Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 14.03.2013, 19:19   #1
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Liebes trojaner-board-Team,

seit einigen Tagen fällt mir auf, dass bei meinem GMX-Account als "letzter Login" Zeiten registriert sind, zu denen ich nachweislich nicht online war (teilweise 2 oder 3 Uhr nachts).
Einen Zugriff von einer mir bekannten Person kann ich zu 100% ausschließen, da niemand mein Passwort oder Zugang zu meinem PC/Laptop hat.

Ich greife auf meinen GMX-Account von meinem Laptop täglich und 1-2x pro Woche auch von meinem PC aus zu (Outlook, Thunderbird oder auch Web). Auf beiden Computern habe ich Norton 360, das stets auf dem aktuellsten Stand gehalten wird. Auf dem Laptop und dem PC habe ich je mehrere Suchläufe mit Norton 360 und Super Anti Spyware laufen lassen.

Auf dem Laptop hat Norton nichts, und Super-Antispyware lediglich Tracking-Cookies (adfarm) gefunden. Auf dem PC hat Norton 1 Virus (Trojaner) und Tracking Cookies gefunden, Super-Spyware mehrere Trojaner und etliche Tracking-Cookies gefunden.

Nachdem ich die infizierten Dateien von mir nicht mehr gebraucht wurden, habe ich diese alle gelöscht (PC). Von da an änderte ich auf dem Laptop mehrmals das Passwort für GMX, leider traten die Zugriffe weiterhin (die letzten 2 Tage) auf. Der Zugriff erfolgte nur noch über den Laptop.

Ich würde gerne Laptop und PC durchchecken, wichtiger wäre mir zunächst der Laptop, da er neuer ist. Eigentlich wäre es verwunderlich, da ich ihn erst seit Januar habe, aber die unerklärlichen Zugriffe lassen fast keinen anderen Schluss zu.

Wie gesagt, ich würde gerne mit dem Laptop beginnen...

Viele Grüße

Stevie-1984

PS. Hier die OTL.txt, Extras.txt und die gmer.txt; bei GMER taucht eine Fehlermeldung (Anhang) auf, ein Log-File wird erstellt.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 14.03.2013 18:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 81,90% Memory free
9,14 Gb Paging File | 7,67 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,69 Gb Free Space | 88,92% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013.02.21 15:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.23 18:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.29 18:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.09.05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012.09.05 08:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012.09.05 08:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012.08.15 12:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012.07.18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.05 08:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012.09.05 08:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012.09.05 08:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012.09.05 08:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012.09.05 08:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012.06.08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012.06.08 03:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.29 02:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.04.20 06:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.03.12 20:00:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 20:44:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013.02.21 15:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.23 18:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.29 19:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.09.29 18:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012.09.05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012.08.16 12:08:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.11 00:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 02:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.29 00:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.28 19:42:43 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013.01.11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.23 18:35:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.29 18:43:26 | 000,575,128 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.09.29 18:43:24 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.09.29 18:43:22 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.09.29 18:43:22 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.09.29 18:43:20 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.09.29 18:43:20 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.09.29 18:43:20 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.09.29 18:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.19 00:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.09.06 19:05:06 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM)
DRV:64bit: - [2012.08.16 03:26:42 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.06 03:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.07.31 03:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.27 13:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.25 02:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.06.12 13:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.05.26 01:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV - [2013.01.26 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130314.004\ex64.sys -- (NAVEX15)
DRV - [2013.01.26 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.01.26 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.26 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130314.004\eng64.sys -- (NAVENG)
DRV - [2013.01.24 16:29:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130312.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.01.16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0}
IE:64bit: - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0}
IE - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013.01.28 19:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013.03.14 17:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 20:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.14 19:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 20:44:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.02 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions
[2013.02.07 21:15:33 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions\sammelfreund@webmiles.de
[2013.02.14 19:40:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.02.12 19:48:20 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\tineye@ideeinc.com.xpi
[2013.02.07 21:15:33 | 000,128,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\toolbar-ff@payback.de.xpi
[2013.03.09 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 20:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.09 20:44:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.12 22:09:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 22:09:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.12 22:09:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.12 22:09:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.12 22:09:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.12 22:09:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAEB5F0-1A65-4275-B88E-A13B42C731CE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.14 18:27:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 17:37:34 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.03.13 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.12 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.12 19:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Spyware Scanner
[2013.03.12 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner
[2013.03.09 20:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.03.08 16:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.03.07 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.01 14:32:34 | 000,000,000 | ---D | C] -- C:\83653373651835b891237365
[2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV
[2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV
[2013.02.28 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.02.28 18:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.27 21:11:21 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2013.02.24 19:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop
[2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.02.15 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Studium
[2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.14 19:12:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Thunderbird
[2013.02.14 19:12:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Thunderbird
[2013.02.14 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 18:25:51 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.14 18:24:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.14 18:00:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.14 17:42:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job
[2013.03.14 17:41:00 | 002,176,475 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013.03.14 17:36:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.13 22:19:11 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.13 22:19:02 | 2324,926,463 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 20:36:28 | 000,002,928 | ---- | M] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9}
[2013.03.13 19:29:20 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2013.03.12 19:58:49 | 006,423,656 | ---- | M] () -- C:\Users\User\FreeSpywareScanner9.6.exe
[2013.03.12 19:35:39 | 000,002,928 | ---- | M] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7}
[2013.03.08 16:31:19 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.08 16:30:57 | 000,427,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.03.08 16:30:05 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013.03.01 19:36:01 | 000,002,928 | ---- | M] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72}
[2013.02.28 18:58:28 | 000,002,928 | ---- | M] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E}
[2013.02.22 19:36:10 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.22 19:36:10 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.22 19:36:10 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.22 19:36:10 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.22 19:36:10 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.21 16:59:08 | 002,063,240 | ---- | M] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2013.02.14 22:17:54 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 19:40:40 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.14 19:12:27 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2013.03.14 18:25:51 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.14 18:24:37 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.13 20:36:27 | 000,002,928 | ---- | C] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9}
[2013.03.13 19:29:19 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2013.03.12 19:58:34 | 006,423,656 | ---- | C] () -- C:\Users\User\FreeSpywareScanner9.6.exe
[2013.03.12 19:35:39 | 000,002,928 | ---- | C] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7}
[2013.03.01 19:36:00 | 000,002,928 | ---- | C] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72}
[2013.02.28 18:58:27 | 000,002,928 | ---- | C] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E}
[2013.02.28 18:14:56 | 003,547,239 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin
[2013.02.28 18:12:35 | 000,014,148 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013.02.27 21:11:21 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013.02.15 20:05:50 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.02.14 22:17:53 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 22:17:52 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.14 19:19:29 | 000,427,328 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.14 19:12:25 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.02.14 19:12:17 | 000,002,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.01.28 10:59:15 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012.08.16 03:27:12 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012.08.16 03:27:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.08.16 03:26:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.08.16 03:26:32 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.08.16 03:26:32 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012.04.20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.14 19:12:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:

Code:
ATTFilter
 OTL Extras logfile created on: 14.03.2013 18:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 81,90% Memory free
9,14 Gb Paging File | 7,67 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,69 Gb Free Space | 88,92% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0E22F-B40D-47E3-A964-CF8750555235}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1FC054FA-4BB8-4912-9296-DD5BB598864E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C46A72-6547-4F4A-B25E-D187E39EF5C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{338E5BE1-C7DE-4456-9DD5-D44C1398E204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E28B3FB-95F5-403D-BDE3-7CEC45164122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F321406-B2A5-4374-9F4D-91B35628892A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4768B628-0369-434A-B9A1-DC760EC11A0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48D386C3-82FB-489C-8DDB-7FF6D9E62063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E516A26-9160-401E-B1AF-EB47F14C6139}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5AF4E63F-10FF-4E31-8814-DF8FB618B100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{620A2EE9-10F9-4324-ADC2-00439E6600C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7C50FB0B-61F0-4674-BD20-055C52C564A4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{91B674A2-D43B-4DE5-BC2E-B9617B8CDB2D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{948D3014-4F4C-402B-92CE-34928DD626D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C122646-305B-4E8D-BE55-BA70CF4BDE78}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9DC9E6D5-9416-436B-B27A-4632C37A7A80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B3E99500-C0BC-4E05-9962-CD4D99B1F7E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFE77CDC-F02B-45DD-9B98-1DEDE6110B8A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C46C0C89-9B68-4D61-B7C4-8E176D6CC73B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C47EB13A-9628-4371-B542-91307CBEFE55}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D51958C0-A7FF-4F88-A331-ABA83698CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6524EE1-07D7-41DF-9080-FF306EA158A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F15D5A8C-44CB-4A03-918A-9A67F6B54B17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F71F5687-2B37-4309-8995-3253B0F5B5E3}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C7F723-B67F-4D2A-9EDC-FA2DEF522987}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{03947F51-900C-4711-88E3-1A6178D2E49F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{0A0EE794-A424-4BFC-9396-253C430BE12D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E7F0D49-6F94-4F22-858D-33BB1D52E00F}" = dir=out | name=adera | 
"{157E0455-EA79-46AD-9405-75AAB545F424}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{23EE1B42-1C0D-48E3-AD44-2918A4538C77}" = dir=out | name=family story | 
"{24B7411C-596B-45B7-9278-7E7408EE0C0A}" = dir=out | name=music hub | 
"{251A4228-798C-40A4-B599-510B291B9746}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2981EE46-466D-4011-9F08-8D13F839E0E1}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{29AB4D3E-6AE2-45B9-A4EB-1654F5916B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D7FE2F7-A448-45D2-8150-6CBC9B392FB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3463939C-02E9-4EFE-8D78-993F7C256F32}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{35DF66F2-B735-4510-9AF5-CCC22E67C67C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A765185-2BFC-4321-8470-2DD53BB6A10C}" = dir=out | name=s camera | 
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 | 
"{40407DBB-A9D9-4668-A7B8-39D73E5A11A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{40D1620A-C5F5-4234-9863-81495598FA1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{426EC8C6-7167-4C1B-9C6A-F06BF92858E3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{441E7D06-7C23-46CE-B773-16240F47863F}" = dir=out | name=merriam-webster dictionary | 
"{45266AA1-B184-4FA0-94CB-F0DCBA4E0866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4723CB53-FBE4-49D7-B122-4EB45F541DAC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{4BD51EF7-BE2F-4553-A055-209CE101CD99}" = dir=out | name=s gallery | 
"{51A982BE-53E5-47E1-BFA1-BBF93602D2CF}" = dir=in | name=music maker jam | 
"{5491807E-7D97-44A7-83F1-3D193077A3DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55C95C95-1EC3-46A1-826C-BBF8973BA6DE}" = dir=out | name=norton studio | 
"{57F97677-D36A-42F6-9120-2EC48512B159}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{64AB37F5-31EB-4660-9606-6F2AB2D7DA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E62161C-E7D4-481A-B4A5-09D17EC47281}" = dir=in | name=evernote | 
"{6F4F6184-AF3F-40E9-AD8F-BAF53F7A1F45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{779BB8C4-A7F8-44B5-9820-6055E3BCFCF7}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{88AE6507-037F-446C-B7FF-F5C0F04B963E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{895D5A9B-37B6-4D3D-B43B-9AAC81B36300}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{907946DF-C38A-41A1-ABAF-052AA0663303}" = dir=out | name=music maker jam | 
"{96D6F905-B40C-45E4-B032-55C9B0AE0994}" = dir=out | name=jamie's recipes | 
"{99B5D7E3-D2F5-4152-9EE1-1A204CFE94FA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{9A735D89-D8EA-4304-B562-78935416D8A8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9D866BCA-0ADA-4860-80BC-E2E2E448E327}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{AC59D521-E864-4A16-B607-AB3E1958BF23}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B1621F46-F7F4-4900-A0E1-31AC6B8BFE79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA978257-6012-4E0B-AD64-FD1D34A01607}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{BBB6D5F7-1373-4F54-87B5-9B89259CF600}" = dir=out | name=evernote | 
"{BE0E349D-D3A0-42F2-8DFE-61E4056A4383}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BFA165C6-4CED-487B-9F14-4F9716675CC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0C6D77C-4A66-4E44-8260-BA15494B0CAA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{C52DF6BE-2A2F-4D58-A867-F9653688823E}" = dir=out | name=chaton | 
"{C760AEBD-6746-44B0-9B5E-D98CDC94E973}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{C808AE20-51B2-4B08-B0F1-009DA788BBF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1754342-686C-40C3-BB45-C9DC3DCDC975}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D24EBE1A-2F76-4A93-A788-EC80C9797660}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{D4EE6555-512E-42B1-91DA-24C990090D52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6AD9DC8-7719-4CE9-B3C1-2DB6B916F20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7147F10-36FF-43A0-86EB-DEEA51EE4B49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DAC6759A-12A5-4F35-B8BF-E704BF1CCB45}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DBE3A4A8-2691-4604-A011-7744D9512E07}" = protocol=6 | dir=out | app=system | 
"{DD031D44-15E8-44F8-AF12-C217195A94F4}" = dir=in | name=kindle | 
"{E0A75F32-EF15-4D06-87D4-2C199652C39C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{E38E967A-69BA-43D3-B971-01F0B204EC48}" = dir=out | name=kindle | 
"{E75F4DFF-B69E-4326-B098-9C75BA574FF1}" = dir=out | name=fresh paint | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB06B60A-A975-4BCF-924F-8128F3D69ABF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED420043-48F3-486E-AF3A-9859D8E6B54A}" = dir=out | name=photoeditor | 
"{F086076A-A823-4D43-A2B6-CADF8E2C77CC}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{F1612BB2-ABCE-4698-9532-6ABEED1ED499}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7847B06-EBEC-4D07-AB50-AC922102E697}" = dir=out | name=s player | 
"{FF18FCE0-593F-42EF-BD58-5BA190856238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9135430C-DA05-4391-BE81-E7754A4DB8CD}" = Support Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735)
"Elantech" = ETDWare PS/2-X64 11.7.2.1_WHQL
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039EA659-E421-45C6-8913-BED5D69B5536}" = User Guide
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6531175A-067C-42EA-B3BC-8FFDBB470377}" = SW Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7DAA5461-5442-4234-9F01-A6C4AEFFD891}" = Support Center FAQ
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NARA" = Norton Online Backup ARA
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live
"Xerox PhotoCafe" = Xerox PhotoCafe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 17:36:31 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1068  Startzeit der fehlerhaften Anwendung: 0x01ce178e01506f44  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 3f3d5a3d-8381-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 02.03.2013 17:51:32 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1bb8  Startzeit der fehlerhaften Anwendung: 0x01ce179019f8590f  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 57ea08d5-8383-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 02.03.2013 18:06:32 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0xd08  Startzeit der fehlerhaften Anwendung: 0x01ce179232a187c7  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 7097fc52-8385-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 02.03.2013 18:21:33 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x206c  Startzeit der fehlerhaften Anwendung: 0x01ce17944b492f20  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 893dace4-8387-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:00:11 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.4.0,
 Zeitstempel: 0x50f009cd  Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
 2.1.4.0, Zeitstempel: 0x50f009cd  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000222551
ID
 des fehlerhaften Prozesses: 0x27e8  Startzeit der fehlerhaften Anwendung: 0x01ce1838f08e094d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
 3095e4b9-842c-11e2-be95-20689dab7571  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 03.03.2013 14:00:40 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.2,
 Zeitstempel: 0x50cd5051  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505ab405  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000ea485
ID
 des fehlerhaften Prozesses: 0x1dc0  Startzeit der fehlerhaften Anwendung: 0x01ce1838f129045f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Samsung\Recovery\WCScheduler.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 41dd7b2d-842c-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 03.03.2013 14:11:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x2b0  Startzeit der fehlerhaften Anwendung: 0x01ce183a9431427e  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: d2509993-842d-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:26:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1d3c  Startzeit der fehlerhaften Anwendung: 0x01ce183cacd342e7  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: eae1905c-842f-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:41:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x16d0  Startzeit der fehlerhaften Anwendung: 0x01ce183ec57be84d  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 036850a1-8432-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:56:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x28b8  Startzeit der fehlerhaften Anwendung: 0x01ce1840de245483  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 1c11bcab-8434-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
[ System Events ]
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:17 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 13:53:16 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:57:27 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:09 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
 
< End of report >
         
Code:
ATTFilter
 GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 18:47:44
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003b ST500LM012_HN-M500MBB rev.2AR10002 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\pgdoypoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\windows\Explorer.EXE[4920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                         000007febdf0177a 4 bytes [F0, BD, FE, 07]
.text   C:\windows\Explorer.EXE[4920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                         000007febdf01782 4 bytes [F0, BD, FE, 07]
.text   C:\windows\Explorer.EXE[4920] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                       000007fea3471b32 4 bytes [47, A3, FE, 07]
.text   C:\windows\Explorer.EXE[4920] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                       000007fea3471b3a 4 bytes [47, A3, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007feb93a1532 4 bytes [3A, B9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007feb93a153a 4 bytes [3A, B9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007feb93a165a 4 bytes [3A, B9, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1984:1992]                                  0000000000240060
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:2020]                                                                          0000000000f61c24
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:2196]                                                                          000000006949e54e
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:3240]                                                                          000000006777319b
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:4724]                                                                          00000000689c7019
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:3268]                                                                          000000006761eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:5308]                                                                          000000006761eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:4232]                                                                          000000006761eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:4664]                                                                          00000000667f16dc
Thread  C:\windows\system32\csrss.exe [3984:5832]                                                                          fffff960008bf5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
         
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht

Name:	gmer fehlermeldung.jpg
Hits:	173
Größe:	21,7 KB
ID:	51652  

 

Themen zu GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.
adfarm, bho, computer, computern, down, error, excel, firefox, flash player, gebraucht, helper, iexplore.exe, install.exe, installation, logfile, mozilla, msvcrt, ntdll.dll, nvpciflt.sys, office 2007, plug-in, realtek, registry, scan, security, software, spyware, super, svchost.exe, symantec, trojaner, unknown mbr, virus, warnung, windows




Ähnliche Themen: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.


  1. Verdacht auf KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (14)
  2. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 28.05.2014 (5)
  3. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 03.03.2014 (9)
  4. AVG unerwartet beendet (verdacht auf Keylogger/Trojaner)
    Log-Analyse und Auswertung - 08.02.2013 (28)
  5. Verdacht auf keylogger
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (17)
  6. Verdacht auf Malware/Trojaner/Keylogger oder ähnliches
    Log-Analyse und Auswertung - 14.06.2012 (3)
  7. Verdacht auf Keylogger oder Trojaner - empfindliche Daten auspioniert
    Log-Analyse und Auswertung - 17.05.2012 (1)
  8. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 19.09.2011 (1)
  9. Verdacht auf Trojaner oder Keylogger
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (14)
  10. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 18.02.2011 (4)
  11. Verdacht auf KeyLogger
    Log-Analyse und Auswertung - 21.02.2010 (2)
  12. Verdacht auf Trojaner/Keylogger
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (0)
  13. Hab nen verdacht auf nen Keylogger
    Mülltonne - 04.09.2008 (0)
  14. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 10.08.2008 (1)
  15. Verdacht auf keylogger!
    Log-Analyse und Auswertung - 01.11.2007 (11)
  16. verdacht auf keylogger!
    Log-Analyse und Auswertung - 23.10.2007 (7)
  17. Verdacht auf Trojaner oder Keylogger
    Mülltonne - 19.10.2007 (0)

Zum Thema GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Liebes trojaner-board-Team, seit einigen Tagen fällt mir auf, dass bei meinem GMX-Account als "letzter Login" Zeiten registriert sind, zu denen ich nachweislich nicht online war (teilweise 2 oder 3 Uhr - GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc....
Archiv
Du betrachtest: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.