| |
| |||||||
Log-Analyse und Auswertung: Falsche Weiterleitung von BrowserlinksWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.02.2013, 08:21
| #1 |
| |  Falsche Weiterleitung von Browserlinks Hallo, wie bereits einige andere in diesem Forum habe ich das Problem, dass das Anklicken von Links im Browser zu falschen Zielen führt. Bei Eingabe der Adresse in die Adressleiste funktioniert alles. Betroffen sind IE9, Firefox, Chrome, jeweils in aktueller Version. Suchanbieter sind ebenfalls alle betroffen, Eingabe in Suchleiste oder Suchfeld ebenfalls gleich, der entstehende Link wird immer falsch verlinkt. Ich habe mit Spybot, Malwarebytes und Norton Internet Security nach Ursachen gesucht, aber keine Lösung in Sicht. Anbei die ersten LOG Files: defogger.txt defogger_disable by jpshortstuff (23.02.10.1) Log created at 07:16 on 03/02/2013 (*****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL.txt OTL logfile created on: 2/3/2013 7:17:46 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.96 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.92% Memory free 5.92 Gb Paging File | 4.06 Gb Available in Paging File | 68.53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 73.12 Gb Free Space | 51.67% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 140.52 Gb Free Space | 99.31% Space Free | Partition Type: NTFS Drive E: | 99.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: *****-7 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/03 07:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012/12/05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/11/22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2012/11/13 14:08:14 | 003,500,568 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe PRC - [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/07/16 18:28:36 | 006,974,360 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe PRC - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2012/02/24 02:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2012/02/23 11:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012/02/20 20:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe PRC - [2010/11/30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe PRC - [2010/11/30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe PRC - [2010/11/30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/20 10:12:58 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe PRC - [2009/01/12 02:52:00 | 000,354,304 | ---- | M] ((C) Michael Schiel) -- C:\Program Files\TrayBackup\traybackup.exe ========== Modules (No Company Name) ========== MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.2.1.22\wincfi39.dll MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/01/18 08:02:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe -- (NIS) SRV - [2012/11/22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/11/30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService) SRV - [2010/11/30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService) SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2013/01/18 10:28:56 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130201.033\NAVEX15.SYS -- (NAVEX15) DRV - [2013/01/18 10:28:56 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130201.033\NAVENG.SYS -- (NAVENG) DRV - [2013/01/17 16:30:20 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86) DRV - [2013/01/16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/10/21 14:03:05 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/10/09 02:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\srtsp.sys -- (SRTSP) DRV - [2012/10/04 02:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\symefa.sys -- (SymEFA) DRV - [2012/10/04 02:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\symds.sys -- (SymDS) DRV - [2012/09/07 03:05:14 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\symnets.sys -- (SymNetS) DRV - [2012/09/07 02:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\ironx86.sys -- (SymIRON) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/08/20 20:49:49 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\ccsetx86.sys -- (ccSet_NIS) DRV - [2012/08/09 07:04:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/08/09 07:04:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/05/24 22:36:56 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402010.016\srtspx.sys -- (SRTSPX) DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010/11/30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV - [2010/11/30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/10 14:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%202 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\windows\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013/02/03 06:31:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/10/21 14:29:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/23 08:45:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/23 08:45:09 | 000,000,000 | ---D | M] [2012/02/03 15:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010/02/22 15:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/02/03 15:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012/10/25 09:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\urn0o53f.default\extensions [2012/10/21 14:29:02 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN O1 HOSTS File: ([2013/02/02 14:12:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [TrayBackup] C:\Program Files\TrayBackup\traybackup.exe ((C) Michael Schiel) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9BECE1-AC4C-49E8-9A78-FC0628D26295}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52354A84-BE2E-4B44-BF08-91B1DCBFBB9D}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/03 07:16:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013/02/02 15:28:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013/02/02 15:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/02 15:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/02 15:28:32 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/02/02 15:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/02 14:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/02/02 14:14:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/02 14:14:31 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/02/02 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\temp [2013/02/02 13:29:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/02/02 11:41:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*****-BasisRenten-Rechner [2013/02/02 11:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\*****-BasisRenten-Rechner [2013/02/02 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/02/02 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/02/02 10:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/02/02 10:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/02/02 10:49:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\windows\System32\sdnclean.exe [2013/02/02 10:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/02/02 10:49:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2013/01/23 08:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013/01/19 15:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/02/22 15:03:28 | 000,720,315 | ---- | C] (Macromedia, Inc.) -- C:\Users\*****\Kopie von BuonNatale.exe [2010/02/22 15:03:14 | 000,720,315 | ---- | C] (Macromedia, Inc.) -- C:\Users\*****\BuonNatale.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/03 07:16:59 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013/02/03 07:12:05 | 000,365,568 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.0.18454.exe [2013/02/03 07:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013/02/03 07:11:31 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2013/02/03 07:01:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/03 06:35:24 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 06:35:24 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 06:28:09 | 000,000,308 | ---- | M] () -- C:\windows\tasks\Wyrts.job [2013/02/03 06:27:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/02/03 06:27:56 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys [2013/02/02 15:28:34 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/02 14:27:20 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/02 14:12:59 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013/02/02 12:57:26 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/02/02 12:57:26 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/02/02 12:57:26 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/02/02 12:57:26 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/02/02 11:41:06 | 000,002,080 | ---- | M] () -- C:\Users\*****\Desktop\*****-BasisRenten-Rechner.lnk [2013/02/01 20:15:06 | 000,000,248 | ---- | M] () -- C:\windows\tasks\NUSchedule.job [2013/01/24 15:52:32 | 001,734,147 | ---- | M] () -- C:\windows\System32\drivers\NIS\1402010.016\Cat.DB [2013/01/24 15:51:02 | 000,014,818 | ---- | M] () -- C:\windows\System32\drivers\NIS\1402010.016\VT20130115.021 [2013/01/21 08:31:52 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013/01/19 10:16:06 | 000,350,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/01/10 08:44:09 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1402010.016\isolate.ini [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/03 07:16:59 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013/02/03 07:16:29 | 000,365,568 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.0.18454.exe [2013/02/03 07:16:29 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2013/02/02 15:28:34 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/02 14:27:19 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/02 11:41:06 | 000,002,080 | ---- | C] () -- C:\Users\*****\Desktop\*****-BasisRenten-Rechner.lnk [2013/02/02 10:49:49 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012/11/14 16:46:33 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/10/20 18:24:44 | 000,094,208 | RHS- | C] () -- C:\windows\System32\KBDLTF.dll [2012/09/06 09:34:39 | 000,000,288 | ---- | C] () -- C:\Users\*****\AppData\Roaming\.backup.dm [2011/11/18 10:01:14 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini [2011/10/19 19:39:29 | 000,036,712 | ---- | C] () -- C:\windows\System32\CleanMFT32.exe [2011/03/21 16:10:29 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx16_ic.ini [2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll [2011/01/19 09:22:52 | 000,001,940 | ---- | C] () -- C:\Users\*****\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/03/15 15:27:09 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Roaming\AVSMediaPlayer.m3u [2010/03/15 14:57:41 | 000,000,218 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat [2010/02/22 17:30:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/22 15:03:42 | 000,438,574 | ---- | C] () -- C:\Users\*****\Zelladhaesion.pdf [2010/02/22 15:03:41 | 004,244,300 | ---- | C] () -- C:\Users\*****\wake-up.wmv [2010/02/22 15:03:40 | 000,671,694 | ---- | C] () -- C:\Users\*****\Typhus_Ratzmotegma.bmp [2010/02/22 15:03:40 | 000,035,345 | ---- | C] () -- C:\Users\*****\Volker Spieler KV.pdf [2010/02/22 15:03:40 | 000,000,461 | ---- | C] () -- C:\Users\*****\Verknüpfung mit Lebenslauf.dot.lnk [2010/02/22 15:03:35 | 065,806,408 | ---- | C] () -- C:\Users\*****\Track No06.nrg [2010/02/22 15:03:35 | 002,288,402 | ---- | C] () -- C:\Users\*****\Track No05.mp4 [2010/02/22 15:03:34 | 003,093,332 | ---- | C] () -- C:\Users\*****\Track No02.mp4 [2010/02/22 15:03:34 | 002,730,729 | ---- | C] () -- C:\Users\*****\Track No04.mp4 [2010/02/22 15:03:34 | 002,504,789 | ---- | C] () -- C:\Users\*****\Track No03.mp4 [2010/02/22 15:03:34 | 002,335,344 | ---- | C] () -- C:\Users\*****\Track No01.mp4 [2010/02/22 15:03:33 | 000,580,534 | ---- | C] () -- C:\Users\*****\Reiseablauf-Version-2.pdf [2010/02/22 15:03:33 | 000,174,414 | ---- | C] () -- C:\Users\*****\sepia.jpg [2010/02/22 15:03:33 | 000,140,531 | ---- | C] () -- C:\Users\*****\Stephan Fiederer.pdf [2010/02/22 15:03:33 | 000,078,408 | ---- | C] () -- C:\Users\*****\Susanne Hanke.pdf [2010/02/22 15:03:33 | 000,073,317 | ---- | C] () -- C:\Users\*****\Tanja Kohler.pdf [2010/02/22 15:03:33 | 000,018,602 | ---- | C] () -- C:\Users\*****\Steffen Bockhahn.pdf [2010/02/22 15:03:32 | 001,669,545 | ---- | C] () -- C:\Users\*****\PICT0800.JPG [2010/02/22 15:03:32 | 000,137,632 | ---- | C] () -- C:\Users\*****\Rainer Kling.pdf [2010/02/22 15:03:32 | 000,132,964 | ---- | C] () -- C:\Users\*****\Rainer Klink.pdf [2010/02/22 15:03:31 | 002,359,350 | ---- | C] () -- C:\Users\*****\PICT0242a.bmp [2010/02/22 15:03:29 | 009,437,238 | ---- | C] () -- C:\Users\*****\PICT0242.bmp [2010/02/22 15:03:29 | 000,148,866 | ---- | C] () -- C:\Users\*****\Matthias Schwarz.pdf [2010/02/22 15:03:29 | 000,050,353 | ---- | C] () -- C:\Users\*****\N.Schönfeld.pdf [2010/02/22 15:03:29 | 000,040,424 | ---- | C] () -- C:\Users\*****\Michael Staggat.pdf [2010/02/22 15:03:29 | 000,022,611 | ---- | C] () -- C:\Users\*****\Marsa Alam.nri [2010/02/22 15:03:28 | 000,060,677 | ---- | C] () -- C:\Users\*****\krigar.pdf [2010/02/22 15:03:28 | 000,037,676 | ---- | C] () -- C:\Users\*****\KVTWIN.pdf [2010/02/22 15:03:28 | 000,032,225 | ---- | C] () -- C:\Users\*****\Margit Häfele.pdf [2010/02/22 15:03:28 | 000,031,065 | ---- | C] () -- C:\Users\*****\Lars Armbruster.pdf [2010/02/22 15:03:27 | 000,154,345 | ---- | C] () -- C:\Users\*****\Kersten Rohmer.pdf [2010/02/22 15:03:26 | 000,017,835 | ---- | C] () -- C:\Users\*****\Karl Rothmund.pdf [2010/02/22 15:03:25 | 010,273,692 | ---- | C] () -- C:\Users\*****\Jessi RV Magazin.pdf [2010/02/22 15:03:25 | 000,035,104 | ---- | C] () -- C:\Users\*****\Jess und Luke.jpg [2010/02/22 15:03:17 | 000,016,880 | ---- | C] () -- C:\Users\*****\horgenzell2006.pdf [2010/02/22 15:03:16 | 000,704,238 | ---- | C] () -- C:\Users\*****\Glck_mit_dem_Wetter_0_.pdf [2010/02/22 15:03:16 | 000,144,550 | ---- | C] () -- C:\Users\*****\Harald Stockfleht.pdf [2010/02/22 15:03:16 | 000,067,740 | ---- | C] () -- C:\Users\*****\hofherr, wolfgang.pdf [2010/02/22 15:03:16 | 000,010,240 | ---- | C] () -- C:\Users\*****\Grupp-Bank2008optimal.wps [2010/02/22 15:03:15 | 000,059,250 | ---- | C] () -- C:\Users\*****\Geiselmann.pdf [2010/02/22 15:03:15 | 000,052,390 | ---- | C] () -- C:\Users\*****\Eugen Breith.pdf [2010/02/22 15:03:15 | 000,019,866 | ---- | C] () -- C:\Users\*****\Fam. Rittler pflege.pdf [2010/02/22 15:03:14 | 000,148,934 | ---- | C] () -- C:\Users\*****\bw.jpg [2010/02/22 15:03:14 | 000,080,332 | ---- | C] () -- C:\Users\*****\Christiane Möller.pdf [2010/02/22 15:03:14 | 000,064,618 | ---- | C] () -- C:\Users\*****\Caroline Berger.pdf [2010/02/22 15:03:14 | 000,064,505 | ---- | C] () -- C:\Users\*****\Caroline Berger 2.pdf [2010/02/22 15:03:14 | 000,051,722 | ---- | C] () -- C:\Users\*****\DIE KRISE.pdf [2010/02/22 15:03:13 | 000,729,658 | ---- | C] () -- C:\Users\*****\Buchungsbestätigung.JPG [2010/02/22 15:03:13 | 000,593,031 | ---- | C] () -- C:\Users\*****\bluefin[1].pdf [2010/02/22 15:03:13 | 000,184,844 | ---- | C] () -- C:\Users\*****\blue.jpg [2010/02/22 15:03:13 | 000,090,035 | ---- | C] () -- C:\Users\*****\Bernd Schatz.pdf [2010/02/22 15:03:12 | 000,149,282 | ---- | C] () -- C:\Users\*****\bafög.zip [2010/02/22 15:03:12 | 000,121,285 | ---- | C] () -- C:\Users\*****\Bankmitarbeiterinfo_VVG.pdf [2010/02/22 15:03:12 | 000,079,528 | ---- | C] () -- C:\Users\*****\bafög2.zip [2010/02/22 15:03:12 | 000,041,668 | ---- | C] () -- C:\Users\*****\Avartar James Cameron.htm [2010/02/22 15:03:12 | 000,021,646 | ---- | C] () -- C:\Users\*****\70 jährigr ohne PE.pdf [2010/02/22 15:03:11 | 000,022,281 | ---- | C] () -- C:\Users\*****\69 jährige ohne PE.pdf ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/04 09:28:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gotomaxx [2010/11/11 21:32:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2010/03/15 14:59:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template [2010/02/22 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010/07/23 09:34:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Tific [2012/02/03 15:13:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 2/3/2013 7:17:46 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.96 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.92% Memory free 5.92 Gb Paging File | 4.06 Gb Available in Paging File | 68.53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 73.12 Gb Free Space | 51.67% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 140.52 Gb Free Space | 99.31% Space Free | Partition Type: NTFS Drive E: | 99.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: *****-7 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0005C686-A33B-423A-B59C-97553627AAD4}" = rport=445 | protocol=6 | dir=out | app=system | "{03E3F9E7-3E84-4079-A68A-316DB80A3C3F}" = lport=137 | protocol=17 | dir=in | app=system | "{06785053-0E37-4BE8-81C1-108732FF0248}" = rport=137 | protocol=17 | dir=out | app=system | "{1510DC41-0F3C-4D3B-9A13-B5FEC8D232A4}" = lport=138 | protocol=17 | dir=in | app=system | "{17A74BC4-D65A-4C3A-9EDB-995D7DAF1F1B}" = lport=2869 | protocol=6 | dir=in | app=system | "{2532B705-569D-43DD-97F0-7DC7866BADC6}" = rport=10243 | protocol=6 | dir=out | app=system | "{4124D0CA-ECE0-4C11-A1D1-CA9698EB1A05}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{5209287C-74A4-47EE-A20F-3FE01924E41F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5BD024AE-62D1-4377-9796-2EC8CCF1CF98}" = lport=139 | protocol=6 | dir=in | app=system | "{6D97190F-5C08-41FD-888D-1582A8152BE8}" = rport=138 | protocol=17 | dir=out | app=system | "{7326A686-E01D-4C00-AD3C-5CD3FE416877}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{7CD58C29-55E2-46F3-AFA5-F352D6C0BE35}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7D180019-2E32-4988-B052-433E0AE571D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D434896-AC9D-4BAA-B821-0773D2C11C8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7F03F016-AC68-43C1-8D6B-9FC7016F2DE3}" = lport=445 | protocol=6 | dir=in | app=system | "{84F0D991-501D-4378-80C6-584F771DC85A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8B62E4E0-E675-49BC-AC52-CEAD5C5E235C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A2E87285-0AAB-492B-8B96-DA34C4F791B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA302B38-4B2F-468E-B8CC-A97F0785BC20}" = rport=139 | protocol=6 | dir=out | app=system | "{AD0A2A9B-3D2F-45BB-829D-6BDA080C1385}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BC4ABC9B-FCB6-4AFF-A7FE-A6CE006835F7}" = lport=2869 | protocol=6 | dir=in | app=system | "{CEED2447-6492-4BF2-9799-ADE9ABEABFAF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D1219BE8-DAFE-4FF2-A0F4-0D6D7DB3270A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D8A7F2CB-E2CB-491D-B86A-5D9A7C6C2106}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D99A02ED-6896-4BD2-8F2A-2DBB379A2F6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DCC2360F-FA46-4B4F-8FDB-D86D69259775}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FDB0B3DF-D5E7-4584-9C56-7E3493FC8C1B}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00754578-6EE4-4408-AC40-F67A125A7057}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{068F0458-C5EA-4AD7-AD30-01BF3A57813C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{17A31DA7-D629-42F9-87E1-29031569F477}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1BD21FD3-7B37-422D-98AB-EFA13BACDE1E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | "{2159400A-5144-4D4F-9C21-9FBAD2D23115}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{241C464A-2FA7-4EBB-ADD2-7F318E500D26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{305F9C3B-6616-42C0-A09C-602E3015B637}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | "{3DB9FF8B-4972-49F1-8B81-8F773684F3FA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{3DE7E805-B589-49CC-B38E-471F2E5CA9E6}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | "{486D8870-2E95-4E07-8B5E-B7189C795450}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4A087178-E575-4006-88AF-E041F0583B84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4A425126-57AB-4B2B-8038-641B23EE920C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6AEF3D5C-5758-4DA5-A259-B74032C3739D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6D9D1A9C-8D4D-4FAB-9CCD-74395350E2A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{72B9E09C-EEC0-4EE6-854D-D49D83D1129B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | "{761B7127-3B7E-44E4-8629-A794DCF1C1F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{808E1420-3E26-400A-A677-295705D86A4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{822CBFDB-93D4-4E00-9558-F6CFAD28EA45}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{895FD37D-B4E0-46AB-88FB-684517B522C2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{89AF244B-069E-4226-9122-4FE59142167E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8A3C80AC-10D6-4F30-87C2-B681C004E70E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8C5D737F-9916-4FE8-A040-7F56D40A9B22}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{978B94D9-19F6-4120-931B-42F25C2BDE36}" = dir=in | app=c:\program files\windows live\messenger\wlc*****.exe | "{9A10ABEA-D2DC-4C40-ADAC-5DE0F8241CE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9E09BA18-56CF-4445-919D-AC7A4FA2983B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A205B521-83F6-4514-96C7-5E517A49F92F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{B53D8DA0-5F76-4E44-ACCE-9C0B5932450D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C29BD9A8-D671-4B1B-AEF0-38C7B82A4031}" = dir=in | app=c:\program files\airport\apagent.exe | "{C44EF3A6-073A-4905-8B46-5816816745C0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C82FC289-E4FB-40A9-A791-31367D558415}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | "{CA00BBD0-798F-4513-B758-E651C55A1A2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E92E9420-C573-4E2D-A9DF-A593DC05ADF3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F0A411FB-4E60-4759-8051-A7A97E9F91E5}" = protocol=6 | dir=out | app=system | "{F426A254-E1C6-4318-B434-9B526A2F3B68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = gotomaxx PDFMAILER "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{10C0E43D-9D84-4DF7-9516-43B74FA5FDEA}" = *****-Komponenten 02/2009 "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00 "{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{82583139-4677-11D8-9B7A-D6C20956C046}" = ***** Angebotsprogramm "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{99CBA603-937D-4058-806F-7A9AF711A1AA}" = Eumex RNDIS Driver V1.00 "{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager "{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E2F2D836-B7DC-401B-8D3B-EF6B0A6F5121}" = *****-BasisRenten-Rechner "{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}" = iPhoneBrowser "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "CCleaner" = CCleaner "ESET Online Scanner" = ESET Online Scanner v3 "FreePDF_XP" = FreePDF (Remove only) "GOM Player" = GOM Player "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Marvell Miniport Driver" = Marvell Miniport Driver "Media Player - Codec Pack" = Media Player Codec Pack 3.9.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "MyTomTom" = MyTomTom 3.2.0.700 "NIS" = Norton Internet Security "Norton Utilities 15_is1" = Norton Utilities 15 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 5" = TeamViewer 5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinZip" = WinZip ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/29/2013 3:07:59 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 3058 Description = Error - 1/29/2013 3:07:59 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 7010 Description = Error - 1/29/2013 9:16:02 AM | Computer Name = *****-7 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 1/29/2013 9:16:23 AM | Computer Name = *****-7 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 1/31/2013 2:46:46 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 3038 Description = Error - 1/31/2013 2:46:46 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 7040 Description = Error - 1/31/2013 2:46:46 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 7042 Description = Error - 1/31/2013 2:46:53 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 3028 Description = Error - 1/31/2013 2:46:53 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 3058 Description = Error - 1/31/2013 2:46:53 AM | Computer Name = *****-7 | Source = Windows Search Service | ID = 7010 Description = [ Spybot - Search and Destroy Events ] Error - 2/2/2013 6:29:02 AM | Computer Name = *****-7 | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 2/2/2013 7:41:45 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 2/2/2013 7:50:09 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 2/2/2013 8:01:54 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 2/2/2013 8:08:39 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 2/2/2013 8:33:23 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 2/2/2013 8:39:32 AM | Computer Name = *****-7 | Source = BROWSER | ID = 8032 Description = Error - 2/2/2013 9:04:43 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 2/2/2013 9:13:02 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 2/2/2013 10:21:27 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 2/3/2013 1:28:11 AM | Computer Name = *****-7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 < End of report > gmer.txt GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-03 07:45:44 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugldypow.sys ---- System - GMER 2.0 ---- SSDT 87277218 ZwAlertResumeThread SSDT 872772F8 ZwAlertThread SSDT 87274678 ZwAllocateVirtualMemory SSDT 871E5408 ZwAlpcConnectPort SSDT 87277970 ZwAssignProcessToJobObject SSDT 87277F18 ZwCreateMutant SSDT 87277690 ZwCreateSymbolicLinkObject SSDT 87272468 ZwCreateThread SSDT 87277780 ZwCreateThreadEx SSDT 87277A50 ZwDebugActiveProcess SSDT 870D1E28 ZwDuplicateObject SSDT 87272960 ZwFreeVirtualMemory SSDT 87277058 ZwImpersonateAnonymousToken SSDT 87277138 ZwImpersonateThread SSDT 871E4C70 ZwLoadDriver SSDT 87272860 ZwMapViewOfSection SSDT 87277E38 ZwOpenEvent SSDT 87274880 ZwOpenProcess SSDT 872716B0 ZwOpenProcessToken SSDT 87277C78 ZwOpenSection SSDT 872722A8 ZwOpenThread SSDT 87277880 ZwProtectVirtualMemory SSDT 87277400 ZwResumeThread SSDT 872762C0 ZwSetContextThread SSDT 872763A0 ZwSetInformationProcess SSDT 87277B30 ZwSetSystemInformation SSDT 87277D58 ZwSuspendProcess SSDT 87276100 ZwSuspendThread SSDT 87274720 ZwTerminateProcess SSDT 872761E0 ZwTerminateThread SSDT 87272780 ZwUnmapViewOfSection SSDT 87272A50 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.0 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1401 8304E9C9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8306E4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 13A3 83075760 6 Bytes [18, 72, 27, 87, F8, 72] .text ntoskrnl.exe!KeRemoveQueueEx + 13AA 83075767 1 Byte [87] .text ntoskrnl.exe!KeRemoveQueueEx + 13BB 83075778 4 Bytes [78, 46, 27, 87] .text ntoskrnl.exe!KeRemoveQueueEx + 13C7 83075784 4 Bytes [08, 54, 1E, 87] {OR [ESI+EBX-0x79], DL} .text ntoskrnl.exe!KeRemoveQueueEx + 141B 830757D8 4 Bytes [70, 79, 27, 87] .text ... ---- User code sections - GMER 2.0 ---- .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[404] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[404] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 003F0930 .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[444] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[444] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 003A0AF4 .text C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe[716] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe[716] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 002F0AF4 .text C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe[1212] kernel32.dll!SetUnhandledExceptionFilter 7592F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[1684] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[1684] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 002F0930 .text C:\Program Files\Bonjour\mDNSResponder.exe[1764] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Bonjour\mDNSResponder.exe[1764] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 000F0930 .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[1788] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[1788] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0AF4 .text C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe[1792] kernel32.dll!SetUnhandledExceptionFilter 7592F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0048004C .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 005A0AF4 .text C:\Program Files\AirPort\APAgent.exe[2464] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 001F004C .text C:\Program Files\AirPort\APAgent.exe[2464] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00210AF4 .text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[2796] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe[2796] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 000F0930 .text C:\Program Files\TrayBackup\traybackup.exe[2884] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\TrayBackup\traybackup.exe[2884] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 003E0930 .text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[2904] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[2904] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930 .text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2912] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2912] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00300930 .text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[2980] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[2980] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00080AF4 .text C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe[3004] kernel32.dll!SetUnhandledExceptionFilter 7592F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe[3192] kernel32.dll!SetUnhandledExceptionFilter 7592F4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3264] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3264] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3324] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3324] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00180930 .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[3336] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\TeamViewer\Version5\TeamViewer.exe[3336] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0AF4 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3344] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 001E004C .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3344] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00200930 .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[3356] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[3356] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00080048 .text C:\windows\system32\igfxext.exe[3564] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\windows\system32\igfxext.exe[3564] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930 .text C:\windows\system32\igfxsrvc.exe[3600] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\windows\system32\igfxsrvc.exe[3600] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00180930 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3924] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0014004C .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3924] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00180930 .text C:\Program Files\AnyPC Client\APLangApp.exe[3996] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\AnyPC Client\APLangApp.exe[3996] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00180048 .text C:\Windows\System32\igfxtray.exe[4012] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 001E004C .text C:\Windows\System32\igfxtray.exe[4012] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00200930 .text C:\Windows\System32\hkcmd.exe[4028] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 002E004C .text C:\Windows\System32\hkcmd.exe[4028] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00440930 .text C:\Windows\System32\igfxpers.exe[4040] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0017004C .text C:\Windows\System32\igfxpers.exe[4040] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 00440930 .text C:\Users\*****\Desktop\gmer_2.0.18454.exe[4836] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Users\*****\Desktop\gmer_2.0.18454.exe[4836] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 001F0930 .text C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[4932] ntdll.dll!NtTerminateThread 772068D8 5 Bytes JMP 0002004C .text C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[4932] USER32.dll!RecordShutdownReason + 372 771406C2 7 Bytes JMP 003B0AF4 ---- User IAT/EAT - GMER 2.0 ---- IAT C:\windows\system32\rundll32.exe[1656] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1656] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1656] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1656] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1656] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] @ C:\windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] @ C:\windows\system32\crypt32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2076] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F8562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F856EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F985AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F94D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F95105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F951DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F96707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F98301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F98850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F990B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F9E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3144] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F94C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- EOF - GMER 2.0 ---- malwarebytes hat nichts gefunden Bitte um Hilfe, da ich den Rechner ungern neu aufsetzen möchte Vielen Dank im Voraus abaldus |
|
03.02.2013, 17:25
| #2 |
| /// Malware-holic   | Falsche Weiterleitung von Browserlinks hi
__________________öffne Malwarebytes, Logdateien, poste Berichte mit Funden. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012/10/20 18:24:44 | 000,094,208 | RHS- | C] () -- C:\windows\System32\KBDLTF.dll
[2013/02/03 06:28:09 | 000,000,308 | ---- | M] () -- C:\windows\tasks\Wyrts.job
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ |
|
03.02.2013, 17:58
| #3 |
| | Falsche Weiterleitung von Browserlinks Hi,
__________________erstmal vielen Dank für die schnelle Hilfe. Anbei die gewünschten Logs: malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.02.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ***** :: *****-7 [Administrator] 03.02.2013 06:46:31 mbam-log-2013-02-03 (06-46-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209080 Laufzeit: 6 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Code:
ATTFilter All processes killed
========== OTL ==========
C:\Windows\System32\KBDLTF.dll moved successfully.
C:\Windows\Tasks\Wyrts.job moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: *****
->Flash cache emptied: 2608494 bytes
User: Public
Total Flash Files Cleaned = 2.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: *****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1150557 bytes
->FireFox cache emptied: 70767713 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1461138 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11120 bytes
RecycleBin emptied: 10309523 bytes
Total Files Cleaned = 80.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02032013_173514
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
GetInfo Summary Code:
ATTFilter System volume information: dwHighDateTime = 0x1ca75e1,dwLowDateTime = 0xb214ee9f
System32: dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b
dwSerialNumber = 0x1e754307
Danke und Gruß Noch eine kurze Info: Ich habe den Laptop momentan Offline. Wenn ich wieder ins Netz gehen soll um den Zustand zu testen, bitte Info. Danke  |
|
03.02.2013, 18:17
| #4 |
| /// Malware-holic | Falsche Weiterleitung von Browserlinks hi ins Netz kann er wieder. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.02.2013, 18:44
| #5 |
| | Falsche Weiterleitung von Browserlinks Hi, anbei TDSS Log File Code:
ATTFilter 18:37:52.0570 5212 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:37:52.0601 5212 ============================================================
18:37:52.0601 5212 Current date / time: 2013/02/03 18:37:52.0601
18:37:52.0601 5212 SystemInfo:
18:37:52.0601 5212
18:37:52.0601 5212 OS Version: 6.1.7601 ServicePack: 1.0
18:37:52.0601 5212 Product type: Workstation
18:37:52.0601 5212 ComputerName: JUTTA-7
18:37:52.0601 5212 UserName: Jutta
18:37:52.0601 5212 Windows directory: C:\windows
18:37:52.0601 5212 System windows directory: C:\windows
18:37:52.0601 5212 Processor architecture: Intel x86
18:37:52.0601 5212 Number of processors: 2
18:37:52.0601 5212 Page size: 0x1000
18:37:52.0601 5212 Boot type: Normal boot
18:37:52.0601 5212 ============================================================
18:37:54.0598 5212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:37:54.0598 5212 Drive \Device\Harddisk1\DR1 - Size: 0x3DF8000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:37:54.0598 5212 ============================================================
18:37:54.0598 5212 \Device\Harddisk0\DR0:
18:37:54.0598 5212 MBR partitions:
18:37:54.0598 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
18:37:54.0598 5212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x11AFD000
18:37:54.0598 5212 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1392F800, BlocksNum 0x11AFE800
18:37:54.0598 5212 \Device\Harddisk1\DR1:
18:37:54.0598 5212 MBR partitions:
18:37:54.0598 5212 ============================================================
18:37:54.0660 5212 C: <-> \Device\Harddisk0\DR0\Partition2
18:37:54.0691 5212 D: <-> \Device\Harddisk0\DR0\Partition3
18:37:54.0691 5212 ============================================================
18:37:54.0691 5212 Initialize success
18:37:54.0691 5212 ============================================================
18:38:31.0601 5644 ============================================================
18:38:31.0601 5644 Scan started
18:38:31.0601 5644 Mode: Manual; SigCheck; TDLFS;
18:38:31.0601 5644 ============================================================
18:38:32.0303 5644 ================ Scan system memory ========================
18:38:32.0303 5644 System memory - ok
18:38:32.0318 5644 ================ Scan services =============================
18:38:33.0348 5644 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:38:34.0643 5644 1394ohci - ok
18:38:34.0690 5644 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:38:34.0721 5644 ACPI - ok
18:38:34.0783 5644 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:38:34.0861 5644 AcpiPmi - ok
18:38:34.0970 5644 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:35.0002 5644 AdobeFlashPlayerUpdateSvc - ok
18:38:35.0080 5644 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:38:35.0111 5644 adp94xx - ok
18:38:35.0142 5644 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:38:35.0173 5644 adpahci - ok
18:38:35.0220 5644 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:38:35.0251 5644 adpu320 - ok
18:38:35.0282 5644 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:38:35.0345 5644 AeLookupSvc - ok
18:38:35.0407 5644 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
18:38:35.0485 5644 AFD - ok
18:38:35.0516 5644 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
18:38:35.0548 5644 agp440 - ok
18:38:35.0610 5644 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
18:38:35.0641 5644 aic78xx - ok
18:38:35.0719 5644 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
18:38:35.0797 5644 ALG - ok
18:38:35.0844 5644 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
18:38:35.0860 5644 aliide - ok
18:38:35.0891 5644 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
18:38:35.0922 5644 amdagp - ok
18:38:35.0953 5644 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
18:38:35.0984 5644 amdide - ok
18:38:36.0047 5644 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:38:36.0109 5644 AmdK8 - ok
18:38:36.0140 5644 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:38:36.0203 5644 AmdPPM - ok
18:38:36.0265 5644 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
18:38:36.0296 5644 amdsata - ok
18:38:36.0343 5644 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:38:36.0359 5644 amdsbs - ok
18:38:36.0390 5644 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:38:36.0421 5644 amdxata - ok
18:38:36.0468 5644 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
18:38:36.0608 5644 AppID - ok
18:38:36.0655 5644 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:38:36.0749 5644 AppIDSvc - ok
18:38:36.0796 5644 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
18:38:36.0889 5644 Appinfo - ok
18:38:36.0952 5644 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
18:38:36.0983 5644 arc - ok
18:38:36.0998 5644 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:38:37.0030 5644 arcsas - ok
18:38:37.0076 5644 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:38:37.0217 5644 AsyncMac - ok
18:38:37.0264 5644 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
18:38:37.0295 5644 atapi - ok
18:38:37.0388 5644 [ 49F17A2E79469BE6581D491706720671 ] athr C:\windows\system32\DRIVERS\athr.sys
18:38:37.0498 5644 athr - ok
18:38:37.0560 5644 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:38:37.0622 5644 AudioEndpointBuilder - ok
18:38:37.0638 5644 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
18:38:37.0685 5644 Audiosrv - ok
18:38:37.0747 5644 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
18:38:37.0825 5644 AxInstSV - ok
18:38:37.0888 5644 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
18:38:37.0950 5644 b06bdrv - ok
18:38:38.0012 5644 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
18:38:38.0044 5644 b57nd60x - ok
18:38:38.0106 5644 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
18:38:38.0168 5644 BDESVC - ok
18:38:38.0184 5644 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
18:38:38.0246 5644 Beep - ok
18:38:38.0309 5644 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
18:38:38.0387 5644 BFE - ok
18:38:38.0574 5644 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx86.sys
18:38:38.0636 5644 BHDrvx86 - ok
18:38:38.0730 5644 [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
18:38:38.0777 5644 BingDesktopUpdate - ok
18:38:38.0824 5644 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\system32\qmgr.dll
18:38:38.0886 5644 BITS - ok
18:38:38.0917 5644 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:38:38.0948 5644 blbdrive - ok
18:38:39.0042 5644 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:38:39.0073 5644 Bonjour Service - ok
18:38:39.0120 5644 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:38:39.0167 5644 bowser - ok
18:38:39.0182 5644 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:38:39.0245 5644 BrFiltLo - ok
18:38:39.0276 5644 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:38:39.0323 5644 BrFiltUp - ok
18:38:39.0370 5644 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
18:38:39.0432 5644 BridgeMP - ok
18:38:39.0494 5644 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
18:38:39.0541 5644 Browser - ok
18:38:39.0572 5644 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:38:39.0619 5644 Brserid - ok
18:38:39.0650 5644 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:38:39.0697 5644 BrSerWdm - ok
18:38:39.0713 5644 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:38:39.0744 5644 BrUsbMdm - ok
18:38:39.0775 5644 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:38:39.0822 5644 BrUsbSer - ok
18:38:39.0838 5644 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:38:39.0869 5644 BTHMODEM - ok
18:38:39.0916 5644 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
18:38:39.0978 5644 bthserv - ok
18:38:40.0087 5644 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS C:\windows\system32\drivers\NIS\1402010.016\ccSetx86.sys
18:38:40.0103 5644 ccSet_NIS - ok
18:38:40.0134 5644 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:38:40.0196 5644 cdfs - ok
18:38:40.0259 5644 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
18:38:40.0290 5644 cdrom - ok
18:38:40.0337 5644 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
18:38:40.0415 5644 CertPropSvc - ok
18:38:40.0430 5644 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:38:40.0462 5644 circlass - ok
18:38:40.0508 5644 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
18:38:40.0540 5644 CLFS - ok
18:38:40.0618 5644 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:40.0649 5644 clr_optimization_v2.0.50727_32 - ok
18:38:40.0727 5644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:40.0852 5644 clr_optimization_v4.0.30319_32 - ok
18:38:40.0867 5644 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:38:40.0914 5644 CmBatt - ok
18:38:40.0930 5644 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
18:38:40.0961 5644 cmdide - ok
18:38:41.0008 5644 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\windows\system32\Drivers\cng.sys
18:38:41.0070 5644 CNG - ok
18:38:41.0101 5644 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:38:41.0132 5644 Compbatt - ok
18:38:41.0179 5644 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
18:38:41.0226 5644 CompositeBus - ok
18:38:41.0242 5644 COMSysApp - ok
18:38:41.0257 5644 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:38:41.0288 5644 crcdisk - ok
18:38:41.0335 5644 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
18:38:41.0398 5644 CryptSvc - ok
18:38:41.0460 5644 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
18:38:41.0538 5644 DcomLaunch - ok
18:38:41.0600 5644 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
18:38:41.0694 5644 defragsvc - ok
18:38:41.0756 5644 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:38:41.0819 5644 DfsC - ok
18:38:41.0881 5644 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
18:38:41.0944 5644 Dhcp - ok
18:38:41.0975 5644 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
18:38:42.0037 5644 discache - ok
18:38:42.0068 5644 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
18:38:42.0100 5644 Disk - ok
18:38:42.0474 5644 [ 7C85CC5570BF718D2B9AD9F53B1B5B55 ] DiskDoctorService C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
18:38:42.0568 5644 DiskDoctorService - ok
18:38:42.0630 5644 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:38:42.0817 5644 Dnscache - ok
18:38:42.0942 5644 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
18:38:43.0067 5644 dot3svc - ok
18:38:43.0145 5644 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
18:38:43.0285 5644 DPS - ok
18:38:43.0332 5644 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:38:43.0394 5644 drmkaud - ok
18:38:43.0488 5644 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:38:43.0535 5644 DXGKrnl - ok
18:38:43.0550 5644 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
18:38:43.0644 5644 EapHost - ok
18:38:43.0816 5644 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
18:38:43.0987 5644 ebdrv - ok
18:38:44.0065 5644 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:38:44.0112 5644 eeCtrl - ok
18:38:44.0143 5644 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
18:38:44.0190 5644 EFS - ok
18:38:44.0252 5644 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:38:44.0315 5644 ehRecvr - ok
18:38:44.0346 5644 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
18:38:44.0408 5644 ehSched - ok
18:38:44.0471 5644 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:38:44.0518 5644 elxstor - ok
18:38:44.0627 5644 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:38:44.0658 5644 EraserUtilRebootDrv - ok
18:38:44.0689 5644 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
18:38:44.0752 5644 ErrDev - ok
18:38:44.0798 5644 esgiguard - ok
18:38:44.0845 5644 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
18:38:44.0923 5644 EventSystem - ok
18:38:44.0939 5644 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
18:38:45.0017 5644 exfat - ok
18:38:45.0032 5644 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
18:38:45.0110 5644 fastfat - ok
18:38:45.0173 5644 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
18:38:45.0220 5644 Fax - ok
18:38:45.0235 5644 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:38:45.0298 5644 fdc - ok
18:38:45.0329 5644 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
18:38:45.0422 5644 fdPHost - ok
18:38:45.0438 5644 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
18:38:45.0485 5644 FDResPub - ok
18:38:45.0516 5644 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:38:45.0547 5644 FileInfo - ok
18:38:45.0563 5644 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:38:45.0625 5644 Filetrace - ok
18:38:45.0641 5644 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:38:45.0688 5644 flpydisk - ok
18:38:45.0719 5644 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:38:45.0750 5644 FltMgr - ok
18:38:45.0797 5644 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
18:38:45.0859 5644 FontCache - ok
18:38:45.0906 5644 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:38:45.0937 5644 FontCache3.0.0.0 - ok
18:38:45.0953 5644 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:38:45.0984 5644 FsDepends - ok
18:38:46.0031 5644 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
18:38:46.0062 5644 fssfltr - ok
18:38:46.0124 5644 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:38:46.0187 5644 fsssvc - ok
18:38:46.0234 5644 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:38:46.0265 5644 Fs_Rec - ok
18:38:46.0312 5644 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:38:46.0358 5644 fvevol - ok
18:38:46.0405 5644 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:38:46.0436 5644 gagp30kx - ok
18:38:46.0499 5644 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
18:38:46.0561 5644 gpsvc - ok
18:38:46.0592 5644 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:38:46.0639 5644 hcw85cir - ok
18:38:46.0702 5644 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:38:46.0748 5644 HdAudAddService - ok
18:38:46.0795 5644 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
18:38:46.0826 5644 HDAudBus - ok
18:38:46.0858 5644 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:38:46.0889 5644 HidBatt - ok
18:38:46.0904 5644 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:38:46.0936 5644 HidBth - ok
18:38:46.0982 5644 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:38:47.0014 5644 HidIr - ok
18:38:47.0045 5644 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
18:38:47.0123 5644 hidserv - ok
18:38:47.0170 5644 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:38:47.0201 5644 HidUsb - ok
18:38:47.0248 5644 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
18:38:47.0310 5644 hkmsvc - ok
18:38:47.0326 5644 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:38:47.0388 5644 HomeGroupListener - ok
18:38:47.0435 5644 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:38:47.0497 5644 HomeGroupProvider - ok
18:38:47.0544 5644 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:38:47.0560 5644 HpSAMD - ok
18:38:47.0622 5644 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:38:47.0684 5644 HTTP - ok
18:38:47.0716 5644 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:38:47.0747 5644 hwpolicy - ok
18:38:47.0809 5644 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
18:38:47.0840 5644 i8042prt - ok
18:38:47.0887 5644 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:38:47.0903 5644 iaStor - ok
18:38:47.0950 5644 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:38:47.0981 5644 iaStorV - ok
18:38:48.0059 5644 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:38:48.0106 5644 idsvc - ok
18:38:48.0215 5644 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130201.001\IDSvix86.sys
18:38:48.0246 5644 IDSVix86 - ok
18:38:48.0511 5644 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
18:38:48.0870 5644 igfx - ok
18:38:48.0917 5644 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:38:48.0948 5644 iirsp - ok
18:38:49.0010 5644 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
18:38:49.0088 5644 IKEEXT - ok
18:38:49.0229 5644 [ 3202E26501E5E18C35DC2CC74709A704 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
18:38:49.0322 5644 IntcAzAudAddService - ok
18:38:49.0369 5644 [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
18:38:49.0416 5644 IntcHdmiAddService - ok
18:38:49.0463 5644 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
18:38:49.0478 5644 intelide - ok
18:38:49.0525 5644 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:38:49.0556 5644 intelppm - ok
18:38:49.0572 5644 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:38:49.0634 5644 IPBusEnum - ok
18:38:49.0681 5644 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:38:49.0744 5644 IpFilterDriver - ok
18:38:49.0806 5644 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:38:49.0868 5644 iphlpsvc - ok
18:38:49.0900 5644 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:38:49.0931 5644 IPMIDRV - ok
18:38:49.0962 5644 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:38:50.0009 5644 IPNAT - ok
18:38:50.0040 5644 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
18:38:50.0102 5644 IRENUM - ok
18:38:50.0134 5644 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:38:50.0165 5644 isapnp - ok
18:38:50.0196 5644 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:38:50.0227 5644 iScsiPrt - ok
18:38:50.0258 5644 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
18:38:50.0290 5644 kbdclass - ok
18:38:50.0336 5644 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
18:38:50.0383 5644 kbdhid - ok
18:38:50.0399 5644 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
18:38:50.0430 5644 KeyIso - ok
18:38:50.0477 5644 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:38:50.0492 5644 KSecDD - ok
18:38:50.0524 5644 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:38:50.0555 5644 KSecPkg - ok
18:38:50.0602 5644 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
18:38:50.0664 5644 KtmRm - ok
18:38:50.0711 5644 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll
18:38:50.0773 5644 LanmanServer - ok
18:38:50.0820 5644 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:38:50.0882 5644 LanmanWorkstation - ok
18:38:50.0945 5644 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:38:51.0007 5644 lltdio - ok
18:38:51.0038 5644 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
18:38:51.0101 5644 lltdsvc - ok
18:38:51.0116 5644 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
18:38:51.0179 5644 lmhosts - ok
18:38:51.0226 5644 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:38:51.0241 5644 LSI_FC - ok
18:38:51.0288 5644 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:38:51.0304 5644 LSI_SAS - ok
18:38:51.0319 5644 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:38:51.0350 5644 LSI_SAS2 - ok
18:38:51.0366 5644 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:38:51.0397 5644 LSI_SCSI - ok
18:38:51.0413 5644 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
18:38:51.0460 5644 luafv - ok
18:38:51.0506 5644 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:38:51.0538 5644 Mcx2Svc - ok
18:38:51.0553 5644 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:38:51.0600 5644 megasas - ok
18:38:51.0631 5644 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:38:51.0678 5644 MegaSR - ok
18:38:51.0694 5644 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
18:38:51.0772 5644 MMCSS - ok
18:38:51.0787 5644 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
18:38:51.0881 5644 Modem - ok
18:38:51.0912 5644 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:38:51.0943 5644 monitor - ok
18:38:51.0990 5644 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:38:52.0006 5644 mouclass - ok
18:38:52.0052 5644 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:38:52.0084 5644 mouhid - ok
18:38:52.0130 5644 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:38:52.0146 5644 mountmgr - ok
18:38:52.0193 5644 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
18:38:52.0224 5644 mpio - ok
18:38:52.0240 5644 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:38:52.0302 5644 mpsdrv - ok
18:38:52.0349 5644 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
18:38:52.0427 5644 MpsSvc - ok
18:38:52.0474 5644 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:38:52.0520 5644 MRxDAV - ok
18:38:52.0583 5644 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:38:52.0645 5644 mrxsmb - ok
18:38:52.0661 5644 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:38:52.0708 5644 mrxsmb10 - ok
18:38:52.0723 5644 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:38:52.0754 5644 mrxsmb20 - ok
18:38:52.0786 5644 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
18:38:52.0817 5644 msahci - ok
18:38:52.0848 5644 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:38:52.0879 5644 msdsm - ok
18:38:52.0895 5644 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
18:38:52.0942 5644 MSDTC - ok
18:38:52.0973 5644 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
18:38:53.0035 5644 Msfs - ok
18:38:53.0051 5644 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:38:53.0113 5644 mshidkmdf - ok
18:38:53.0144 5644 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:38:53.0160 5644 msisadrv - ok
18:38:53.0207 5644 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:38:53.0285 5644 MSiSCSI - ok
18:38:53.0285 5644 msiserver - ok
18:38:53.0332 5644 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:38:53.0394 5644 MSKSSRV - ok
18:38:53.0425 5644 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:38:53.0488 5644 MSPCLOCK - ok
18:38:53.0519 5644 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:38:53.0566 5644 MSPQM - ok
18:38:53.0597 5644 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:38:53.0628 5644 MsRPC - ok
18:38:53.0659 5644 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
18:38:53.0675 5644 mssmbios - ok
18:38:53.0706 5644 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:38:53.0753 5644 MSTEE - ok
18:38:53.0768 5644 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:38:53.0800 5644 MTConfig - ok
18:38:53.0831 5644 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
18:38:53.0846 5644 Mup - ok
18:38:53.0893 5644 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
18:38:53.0956 5644 napagent - ok
18:38:54.0002 5644 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:38:54.0034 5644 NativeWifiP - ok
18:38:54.0127 5644 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130201.033\NAVENG.SYS
18:38:54.0158 5644 NAVENG - ok
18:38:54.0221 5644 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130201.033\NAVEX15.SYS
18:38:54.0314 5644 NAVEX15 - ok
18:38:54.0377 5644 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
18:38:54.0424 5644 NDIS - ok
18:38:54.0455 5644 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:38:54.0517 5644 NdisCap - ok
18:38:54.0564 5644 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:38:54.0611 5644 NdisTapi - ok
18:38:54.0642 5644 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:38:54.0704 5644 Ndisuio - ok
18:38:54.0751 5644 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:38:54.0814 5644 NdisWan - ok
18:38:54.0829 5644 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:38:54.0892 5644 NDProxy - ok
18:38:54.0923 5644 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:38:54.0985 5644 NetBIOS - ok
18:38:55.0032 5644 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:38:55.0094 5644 NetBT - ok
18:38:55.0110 5644 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
18:38:55.0141 5644 Netlogon - ok
18:38:55.0204 5644 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
18:38:55.0282 5644 Netman - ok
18:38:55.0297 5644 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
18:38:55.0375 5644 netprofm - ok
18:38:55.0406 5644 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:38:55.0438 5644 NetTcpPortSharing - ok
18:38:55.0484 5644 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:38:55.0516 5644 nfrd960 - ok
18:38:55.0718 5644 [ 4BA84C832E0741A294C4444556DFE993 ] NIS C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
18:38:55.0765 5644 NIS - ok
18:38:55.0796 5644 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
18:38:55.0843 5644 NlaSvc - ok
18:38:55.0859 5644 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
18:38:55.0921 5644 Npfs - ok
18:38:55.0952 5644 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
18:38:55.0999 5644 nsi - ok
18:38:56.0015 5644 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:38:56.0077 5644 nsiproxy - ok
18:38:56.0140 5644 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:38:56.0202 5644 Ntfs - ok
18:38:56.0233 5644 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
18:38:56.0280 5644 Null - ok
18:38:56.0327 5644 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
18:38:56.0358 5644 nvraid - ok
18:38:56.0374 5644 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
18:38:56.0405 5644 nvstor - ok
18:38:56.0436 5644 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:38:56.0467 5644 nv_agp - ok
18:38:56.0530 5644 [ B5D5DA8230D3D3525839D939A9196C3E ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
18:38:56.0561 5644 OberonGameConsoleService - ok
18:38:56.0654 5644 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:38:56.0686 5644 odserv - ok
18:38:56.0717 5644 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:38:56.0764 5644 ohci1394 - ok
18:38:56.0810 5644 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:38:56.0826 5644 ose - ok
18:38:56.0857 5644 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:38:56.0920 5644 p2pimsvc - ok
18:38:56.0951 5644 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
18:38:56.0982 5644 p2psvc - ok
18:38:57.0013 5644 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:38:57.0060 5644 Parport - ok
18:38:57.0091 5644 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
18:38:57.0122 5644 partmgr - ok
18:38:57.0138 5644 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
18:38:57.0185 5644 Parvdm - ok
18:38:57.0216 5644 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
18:38:57.0263 5644 PcaSvc - ok
18:38:57.0294 5644 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
18:38:57.0325 5644 pci - ok
18:38:57.0356 5644 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
18:38:57.0388 5644 pciide - ok
18:38:57.0419 5644 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:38:57.0450 5644 pcmcia - ok
18:38:57.0481 5644 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
18:38:57.0512 5644 pcw - ok
18:38:57.0559 5644 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:38:57.0637 5644 PEAUTH - ok
18:38:57.0746 5644 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
18:38:57.0840 5644 pla - ok
18:38:57.0887 5644 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:38:57.0949 5644 PlugPlay - ok
18:38:57.0980 5644 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:38:58.0027 5644 PNRPAutoReg - ok
18:38:58.0043 5644 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:38:58.0074 5644 PNRPsvc - ok
18:38:58.0121 5644 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:38:58.0183 5644 PolicyAgent - ok
18:38:58.0246 5644 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
18:38:58.0308 5644 Power - ok
18:38:58.0355 5644 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:38:58.0417 5644 PptpMiniport - ok
18:38:58.0448 5644 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
18:38:58.0480 5644 Processor - ok
18:38:58.0542 5644 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
18:38:58.0604 5644 ProfSvc - ok
18:38:58.0620 5644 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
18:38:58.0636 5644 ProtectedStorage - ok
18:38:58.0667 5644 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:38:58.0745 5644 Psched - ok
18:38:58.0792 5644 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:38:58.0854 5644 ql2300 - ok
18:38:58.0885 5644 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:38:58.0916 5644 ql40xx - ok
18:38:58.0948 5644 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
18:38:58.0994 5644 QWAVE - ok
18:38:59.0010 5644 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:38:59.0057 5644 QWAVEdrv - ok
18:38:59.0072 5644 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:38:59.0135 5644 RasAcd - ok
18:38:59.0166 5644 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:38:59.0244 5644 RasAgileVpn - ok
18:38:59.0260 5644 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
18:38:59.0322 5644 RasAuto - ok
18:38:59.0353 5644 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:38:59.0400 5644 Rasl2tp - ok
18:38:59.0462 5644 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
18:38:59.0525 5644 RasMan - ok
18:38:59.0572 5644 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:38:59.0618 5644 RasPppoe - ok
18:38:59.0634 5644 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:38:59.0696 5644 RasSstp - ok
18:38:59.0728 5644 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:38:59.0774 5644 rdbss - ok
18:38:59.0806 5644 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:38:59.0837 5644 rdpbus - ok
18:38:59.0884 5644 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:38:59.0946 5644 RDPCDD - ok
18:38:59.0993 5644 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:39:00.0040 5644 RDPENCDD - ok
18:39:00.0055 5644 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:39:00.0102 5644 RDPREFMP - ok
18:39:00.0180 5644 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
18:39:00.0227 5644 RdpVideoMiniport - ok
18:39:00.0274 5644 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:39:00.0320 5644 RDPWD - ok
18:39:00.0383 5644 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:39:00.0414 5644 rdyboost - ok
18:39:00.0445 5644 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
18:39:00.0508 5644 RemoteAccess - ok
18:39:00.0539 5644 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:39:00.0617 5644 RemoteRegistry - ok
18:39:00.0679 5644 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
18:39:00.0710 5644 RichVideo - ok
18:39:00.0757 5644 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:39:00.0820 5644 RpcEptMapper - ok
18:39:00.0866 5644 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
18:39:00.0913 5644 RpcLocator - ok
18:39:00.0929 5644 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
18:39:00.0991 5644 RpcSs - ok
18:39:01.0038 5644 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:39:01.0100 5644 rspndr - ok
18:39:01.0116 5644 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
18:39:01.0163 5644 RTL8167 - ok
18:39:01.0210 5644 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
18:39:01.0272 5644 SABI - ok
18:39:01.0288 5644 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
18:39:01.0319 5644 SamSs - ok
18:39:01.0366 5644 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:39:01.0397 5644 sbp2port - ok
18:39:01.0428 5644 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
18:39:01.0490 5644 SCardSvr - ok
18:39:01.0506 5644 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:39:01.0553 5644 scfilter - ok
18:39:01.0600 5644 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
18:39:01.0678 5644 Schedule - ok
18:39:01.0693 5644 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
18:39:01.0740 5644 SCPolicySvc - ok
18:39:01.0787 5644 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:39:01.0834 5644 SDRSVC - ok
18:39:01.0943 5644 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
18:39:01.0990 5644 SDScannerService - ok
18:39:02.0068 5644 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:39:02.0130 5644 SDUpdateService - ok
18:39:02.0177 5644 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:39:02.0208 5644 SDWSCService - ok
18:39:02.0255 5644 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:39:02.0317 5644 secdrv - ok
18:39:02.0348 5644 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
18:39:02.0411 5644 seclogon - ok
18:39:02.0458 5644 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
18:39:02.0520 5644 SENS - ok
18:39:02.0551 5644 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
18:39:02.0582 5644 SensrSvc - ok
18:39:02.0629 5644 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:39:02.0660 5644 Serenum - ok
18:39:02.0692 5644 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:39:02.0738 5644 Serial - ok
18:39:02.0754 5644 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:39:02.0785 5644 sermouse - ok
18:39:02.0848 5644 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
18:39:02.0910 5644 SessionEnv - ok
18:39:02.0941 5644 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:39:02.0988 5644 sffdisk - ok
18:39:03.0004 5644 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:39:03.0050 5644 sffp_mmc - ok
18:39:03.0050 5644 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:39:03.0097 5644 sffp_sd - ok
18:39:03.0128 5644 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:39:03.0160 5644 sfloppy - ok
18:39:03.0222 5644 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
18:39:03.0300 5644 SharedAccess - ok
18:39:03.0347 5644 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:39:03.0425 5644 ShellHWDetection - ok
18:39:03.0456 5644 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
18:39:03.0472 5644 sisagp - ok
18:39:03.0534 5644 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:39:03.0550 5644 SiSRaid2 - ok
18:39:03.0581 5644 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:39:03.0612 5644 SiSRaid4 - ok
18:39:03.0659 5644 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:39:03.0690 5644 SkypeUpdate - ok
18:39:03.0706 5644 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
18:39:03.0752 5644 Smb - ok
18:39:03.0815 5644 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:39:03.0862 5644 SNMPTRAP - ok
18:39:03.0940 5644 [ A8493E43F9D4B22BBED2D424D03ED273 ] SpeedDiskService C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
18:39:03.0986 5644 SpeedDiskService - ok
18:39:04.0002 5644 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
18:39:04.0033 5644 spldr - ok
18:39:04.0096 5644 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
18:39:04.0174 5644 Spooler - ok
18:39:04.0283 5644 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
18:39:04.0439 5644 sppsvc - ok
18:39:04.0470 5644 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:39:04.0548 5644 sppuinotify - ok
18:39:04.0626 5644 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\windows\System32\Drivers\NIS\1402010.016\SRTSP.SYS
18:39:04.0673 5644 SRTSP - ok
18:39:04.0704 5644 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\windows\system32\drivers\NIS\1402010.016\SRTSPX.SYS
18:39:04.0735 5644 SRTSPX - ok
18:39:04.0766 5644 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
18:39:04.0829 5644 srv - ok
18:39:04.0844 5644 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:39:04.0891 5644 srv2 - ok
18:39:04.0907 5644 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:39:04.0954 5644 srvnet - ok
18:39:04.0969 5644 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:39:05.0047 5644 SSDPSRV - ok
18:39:05.0063 5644 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
18:39:05.0110 5644 SstpSvc - ok
18:39:05.0141 5644 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:39:05.0156 5644 stexstor - ok
18:39:05.0219 5644 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\windows\system32\DRIVERS\serscan.sys
18:39:05.0266 5644 StillCam - ok
18:39:05.0328 5644 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
18:39:05.0390 5644 StiSvc - ok
18:39:05.0406 5644 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
18:39:05.0437 5644 swenum - ok
18:39:05.0468 5644 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
18:39:05.0546 5644 swprv - ok
18:39:05.0609 5644 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
18:39:05.0640 5644 Symantec RemoteAssist - ok
18:39:05.0687 5644 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\windows\system32\drivers\NIS\1402010.016\SYMDS.SYS
18:39:05.0718 5644 SymDS - ok
18:39:05.0749 5644 [ 4C155FA65CBF81513E4B9D088737E9CF ] SymDSMon C:\windows\system32\drivers\SymDSMon.sys
18:39:05.0780 5644 SymDSMon - ok
18:39:05.0827 5644 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\windows\system32\drivers\NIS\1402010.016\SYMEFA.SYS
18:39:05.0874 5644 SymEFA - ok
18:39:05.0905 5644 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\windows\system32\Drivers\SYMEVENT.SYS
18:39:05.0936 5644 SymEvent - ok
18:39:05.0983 5644 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\windows\system32\drivers\NIS\1402010.016\Ironx86.SYS
18:39:05.0999 5644 SymIRON - ok
18:39:06.0046 5644 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\windows\System32\Drivers\NIS\1402010.016\SYMNETS.SYS
18:39:06.0077 5644 SymNetS - ok
18:39:06.0124 5644 [ E9983667331D463F1E5B34F9170A9AE0 ] SYMSpeedDisk C:\windows\system32\drivers\SymSpeedDisk.sys
18:39:06.0139 5644 SYMSpeedDisk - ok
18:39:06.0202 5644 [ 215A45246C6E2D0A9C263CE1786C8D8A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
18:39:06.0217 5644 SynTP - ok
18:39:06.0280 5644 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
18:39:06.0358 5644 SysMain - ok
18:39:06.0404 5644 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
18:39:06.0451 5644 TabletInputService - ok
18:39:06.0498 5644 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
18:39:06.0560 5644 TapiSrv - ok
18:39:06.0592 5644 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
18:39:06.0654 5644 TBS - ok
18:39:06.0716 5644 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:39:06.0779 5644 Tcpip - ok
18:39:06.0857 5644 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:39:06.0904 5644 TCPIP6 - ok
18:39:06.0950 5644 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:39:06.0982 5644 tcpipreg - ok
18:39:07.0044 5644 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:39:07.0075 5644 TDPIPE - ok
18:39:07.0122 5644 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:39:07.0153 5644 TDTCP - ok
18:39:07.0200 5644 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:39:07.0247 5644 tdx - ok
18:39:07.0387 5644 [ 1A35E7079C650D9EB17B55E4FF4C0DCD ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
18:39:07.0450 5644 TeamViewer5 - ok
18:39:07.0496 5644 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
18:39:07.0512 5644 TermDD - ok
18:39:07.0574 5644 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
18:39:07.0637 5644 TermService - ok
18:39:07.0652 5644 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
18:39:07.0699 5644 Themes - ok
18:39:07.0715 5644 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
18:39:07.0762 5644 THREADORDER - ok
18:39:07.0824 5644 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
18:39:07.0871 5644 TrkWks - ok
18:39:07.0933 5644 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:39:07.0996 5644 TrustedInstaller - ok
18:39:08.0027 5644 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:39:08.0074 5644 tssecsrv - ok
18:39:08.0120 5644 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:39:08.0167 5644 TsUsbFlt - ok
18:39:08.0214 5644 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:39:08.0261 5644 tunnel - ok
18:39:08.0292 5644 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:39:08.0323 5644 uagp35 - ok
18:39:08.0354 5644 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:39:08.0417 5644 udfs - ok
18:39:08.0448 5644 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:39:08.0495 5644 UI0Detect - ok
18:39:08.0510 5644 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:39:08.0542 5644 uliagpkx - ok
18:39:08.0588 5644 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
18:39:08.0620 5644 umbus - ok
18:39:08.0651 5644 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:39:08.0666 5644 UmPass - ok
18:39:08.0698 5644 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
18:39:08.0776 5644 upnphost - ok
18:39:08.0807 5644 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:39:08.0854 5644 usbccgp - ok
18:39:08.0885 5644 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:39:08.0932 5644 usbcir - ok
18:39:08.0947 5644 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:39:08.0978 5644 usbehci - ok
18:39:09.0025 5644 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:39:09.0072 5644 usbhub - ok
18:39:09.0088 5644 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
18:39:09.0119 5644 usbohci - ok
18:39:09.0166 5644 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:39:09.0212 5644 usbprint - ok
18:39:09.0244 5644 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:39:09.0290 5644 USBSTOR - ok
18:39:09.0322 5644 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
18:39:09.0353 5644 usbuhci - ok
18:39:09.0415 5644 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
18:39:09.0446 5644 usbvideo - ok
18:39:09.0493 5644 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
18:39:09.0540 5644 usb_rndisx - ok
18:39:09.0571 5644 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
18:39:09.0618 5644 UxSms - ok
18:39:09.0634 5644 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
18:39:09.0665 5644 VaultSvc - ok
18:39:09.0696 5644 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:39:09.0727 5644 vdrvroot - ok
18:39:09.0774 5644 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
18:39:09.0836 5644 vds - ok
18:39:09.0852 5644 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:39:09.0883 5644 vga - ok
18:39:09.0899 5644 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
18:39:09.0961 5644 VgaSave - ok
18:39:09.0992 5644 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:39:10.0024 5644 vhdmp - ok
18:39:10.0070 5644 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
18:39:10.0102 5644 viaagp - ok
18:39:10.0117 5644 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
18:39:10.0164 5644 ViaC7 - ok
18:39:10.0180 5644 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
18:39:10.0211 5644 viaide - ok
18:39:10.0242 5644 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:39:10.0273 5644 volmgr - ok
18:39:10.0289 5644 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:39:10.0320 5644 volmgrx - ok
18:39:10.0367 5644 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:39:10.0398 5644 volsnap - ok
18:39:10.0445 5644 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:39:10.0476 5644 vsmraid - ok
18:39:10.0632 5644 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
18:39:10.0757 5644 VSS - ok
18:39:10.0804 5644 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:39:10.0866 5644 vwifibus - ok
18:39:10.0913 5644 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:39:10.0975 5644 vwififlt - ok
18:39:11.0084 5644 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
18:39:11.0116 5644 vwifimp - ok
18:39:11.0178 5644 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
18:39:11.0287 5644 W32Time - ok
18:39:11.0318 5644 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:39:11.0381 5644 WacomPen - ok
18:39:11.0459 5644 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:39:11.0521 5644 WANARP - ok
18:39:11.0552 5644 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:39:11.0599 5644 Wanarpv6 - ok
18:39:11.0708 5644 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
18:39:11.0958 5644 wbengine - ok
18:39:12.0098 5644 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:39:12.0145 5644 WbioSrvc - ok
18:39:12.0660 5644 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
18:39:12.0754 5644 wcncsvc - ok
18:39:12.0816 5644 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:39:12.0878 5644 WcsPlugInService - ok
18:39:12.0925 5644 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
18:39:12.0956 5644 Wd - ok
18:39:13.0003 5644 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:39:13.0050 5644 Wdf01000 - ok
18:39:13.0081 5644 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
18:39:13.0159 5644 WdiServiceHost - ok
18:39:13.0159 5644 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
18:39:13.0206 5644 WdiSystemHost - ok
18:39:13.0268 5644 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
18:39:13.0315 5644 WebClient - ok
18:39:13.0362 5644 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
18:39:13.0424 5644 Wecsvc - ok
18:39:13.0456 5644 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
18:39:13.0518 5644 wercplsupport - ok
18:39:13.0549 5644 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
18:39:13.0627 5644 WerSvc - ok
18:39:13.0658 5644 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:39:13.0721 5644 WfpLwf - ok
18:39:13.0768 5644 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:39:13.0799 5644 WIMMount - ok
18:39:13.0892 5644 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:39:13.0970 5644 WinDefend - ok
18:39:13.0970 5644 WinHttpAutoProxySvc - ok
18:39:14.0033 5644 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:39:14.0080 5644 Winmgmt - ok
18:39:14.0251 5644 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
18:39:14.0360 5644 WinRM - ok
18:39:14.0438 5644 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:39:14.0470 5644 WinUsb - ok
18:39:14.0594 5644 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
18:39:14.0657 5644 Wlansvc - ok
18:39:14.0672 5644 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:39:14.0735 5644 WmiAcpi - ok
18:39:14.0766 5644 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:39:14.0813 5644 wmiApSrv - ok
18:39:14.0938 5644 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:39:15.0062 5644 WMPNetworkSvc - ok
18:39:15.0078 5644 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
18:39:15.0125 5644 WPCSvc - ok
18:39:15.0172 5644 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:39:15.0218 5644 WPDBusEnum - ok
18:39:15.0250 5644 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:39:15.0328 5644 ws2ifsl - ok
18:39:15.0390 5644 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll
18:39:15.0437 5644 wscsvc - ok
18:39:15.0437 5644 WSearch - ok
18:39:15.0577 5644 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
18:39:15.0718 5644 wuauserv - ok
18:39:15.0780 5644 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:39:15.0842 5644 WudfPf - ok
18:39:15.0889 5644 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:39:15.0952 5644 WUDFRd - ok
18:39:16.0030 5644 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:39:16.0061 5644 wudfsvc - ok
18:39:16.0108 5644 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
18:39:16.0154 5644 WwanSvc - ok
18:39:16.0264 5644 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
18:39:16.0373 5644 yukonw7 - ok
18:39:16.0466 5644 ================ Scan global ===============================
18:39:16.0544 5644 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
18:39:16.0638 5644 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
18:39:16.0654 5644 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
18:39:16.0700 5644 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
18:39:16.0794 5644 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
18:39:16.0810 5644 [Global] - ok
18:39:16.0810 5644 ================ Scan MBR ==================================
18:39:16.0841 5644 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
18:39:17.0371 5644 \Device\Harddisk0\DR0 - ok
18:39:17.0387 5644 [ 81DC55665F08DB4652402442BAF7BE80 ] \Device\Harddisk1\DR1
18:39:24.0376 5644 \Device\Harddisk1\DR1 - ok
18:39:24.0376 5644 ================ Scan VBR ==================================
18:39:24.0407 5644 [ 80F1F6505F4F7557F37C3705680228DC ] \Device\Harddisk0\DR0\Partition1
18:39:24.0407 5644 \Device\Harddisk0\DR0\Partition1 - ok
18:39:24.0422 5644 [ AE3F8A65F493684F0A53AB61F9E5A578 ] \Device\Harddisk0\DR0\Partition2
18:39:24.0422 5644 \Device\Harddisk0\DR0\Partition2 - ok
18:39:24.0438 5644 [ 871286AE74A8BBF8EC17698106448CC2 ] \Device\Harddisk0\DR0\Partition3
18:39:24.0438 5644 \Device\Harddisk0\DR0\Partition3 - ok
18:39:24.0454 5644 ============================================================
18:39:24.0454 5644 Scan finished
18:39:24.0454 5644 ============================================================
18:39:24.0469 5636 Detected object count: 0
18:39:24.0469 5636 Actual detected object count: 0
Gruß 18:57 Uhr Eben getestet, verhält sich "Normal", klasse. Ist das jetzt der .job gewesen? Ich teste morgen nochmal und melde mich dann. Erstmal danke für eure tolle Arbeit  |
|
04.02.2013, 12:48
| #6 | |
| /// Malware-holic | Falsche Weiterleitung von Browserlinks sieht gut aus, schaun wir weiter: combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Falsche Weiterleitung von Browserlinks |
|
05.02.2013, 19:38
| #7 |
| | Falsche Weiterleitung von Browserlinks Hi, Problem scheint echt gelöst zu sein. Combofix [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - Jutta 05.02.2013 19:02:56.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3033.1734 [GMT 1:00]
ausgeführt von:: c:\users\Jutta\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 ))))))))))))))))))))))))))))))
.
.
2013-02-05 18:09 . 2013-02-05 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 17:54 . 2013-02-03 17:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-03 16:35 . 2013-02-03 16:42 -------- d-----w- C:\_OTL
2013-02-02 14:28 . 2013-02-02 14:28 -------- d-----w- c:\users\Jutta\AppData\Roaming\Malwarebytes
2013-02-02 14:28 . 2013-02-02 14:28 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 14:28 . 2013-02-02 14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-02 14:28 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 13:27 . 2013-02-02 13:27 -------- d-----w- c:\program files\CCleaner
2013-02-02 13:14 . 2013-02-05 18:09 -------- d-----w- c:\users\Jutta\AppData\Local\temp
2013-02-02 10:41 . 2013-02-02 10:41 49152 ----a-r- c:\users\Jutta\AppData\Roaming\Microsoft\Installer\{E2F2D836-B7DC-401B-8D3B-EF6B0A6F5121}\NewShortcut4_10B627704A584810B7D1788FD0BF3A1D.exe
2013-02-02 10:41 . 2013-02-02 10:41 49152 ----a-r- c:\users\Jutta\AppData\Roaming\Microsoft\Installer\{E2F2D836-B7DC-401B-8D3B-EF6B0A6F5121}\BasisRentenRechner_F1E630C4CB634CCD8F42F92B48FCEC0D.exe
2013-02-02 10:41 . 2013-02-02 10:41 49152 ----a-r- c:\users\Jutta\AppData\Roaming\Microsoft\Installer\{E2F2D836-B7DC-401B-8D3B-EF6B0A6F5121}\ARPPRODUCTICON.exe
2013-02-02 10:39 . 2013-02-02 10:41 -------- d-----w- c:\program files\SDK-BasisRenten-Rechner
2013-02-02 10:05 . 2013-02-02 10:05 -------- d-----w- c:\program files\Enigma Software Group
2013-02-02 10:04 . 2013-02-02 10:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-02-02 09:49 . 2013-02-02 10:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-02 09:49 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-02-02 09:49 . 2013-02-02 09:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-02-02 09:49 . 2013-02-02 09:49 -------- d-----w- c:\users\Jutta\AppData\Local\Programs
2013-02-01 08:08 . 2012-11-22 09:50 92184 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-01-25 10:45 . 2013-01-25 10:45 2551808 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-01-23 07:45 . 2013-01-24 15:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-01-23 06:13 . 2013-01-24 14:51 -------- d-----w- c:\windows\system32\drivers\NIS\1402010.016
2013-01-18 06:51 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-18 06:51 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-18 06:51 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-18 06:51 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-18 06:49 . 2012-12-07 12:26 308736 ----a-w- c:\windows\system32\Wpc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-18 07:02 . 2012-05-23 05:32 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-18 07:02 . 2012-01-26 07:53 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 12:31 . 2012-12-23 12:31 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-23 12:31 . 2012-12-23 12:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-23 12:31 . 2012-12-23 12:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-23 12:31 . 2012-12-23 12:31 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-12-23 12:31 . 2012-12-23 12:31 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-12-23 12:31 . 2012-12-23 12:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-23 12:31 . 2012-12-23 12:31 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-12-23 12:31 . 2012-12-23 12:31 367104 ----a-w- c:\windows\system32\html.iec
2012-12-23 12:31 . 2012-12-23 12:31 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-12-23 12:31 . 2012-12-23 12:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-23 12:31 . 2012-12-23 12:31 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-23 12:31 . 2012-12-23 12:31 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-23 12:31 . 2012-12-23 12:31 161792 ----a-w- c:\windows\system32\msls31.dll
2012-12-23 12:31 . 2012-12-23 12:31 152064 ----a-w- c:\windows\system32\wextract.exe
2012-12-23 12:31 . 2012-12-23 12:31 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-12-23 12:31 . 2012-12-23 12:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-23 12:31 . 2012-12-23 12:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-23 12:31 . 2012-12-23 12:31 11776 ----a-w- c:\windows\system32\mshta.exe
2012-12-23 12:31 . 2012-12-23 12:31 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-12-23 12:31 . 2012-12-23 12:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-23 12:31 . 2012-12-23 12:31 101888 ----a-w- c:\windows\system32\admparse.dll
2012-12-16 14:13 . 2012-12-22 08:51 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-09 04:42 . 2012-12-13 08:33 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-16 20:10 . 2013-02-03 17:54 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"TrayBackup"="c:\program files\TrayBackup\traybackup.exe" [2009-01-12 354304]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
.
c:\users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1402010.016\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1402010.016\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1402010.016\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130202.001\IDSvix86.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1402010.016\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1402010.016\SYMNETS.SYS [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:02]
.
2013-02-05 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2011-10-19 18:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\urn0o53f.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05 19:11:31
ComboFix-quarantined-files.txt 2013-02-05 18:11
.
Vor Suchlauf: 15 Verzeichnis(se), 78.113.345.536 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 78.062.940.160 Bytes frei
.
- - End Of File - - 1E81B20329FF5B778265D068026E99DB
[CODE] Besten Dank |
|
05.02.2013, 20:19
| #8 |
| /// Malware-holic | Falsche Weiterleitung von Browserlinks hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 21:05
| #9 |
| | Falsche Weiterleitung von Browserlinks CCleaner Log Code:
ATTFilter AC3Filter 1.63b Alexander Vigovsky 15.03.2010 1.63b **NOTWENDIG**
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 02.02.2013 6,00MB 11.5.502.146 **NOTWENDIG**
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 02.02.2013 6,00MB 11.5.502.146 **NOTWENDIG**
Adobe Reader 9.5.3 - Deutsch Adobe Systems Incorporated 21.01.2013 118MB 9.5.3 **NOTWENDIG**
AirPort Apple Inc. 04.09.2012 11,6MB 5.6.1.2 **NOTWENDIG**
Alice Greenfingers Oberon Media 02.02.2013 **UNBEKANNT**
AnyPC Client Doctorsoft 05.12.2009 1.0.0.23 **NOTWENDIG**
Apple Application Support Apple Inc. 04.09.2012 61,0MB 2.1.7 **NOTWENDIG**
Apple Software Update Apple Inc. 04.09.2012 2,38MB 2.1.3.127 **NOTWENDIG**
Atheros Client Installation Program Atheros 05.12.2009 1.0.1.0805 **NOTWENDIG**
AVS Update Manager 1.0 Online Media Technologies Ltd. 15.03.2010 **UNBEKANNT**
AVS4YOU Software Navigator 1.3 Online Media Technologies Ltd. 15.03.2010 **UNBEKANNT**
BatteryLifeExtender Samsung 05.12.2009 14,2MB 1.0.1 **NOTWENDIG**
Bonjour Apple Inc. 04.09.2012 0,98MB 3.0.0.10 **UNBEKANNT**
CCleaner Piriform 23.01.2013 3.27 **NOTWENDIG**
Compatibility Pack für 2007 Office System Microsoft Corporation 19.01.2013 313MB 12.0.6612.1000 **NOTWENDIG**
CyberLink DVD Suite CyberLink Corp. 05.12.2009 15,1MB 6.0.2806 **NOTWENDIG**
CyberLink LabelPrint CyberLink Corp. 05.12.2009 163MB 2.5.1916 **NOTWENDIG**
CyberLink Power2Go CyberLink Corp. 05.12.2009 120MB 6.0.3108a **NOTWENDIG**
CyberLink PowerDirector CyberLink Corp. 05.12.2009 367MB 7.0.3213 **NOTWENDIG**
CyberLink PowerDVD 8 CyberLink Corp. 05.12.2009 91,3MB 8.0.2815b **NOTWENDIG**
CyberLink PowerProducer CyberLink Corp. 05.12.2009 297MB 5.0.1.1812 **NOTWENDIG**
CyberLink YouCam CyberLink Corp. 22.02.2010 77,1MB 2.0.3304 **NOTWENDIG**
Dairy Dash Oberon Media 02.02.2013 **UNBEKANNT**
Easy Display Manager Samsung Electronics Co., Ltd. 05.12.2009 3.0 **NOTWENDIG**
Easy Network Manager Samsung 05.12.2009 19,0MB 4.2.6 **NOTWENDIG**
Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 02.02.2013 3.0.0.5 **NOTWENDIG**
EasyBatteryManager Samsung 05.12.2009 4.0.0.3 **NOTWENDIG**
ESET Online Scanner v3 02.02.2013 **UNBEKANNT**
Eumex RNDIS Driver V1.00 T-Home 18.11.2011 932KB 1.00.0000 **NOTWENDIG**
Farm Frenzy 2 Oberon Media 02.02.2013 **UNBEKANNT**
FreePDF (Remove only) 02.02.2013 **NOTWENDIG**
funkwerk Eumex 401 WIN-Tools V2.00 Funkwerk Enterprise Communications GmbH 18.11.2011 16,3MB 2.00.0000 **NOTWENDIG**
Game Pack Oberon Media, Inc. 22.02.2010 5.3.0.10 **UNBEKANNT**
Go-Go Gourmet Oberon Media 02.02.2013 **UNBEKANNT**
GOM Player Gretech Crop. 02.02.2013 2.1.21.4846 **NOTWENDIG**
gotomaxx PDFMAILER gotomaxx GmbH 04.10.2012 40,9MB 5.0.14 **NOTWENDIG**
GPL Ghostscript 8.71 02.02.2013 **NOTWENDIG**
HP Officejet Pro 8600 - Grundlegende Software für das Gerät Hewlett-Packard Co. 14.11.2012 163MB 25.0.619.0 **NOTWENDIG**
HP Officejet Pro 8600 Hilfe Hewlett Packard 14.11.2012 22,5MB 140.0.2.2 **NOTWENDIG**
HP Update Hewlett-Packard 22.11.2012 3,98MB 5.003.001.001 **NOTWENDIG**
I.R.I.S. OCR HP 14.11.2012 68,9MB 12.3.4.0 **NOTWENDIG**
iCloud Apple Inc. 04.09.2012 24,2MB 1.1.0.40 **NOTWENDIG**
Intel(R) Graphics Media Accelerator Driver Intel Corporation 02.02.2013 54,2MB 8.15.10.2302 **NOTWENDIG**
Intel® Matrix Storage Manager Intel Corporation 02.02.2013 **NOTWENDIG**
iPhoneBrowser Cranium Consulting and Custom Software 10.12.2011 416KB 1.8.1 **NOTWENDIG**
Marvell Miniport Driver Marvell 02.02.2013 11.22.3.3 **UNBEKANNT**
Media Player Codec Pack 3.9.2 Media Player Codec Pack 02.02.2013 **NOTWENDIG**
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.02.2013 38,8MB 4.0.30319 **NOTWENDIG**
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 **NOTWENDIG**
Microsoft Office Home and Student 2007 Microsoft Corporation 02.02.2013 12.0.6612.1000 **NOTWENDIG**
Microsoft Office Live Add-in 1.5 Microsoft Corporation 08.07.2012 508KB 2.0.4024.1 **NOTWENDIG**
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 19.01.2013 161MB 12.0.6612.1000 **NOTWENDIG**
Microsoft Office Suite Activation Assistant Microsoft Corporation 22.02.2010 8,36MB 2.9 **NOTWENDIG**
Microsoft Silverlight Microsoft Corporation 10.05.2012 228MB 4.1.10329.0 **NOTWENDIG**
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.02.2010 1,72MB 3.1.0000 **NOTWENDIG**
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.02.2010 252KB 8.0.50727.4053 **NOTWENDIG**
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.61001 **NOTWENDIG**
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.08.2012 12,2MB 10.0.40219 **NOTWENDIG**
Microsoft Works Microsoft Corporation 11.10.2012 1,18GB 9.7.0621 **NOTWENDIG**
Mozilla Firefox 18.0.1 (x86 de) Mozilla 03.02.2013 44,3MB 18.0.1 **NOTWENDIG**
Mozilla Maintenance Service Mozilla 03.02.2013 217KB 18.0.1 **NOTWENDIG**
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 02.02.2013 43,3MB 17.0.2 **NOTWENDIG**
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.10.2011 35,0KB 4.20.9870.0 **UNBEKANNT**
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.10.2011 1,33MB 4.20.9876.0 **UNBEKANNT**
MyTomTom 3.2.0.700 TomTom 02.02.2013 3.2.0.700 **NOTWENDIG**
Norton Internet Security Symantec Corporation 21.10.2012 20.2.1.22 **NOTWENDIG**
Norton Utilities 15 Symantec Corporation 19.10.2011 80,6MB 15.0 **NOTWENDIG**
Paragon Backup & Recovery™ 2012 Free Paragon Software 05.02.2013 142MB 90.00.0003 **NOTWENDIG**
QuickTime Apple Inc. 04.09.2012 73,2MB 7.72.80.56 **NOTWENDIG**
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.12.2009 6.0.1.5986 **NOTWENDIG**
RedMon - Redirection Port Monitor 02.02.2013 **UNBEKANNT**
Samsung Recovery Solution 4 Samsung 05.12.2009 **NOTWENDIG**
Samsung Support Center Samsung 05.12.2009 40,8MB 1.0.21 **NOTWENDIG**
Samsung Update Plus Samsung Electronics Co., Ltd. 05.12.2009 2.0 **NOTWENDIG**
SDK Angebotsprogramm 02.02.2013 **NOTWENDIG**
SDK-BasisRenten-Rechner Intelligent Solution Services AG 02.02.2013 160MB 7.50.0093 **NOTWENDIG**
SDK-Komponenten 02/2009 02.02.2013 **NOTWENDIG**
Skype Toolbars Skype Technologies S.A. 22.02.2010 5,36MB 1.0.4051 **NOTWENDIG**
Skype™ 5.10 Skype Technologies S.A. 12.09.2012 19,4MB 5.10.116 **NOTWENDIG**
Spybot - Search & Destroy Safer-Networking Ltd. 02.02.2013 135MB 2.0.12 **NOTWENDIG**
Symantec Technical Support Web Controls Symantec Corporation 22.02.2010 9,26MB 3.5.3 **NOTWENDIG**
Synaptics Pointing Device Driver Synaptics Incorporated 02.02.2013 14.0.10.0 **NOTWENDIG**
TeamViewer 5 TeamViewer GmbH 02.02.2013 5.1.13999 **NOTWENDIG**
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 03.02.2012 1,88MB 1.0.2 **NOTWENDIG**
User Guide 02.02.2013 1.0**UNBEKANNT**
Visual Studio C++ 10.0 Runtime TomTom International B.V. 23.06.2012 1,14MB 10.0.0 **NOTWENDIG**
Windows Live Anmelde-Assistent Microsoft Corporation 22.02.2010 1,93MB 5.000.818.5 **NOTWENDIG**
Windows Live Essentials Microsoft Corporation 02.02.2013 14.0.8089.0726 **NOTWENDIG**
Windows Live Sync Microsoft Corporation 22.02.2010 2,79MB 14.0.8089.726 **NOTWENDIG**
Windows Live-Uploadtool Microsoft Corporation 22.02.2010 224KB 14.0.8014.1029 **NOTWENDIG**
WinZip WinZip Computing, Inc. 02.02.2013 8.1 SR-1 (5266g) **NOTWENDIG**
|
|
05.02.2013, 22:16
| #10 |
| /// Malware-holic | Falsche Weiterleitung von Browserlinks deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Alice Dairy ESET Farm Go-Go Skype Toolbars : bitte verzichte auf toolbars, zusatz risiko und machen den Browser lam Spybot : ebenfalls unnötig, bringt nichts. TeamViewer : 1. total veraltet, aktuell ist version 8 2. würde ich solche Software nur bei Bedarf instalieren Öffne CCleaner, analysieren starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 23:27
| #11 |
| | Falsche Weiterleitung von Browserlinks So, alles aktualisiert bzw. deinstalliert. adw log AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 05/02/2013 um 23:17:33 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer :
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\urn0o53f.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [724 octets] - [05/02/2013 23:17:33]
########## EOF - C:\AdwCleaner[S2].txt - [783 octets] ##########
[/CODE] |
|
06.02.2013, 12:57
| #12 |
| /// Malware-holic | Falsche Weiterleitung von Browserlinks Teste, wie PC + Programme wie Browser laufen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 14:34
| #13 |
| | Falsche Weiterleitung von Browserlinks Hi, habe alle relevanten Programme ausprobiert und Backups erstellt, Online geht auch... Firefox einmal abgeschmiert (Download nicht richtig beendet), Mail funzt auch, soweit alles vernünftig. Die nächsten Tage werden den Rest zeigen, sieht aber kompetent gelöst aus ^^. |
|
06.02.2013, 15:23
| #14 |
| /// Malware-holic | Falsche Weiterleitung von Browserlinks hi na n abgebrochener Download kann schon mal passieren. Öffne OTL, bereinigen, PC startet neu, Remover werden gelöscht. Lösche übrig gebliebene Remover, Setups, Logs, leere den Papierkorb. PC absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 19:29
| #15 |
| | Falsche Weiterleitung von Browserlinks Hi, also, emisoft ist installiert. Norton Internet Security 2013 wird benutzt. Windows Updates sind wie vorgeschlagen konfiguriert. Backup Programm ist Paragon B&R 2012 sandbox muss ich nochmal genau nachlesen, hört sich aber sehr hilfreich an. Ich nehme an dass der bei Mozilla genauso funktioniert. Nochmal heißen Dank für die Hilfe!!! abaldus |
|
| Themen zu Falsche Weiterleitung von Browserlinks |
| autorun, bho, bonjour, browser, enigma, error, excel, fehler, firefox, flash player, format, home, install.exe, installation, internet, intranet, links, logfile, neu aufsetzen, nodrives, ntdll.dll, office 2007, officejet, problem, realtek, registry, rootkit, rundll, safer networking, scan, security, software, svchost.exe, symantec, udp, visual studio, weiterleitung, windows |
Linear-Darstellung
