4E9FDB41878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{996C5683-5301-4016-B7BC-3FD8098E0344}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{99A4B8A9-D14E-4038-8E83-1FB7F800C6A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9C28CE91-5AE9-43C9-A9BC-9AE708FF6A22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{9F2CEAA9-FD44-4559-9F9D-EFF151050EC3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A0CD47D7-5B95-43D1-B046-53063E706EDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A2993279-8E58-4804-BEB1-6ABC83E03BD9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A3D04630-24B7-4C10-B62F-2DD661C2C750}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{A55E4E44-6B42-49A4-9457-CA1A361821D9}" = protocol=17 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3521D14-5E51-405D-A4A6-A2ACEAB1E914}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9F44E35-E34D-4384-94FE-35A1D8912FA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe | 
"{D26900B8-638F-4C78-92E4-17B718901F31}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{DBE48E50-7845-4C36-BB3B-ABD5A6B87FC8}" = protocol=6 | dir=out | app=system | 
"{E0DAF8DE-1037-4C58-A7F7-F418738E24A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E4154EED-EF2C-47BE-AC8C-754B8E2A1306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9A00FF0-995F-4993-886B-80513749D2AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA4FCE7C-A19A-48DB-A45C-2EF63793E92D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC80D682-CADE-4486-A4A9-610BA5704BE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EEE4C139-2C19-4C13-9A9D-0A6496DEC567}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{F0F471BE-9405-42C3-8C2C-05FFB83D6083}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{F13DA791-72CC-493E-A137-EA6C9DDAD72A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F41EE4B1-AE3B-4144-B6F6-84C838A8D0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4EE3612-6280-4596-998B-8317E2022087}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{FA50FB17-2975-4BB8-8D49-7E05D16073FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FF171E50-BC2F-4CDC-944A-5AD6981DE397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{15EA6954-DC5F-4FFE-9F99-4723A59A7489}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{225AE057-4BFF-4FA9-9C29-7ED5621E80A5}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{3ECFD284-C5C5-4701-B75A-8EF249D05C05}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{43B63FAB-7A1A-4950-ACF7-6E113D7F83D4}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"TCP Query User{4920D7BB-0C6C-431E-9029-79044BD61ED6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{5CB060C1-4B2D-4243-8E58-9E2ABF2B3D43}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{5FCCF948-FB48-4861-9384-51C777EAED63}C:\users\myriam\downloads\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe | 
"TCP Query User{74C8D1F1-4980-4FCC-AF88-532944F43415}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{AB399E19-7F47-4CA3-AD21-6C237236F08A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{C82C56EA-6252-4FB1-9741-F3E9DAC58065}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{CE606602-90A2-4F64-BBBB-6528E452D021}C:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"TCP Query User{D92F0F33-47D8-4046-807E-DF026547032A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{EC4CA91E-1EFD-4171-8730-4E4719D83094}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{00D8DCE6-ABC6-4D4F-B259-123EE5B9B1AE}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{3B2DB38F-F922-44F9-9D86-9B763454FEDB}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{3B3A35D8-42E0-4E73-9280-13D50C5F90D0}C:\users\myriam\downloads\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe | 
"UDP Query User{3C83304D-6010-4FD6-A2FC-F4B1FBABB74C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{3D4E8D28-6583-4F3F-ABB6-61F7D0BB8D33}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{50AA09BD-BFA4-431F-816C-98CE0E2F3BDC}C:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"UDP Query User{646E7007-8F04-4A61-8FDC-183EAABC9BAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{65AC74DF-E366-4912-BAF3-5BF615C5F6D5}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{6D0E4FAD-8789-4B9C-9BE4-8297132442D7}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{A6A49604-E714-4DDE-BF26-AC964A7569B6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{B8AE7ACA-D04F-476E-8479-26BA1A0A5F67}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{D8E4F352-81EC-4EDD-8008-23D8FEA2607D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{FF3DD940-C197-4E0A-885B-83B62874F008}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07222CAA-F008-48D1-B09F-3F23FCCD610C}" = IBM SPSS Statistics 19 Help Packs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = Kodak All-in-One-Druckersoftware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Bink and Smacker" = Bink and Smacker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"f42012" = f4 2012
"Google Desktop" = Google Desktop
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NAVIGON Fresh" = NAVIGON Fresh 1.6.2
"NAVIGON Sync" = NAVIGON Sync 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2809407004-3813944969-3761871581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2013 07:35:42 | Computer Name = Myriam-PC | Source = .NET Runtime | ID = 0
Description = 
 
Error - 15.04.2013 07:38:26 | Computer Name = Myriam-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 112 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 15.04.2013 07:37:00 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.04.2013 07:37:37 | Computer Name = Myriam-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 15.04.2013 07:40:32 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 520 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 15.04.2013 07:40:33 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
 Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
 
Error - 15.04.2013 07:40:37 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 15.04.2013 07:40:40 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1336 NULL object. Cannot establish a connection at this time.
 
Error - 15.04.2013 07:40:40 | Computer Name = Myriam-PC | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
 Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
 
[ System Events ]
Error - 15.04.2013 07:35:44 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 15.04.2013 07:38:27 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.04.2013 07:39:55 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.04.2013 07:40:25 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.04.2013 07:40:25 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.04.2013 07:42:45 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 15.04.2013 07:42:45 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 15.04.2013 07:42:45 | Computer Name = Myriam-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Sooooo isses tot? Und was war jetzt?

lg Myriam

Alt 15.04.2013, 14:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
DRV - (jnv4_mib) -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys File not found
[2013.04.14 15:46:53 | 000,000,000 | ---D | C] -- C:\found.000
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2013, 14:40   #9
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



OTL Moved Files
Code:
ATTFilter
All processes killed
========== OTL ==========
Service jnv4_mib stopped successfully!
Service jnv4_mib deleted successfully!
File  C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys File not found not found.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Myriam\Downloads\cmd.bat deleted successfully.
C:\Users\Myriam\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Myriam
->Temp folder emptied: 289502 bytes
->Temporary Internet Files folder emptied: 146947183 bytes
->Java cache emptied: 24879803 bytes
->FireFox cache emptied: 77532691 bytes
->Flash cache emptied: 269165 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 239,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04152013_143349

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 15.04.2013, 14:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2013, 18:08   #11
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Beides negativ

mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
Myriam :: MYRIAM-PC [Administrator]

Schutz: Aktiviert

15.04.2013 14:52:34
mbam-log-2013-04-15 (14-52-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237605
Laufzeit: 6 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=46b0479f554c1544a2b86b8965e5dc7a
# engine=13621
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-15 03:56:44
# local_time=2013-04-15 05:56:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3590 16777213 100 97 1483009 185059590 0 0
# compatibility_mode=5892 16776574 100 100 0 203574132 0 0
# scanned=249623
# found=0
# cleaned=0
# scan_time=10411
         
Heißt das ich bin wieder sauber? Ja und was hatte ich mir jetzt eingefangen???

lg Myriam

Alt 15.04.2013, 21:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2013, 22:36   #13
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Alles bestens

dann noch aufräumen?

lg Myriam

Alt 15.04.2013, 22:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.04.2013, 10:04   #15
Sacajewia
 
Yahoo Account macht sich selbstständig - Virensuche erfolglos - Standard

Yahoo Account macht sich selbstständig - Virensuche erfolglos



Das wäre aber auch zu schön gewesen wenn jetzt einfach so alles glatt gegangen wär

Äh ja Kurzfassung. Hab gestern deine Liste abgearbeitet, da ist aber irgendwas schief gegangen ... auf jeden Fall hat sich mein PC aufgehängt, rumgesponnen und hing dann heut in ner Neustartschleife fest. Startupreparatur hat nix gefunden. Hab mein System wieder hergestellt. Und zwar auf den Stand von vorgestern 14.04. um 14:58 (der einzige Systemwiederherstellungspunkt vor dem ganzen Chaos). Nun ja das war noch bevor ich die drei Analysen vor dem Combofix gemacht hab ... So.

Aktuell scheint (fast) alles was ich probiert habe zu funzen. Also Browser öffnen und diese Seite aufrufen
Mein VPN-Client beschwert sich dass er keine Verbindung mehr aufbauen kann. Aber der zickt auch manchmal einfach nur. Mehr weiß ich jetzt net.

So und was jetzt? nochmal der ganze Spaß? Oder was tu ich jetzt OHNE mein System zu schrotten?

Äh ja. Ich hoffe du kannst mir helfen....
lg Myriam

Edit: VPN-Client hat nur rumgezickt. Funzt wieder

Antwort

Themen zu Yahoo Account macht sich selbstständig - Virensuche erfolglos
7-zip, account, anti-malware, battle.net, computer, computern, daten, externe festplatte, festplatte, forum, gelöscht, geändert, google, hilfe!, hängt, install.exe, intranet, link, malwarebytes, neu, nicht mehr, nichts, ntdll.dll, platte, spark, suche, system, verdächtige, verschiedene, yahoo, zunge



Ähnliche Themen: Yahoo Account macht sich selbstständig - Virensuche erfolglos


  1. Mein Facebook-Account macht sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (17)
  2. Tastatur macht sich selbstständig und pc schaltet sich von selbst auf standby
    Plagegeister aller Art und deren Bekämpfung - 13.05.2014 (5)
  3. PC macht sich selbstständig!
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (8)
  4. Auswahl macht sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (9)
  5. Maus macht sich selbstständig
    Log-Analyse und Auswertung - 16.06.2012 (3)
  6. Festplatte macht sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (4)
  7. Internetexplorer 8.0 macht sich selbstständig
    Log-Analyse und Auswertung - 23.07.2011 (12)
  8. trojanerbefall ? rechner macht sich selbstständig.
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (5)
  9. Internet Explorer macht sich selbstständig
    Log-Analyse und Auswertung - 19.02.2010 (5)
  10. Benutzerbild macht sich selbstständig?
    Alles rund um Windows - 01.12.2008 (2)
  11. browser macht sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 02.09.2008 (1)
  12. Hilfe! - Pc macht sich selbstständig!
    Log-Analyse und Auswertung - 24.05.2008 (5)
  13. Pc macht sich selbstständig!
    Alles rund um Windows - 17.12.2007 (2)
  14. PC macht sich Selbstständig
    Log-Analyse und Auswertung - 30.09.2007 (4)
  15. Rechner macht sich selbstständig
    Log-Analyse und Auswertung - 25.09.2007 (29)
  16. maus macht sich selbstständig
    Log-Analyse und Auswertung - 27.02.2006 (12)
  17. IE macht sich selbstständig
    Log-Analyse und Auswertung - 01.03.2005 (2)

Zum Thema Yahoo Account macht sich selbstständig - Virensuche erfolglos - Hallo, heute morgen hat sich mein Yahoo-Account verselbstständigt und E-Mails mit einem Link an mein komplettes Adressbuch verschickt. Die Mails sind auf meinem PC im gesendet-Ordner, ich hab mein PW - Yahoo Account macht sich selbstständig - Virensuche erfolglos...
Archiv
Du betrachtest: Yahoo Account macht sich selbstständig - Virensuche erfolglos auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.