| |
| |||||||
Log-Analyse und Auswertung: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.03.2013, 19:19
| #1 |
 |  GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Liebes trojaner-board-Team, seit einigen Tagen fällt mir auf, dass bei meinem GMX-Account als "letzter Login" Zeiten registriert sind, zu denen ich nachweislich nicht online war (teilweise 2 oder 3 Uhr nachts). Einen Zugriff von einer mir bekannten Person kann ich zu 100% ausschließen, da niemand mein Passwort oder Zugang zu meinem PC/Laptop hat. Ich greife auf meinen GMX-Account von meinem Laptop täglich und 1-2x pro Woche auch von meinem PC aus zu (Outlook, Thunderbird oder auch Web). Auf beiden Computern habe ich Norton 360, das stets auf dem aktuellsten Stand gehalten wird. Auf dem Laptop und dem PC habe ich je mehrere Suchläufe mit Norton 360 und Super Anti Spyware laufen lassen. Auf dem Laptop hat Norton nichts, und Super-Antispyware lediglich Tracking-Cookies (adfarm) gefunden. Auf dem PC hat Norton 1 Virus (Trojaner) und Tracking Cookies gefunden, Super-Spyware mehrere Trojaner und etliche Tracking-Cookies gefunden. Nachdem ich die infizierten Dateien von mir nicht mehr gebraucht wurden, habe ich diese alle gelöscht (PC). Von da an änderte ich auf dem Laptop mehrmals das Passwort für GMX, leider traten die Zugriffe weiterhin (die letzten 2 Tage) auf. Der Zugriff erfolgte nur noch über den Laptop. Ich würde gerne Laptop und PC durchchecken, wichtiger wäre mir zunächst der Laptop, da er neuer ist. Eigentlich wäre es verwunderlich, da ich ihn erst seit Januar habe, aber die unerklärlichen Zugriffe lassen fast keinen anderen Schluss zu. Wie gesagt, ich würde gerne mit dem Laptop beginnen... Viele Grüße Stevie-1984 PS. Hier die OTL.txt, Extras.txt und die gmer.txt; bei GMER taucht eine Fehlermeldung (Anhang) auf, ein Log-File wird erstellt. OTL.txt: Code:
ATTFilter OTL logfile created on: 14.03.2013 18:29:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 81,90% Memory free 9,14 Gb Paging File | 7,67 Gb Available in Paging File | 83,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 440,49 Gb Total Space | 391,69 Gb Free Space | 88,92% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2013.02.21 15:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.23 18:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.09.29 18:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.09.05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2012.09.05 08:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe PRC - [2012.09.05 08:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe PRC - [2012.08.15 12:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2012.07.18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.06.08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe ========== Modules (No Company Name) ========== MOD - [2012.09.05 08:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll MOD - [2012.09.05 08:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll MOD - [2012.09.05 08:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll MOD - [2012.09.05 08:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll MOD - [2012.09.05 08:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll MOD - [2012.06.08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.06.08 03:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.01.29 02:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService) SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.20 06:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.03.12 20:00:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.09 20:44:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2013.02.21 15:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService) SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.23 18:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.09.29 19:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.09.29 18:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent) SRV - [2012.09.05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2012.08.16 12:08:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.07.11 00:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 02:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.29 00:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.28 19:42:43 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.23 18:35:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.29 18:43:26 | 000,575,128 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.09.29 18:43:24 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.09.29 18:43:22 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.09.29 18:43:22 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.09.29 18:43:20 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.09.29 18:43:20 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.09.29 18:43:20 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.09.29 18:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.19 00:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.09.06 19:05:06 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM) DRV:64bit: - [2012.08.16 03:26:42 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.08.06 03:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.07.31 03:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.27 13:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.06.25 02:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.12 13:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.05.26 01:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA) DRV - [2013.01.26 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130314.004\ex64.sys -- (NAVEX15) DRV - [2013.01.26 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.01.26 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.26 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130314.004\eng64.sys -- (NAVENG) DRV - [2013.01.24 16:29:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130312.001\IDSviA64.sys -- (IDSVia64) DRV - [2013.01.16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0} IE:64bit: - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0} IE - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95 FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1 FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013.01.28 19:43:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013.03.14 17:39:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 20:44:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.14 19:12:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 20:44:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.02 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.02.14 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions [2013.02.07 21:15:33 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions\sammelfreund@webmiles.de [2013.02.14 19:40:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\testpilot@labs.mozilla.com.xpi [2013.02.12 19:48:20 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\tineye@ideeinc.com.xpi [2013.02.07 21:15:33 | 000,128,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\toolbar-ff@payback.de.xpi [2013.03.09 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 20:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.03.09 20:44:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.12 22:09:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.12 22:09:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.12 22:09:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.12 22:09:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.12 22:09:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.12 22:09:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAEB5F0-1A65-4275-B88E-A13B42C731CE}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.14 18:27:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.14 17:37:34 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.03.13 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com [2013.03.12 19:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Spyware Scanner [2013.03.12 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner [2013.03.09 20:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.08 16:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2013.03.07 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.01 14:32:34 | 000,000,000 | ---D | C] -- C:\83653373651835b891237365 [2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV [2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV [2013.02.28 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.02.28 18:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.02.27 21:11:21 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [2013.02.24 19:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.02.15 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Studium [2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.14 19:12:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Thunderbird [2013.02.14 19:12:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Thunderbird [2013.02.14 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.14 18:25:51 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.03.14 18:24:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2013.03.14 18:00:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.14 17:42:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job [2013.03.14 17:41:00 | 002,176,475 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013.03.14 17:36:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.13 22:19:11 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.03.13 22:19:02 | 2324,926,463 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 20:36:28 | 000,002,928 | ---- | M] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9} [2013.03.13 19:29:20 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE [2013.03.12 19:58:49 | 006,423,656 | ---- | M] () -- C:\Users\User\FreeSpywareScanner9.6.exe [2013.03.12 19:35:39 | 000,002,928 | ---- | M] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7} [2013.03.08 16:31:19 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013.03.08 16:30:57 | 000,427,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.08 16:30:05 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021 [2013.03.01 19:36:01 | 000,002,928 | ---- | M] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72} [2013.02.28 18:58:28 | 000,002,928 | ---- | M] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E} [2013.02.22 19:36:10 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.22 19:36:10 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.22 19:36:10 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.22 19:36:10 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.22 19:36:10 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.21 16:59:08 | 002,063,240 | ---- | M] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [2013.02.14 22:17:54 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.14 19:40:40 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.14 19:12:27 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\isolate.ini ========== Files Created - No Company Name ========== [2013.03.14 18:25:51 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.03.14 18:24:37 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2013.03.13 20:36:27 | 000,002,928 | ---- | C] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9} [2013.03.13 19:29:19 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2013.03.12 19:58:34 | 006,423,656 | ---- | C] () -- C:\Users\User\FreeSpywareScanner9.6.exe [2013.03.12 19:35:39 | 000,002,928 | ---- | C] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7} [2013.03.01 19:36:00 | 000,002,928 | ---- | C] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72} [2013.02.28 18:58:27 | 000,002,928 | ---- | C] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E} [2013.02.28 18:14:56 | 003,547,239 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin [2013.02.28 18:12:35 | 000,014,148 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb [2013.02.27 21:11:21 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2013.02.15 20:05:50 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.02.14 22:17:53 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.14 22:17:52 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.14 19:19:29 | 000,427,328 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.14 19:12:25 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.02.14 19:12:17 | 000,002,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.01.28 10:59:15 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.08.16 03:27:12 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.08.16 03:27:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.08.16 03:26:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.08.16 03:26:32 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.08.16 03:26:32 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.14 19:12:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.03.2013 18:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,71 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 81,90% Memory free
9,14 Gb Paging File | 7,67 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,69 Gb Free Space | 88,92% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0E22F-B40D-47E3-A964-CF8750555235}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FC054FA-4BB8-4912-9296-DD5BB598864E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23C46A72-6547-4F4A-B25E-D187E39EF5C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{338E5BE1-C7DE-4456-9DD5-D44C1398E204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E28B3FB-95F5-403D-BDE3-7CEC45164122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F321406-B2A5-4374-9F4D-91B35628892A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4768B628-0369-434A-B9A1-DC760EC11A0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48D386C3-82FB-489C-8DDB-7FF6D9E62063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E516A26-9160-401E-B1AF-EB47F14C6139}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AF4E63F-10FF-4E31-8814-DF8FB618B100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{620A2EE9-10F9-4324-ADC2-00439E6600C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7C50FB0B-61F0-4674-BD20-055C52C564A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{91B674A2-D43B-4DE5-BC2E-B9617B8CDB2D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{948D3014-4F4C-402B-92CE-34928DD626D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C122646-305B-4E8D-BE55-BA70CF4BDE78}" = lport=137 | protocol=17 | dir=in | app=system |
"{9DC9E6D5-9416-436B-B27A-4632C37A7A80}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3E99500-C0BC-4E05-9962-CD4D99B1F7E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFE77CDC-F02B-45DD-9B98-1DEDE6110B8A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C46C0C89-9B68-4D61-B7C4-8E176D6CC73B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C47EB13A-9628-4371-B542-91307CBEFE55}" = rport=139 | protocol=6 | dir=out | app=system |
"{D51958C0-A7FF-4F88-A331-ABA83698CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6524EE1-07D7-41DF-9080-FF306EA158A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F15D5A8C-44CB-4A03-918A-9A67F6B54B17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F71F5687-2B37-4309-8995-3253B0F5B5E3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C7F723-B67F-4D2A-9EDC-FA2DEF522987}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{03947F51-900C-4711-88E3-1A6178D2E49F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{0A0EE794-A424-4BFC-9396-253C430BE12D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E7F0D49-6F94-4F22-858D-33BB1D52E00F}" = dir=out | name=adera |
"{157E0455-EA79-46AD-9405-75AAB545F424}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{23EE1B42-1C0D-48E3-AD44-2918A4538C77}" = dir=out | name=family story |
"{24B7411C-596B-45B7-9278-7E7408EE0C0A}" = dir=out | name=music hub |
"{251A4228-798C-40A4-B599-510B291B9746}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2981EE46-466D-4011-9F08-8D13F839E0E1}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{29AB4D3E-6AE2-45B9-A4EB-1654F5916B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D7FE2F7-A448-45D2-8150-6CBC9B392FB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3463939C-02E9-4EFE-8D78-993F7C256F32}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{35DF66F2-B735-4510-9AF5-CCC22E67C67C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A765185-2BFC-4321-8470-2DD53BB6A10C}" = dir=out | name=s camera |
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 |
"{40407DBB-A9D9-4668-A7B8-39D73E5A11A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{40D1620A-C5F5-4234-9863-81495598FA1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{426EC8C6-7167-4C1B-9C6A-F06BF92858E3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{441E7D06-7C23-46CE-B773-16240F47863F}" = dir=out | name=merriam-webster dictionary |
"{45266AA1-B184-4FA0-94CB-F0DCBA4E0866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4723CB53-FBE4-49D7-B122-4EB45F541DAC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4BD51EF7-BE2F-4553-A055-209CE101CD99}" = dir=out | name=s gallery |
"{51A982BE-53E5-47E1-BFA1-BBF93602D2CF}" = dir=in | name=music maker jam |
"{5491807E-7D97-44A7-83F1-3D193077A3DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55C95C95-1EC3-46A1-826C-BBF8973BA6DE}" = dir=out | name=norton studio |
"{57F97677-D36A-42F6-9120-2EC48512B159}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{64AB37F5-31EB-4660-9606-6F2AB2D7DA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E62161C-E7D4-481A-B4A5-09D17EC47281}" = dir=in | name=evernote |
"{6F4F6184-AF3F-40E9-AD8F-BAF53F7A1F45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{779BB8C4-A7F8-44B5-9820-6055E3BCFCF7}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{88AE6507-037F-446C-B7FF-F5C0F04B963E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{895D5A9B-37B6-4D3D-B43B-9AAC81B36300}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{907946DF-C38A-41A1-ABAF-052AA0663303}" = dir=out | name=music maker jam |
"{96D6F905-B40C-45E4-B032-55C9B0AE0994}" = dir=out | name=jamie's recipes |
"{99B5D7E3-D2F5-4152-9EE1-1A204CFE94FA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{9A735D89-D8EA-4304-B562-78935416D8A8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9D866BCA-0ADA-4860-80BC-E2E2E448E327}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AC59D521-E864-4A16-B607-AB3E1958BF23}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B1621F46-F7F4-4900-A0E1-31AC6B8BFE79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA978257-6012-4E0B-AD64-FD1D34A01607}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BBB6D5F7-1373-4F54-87B5-9B89259CF600}" = dir=out | name=evernote |
"{BE0E349D-D3A0-42F2-8DFE-61E4056A4383}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BFA165C6-4CED-487B-9F14-4F9716675CC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0C6D77C-4A66-4E44-8260-BA15494B0CAA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C52DF6BE-2A2F-4D58-A867-F9653688823E}" = dir=out | name=chaton |
"{C760AEBD-6746-44B0-9B5E-D98CDC94E973}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{C808AE20-51B2-4B08-B0F1-009DA788BBF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1754342-686C-40C3-BB45-C9DC3DCDC975}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D24EBE1A-2F76-4A93-A788-EC80C9797660}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D4EE6555-512E-42B1-91DA-24C990090D52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6AD9DC8-7719-4CE9-B3C1-2DB6B916F20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7147F10-36FF-43A0-86EB-DEEA51EE4B49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAC6759A-12A5-4F35-B8BF-E704BF1CCB45}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{DBE3A4A8-2691-4604-A011-7744D9512E07}" = protocol=6 | dir=out | app=system |
"{DD031D44-15E8-44F8-AF12-C217195A94F4}" = dir=in | name=kindle |
"{E0A75F32-EF15-4D06-87D4-2C199652C39C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E38E967A-69BA-43D3-B971-01F0B204EC48}" = dir=out | name=kindle |
"{E75F4DFF-B69E-4326-B098-9C75BA574FF1}" = dir=out | name=fresh paint |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB06B60A-A975-4BCF-924F-8128F3D69ABF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED420043-48F3-486E-AF3A-9859D8E6B54A}" = dir=out | name=photoeditor |
"{F086076A-A823-4D43-A2B6-CADF8E2C77CC}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{F1612BB2-ABCE-4698-9532-6ABEED1ED499}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7847B06-EBEC-4D07-AB50-AC922102E697}" = dir=out | name=s player |
"{FF18FCE0-593F-42EF-BD58-5BA190856238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9135430C-DA05-4391-BE81-E7754A4DB8CD}" = Support Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
"Elantech" = ETDWare PS/2-X64 11.7.2.1_WHQL
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039EA659-E421-45C6-8913-BED5D69B5536}" = User Guide
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6531175A-067C-42EA-B3BC-8FFDBB470377}" = SW Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7DAA5461-5442-4234-9F01-A6C4AEFFD891}" = Support Center FAQ
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NARA" = Norton Online Backup ARA
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live
"Xerox PhotoCafe" = Xerox PhotoCafe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2013 17:36:31 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x1068 Startzeit der fehlerhaften Anwendung: 0x01ce178e01506f44 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 3f3d5a3d-8381-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 02.03.2013 17:51:32 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x1bb8 Startzeit der fehlerhaften Anwendung: 0x01ce179019f8590f Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 57ea08d5-8383-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 02.03.2013 18:06:32 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0xd08 Startzeit der fehlerhaften Anwendung: 0x01ce179232a187c7 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 7097fc52-8385-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 02.03.2013 18:21:33 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x206c Startzeit der fehlerhaften Anwendung: 0x01ce17944b492f20 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 893dace4-8387-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 03.03.2013 14:00:11 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.4.0,
Zeitstempel: 0x50f009cd Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
2.1.4.0, Zeitstempel: 0x50f009cd Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000222551
ID
des fehlerhaften Prozesses: 0x27e8 Startzeit der fehlerhaften Anwendung: 0x01ce1838f08e094d
Pfad
der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
3095e4b9-842c-11e2-be95-20689dab7571 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 03.03.2013 14:00:40 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.2,
Zeitstempel: 0x50cd5051 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505ab405 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ea485
ID
des fehlerhaften Prozesses: 0x1dc0 Startzeit der fehlerhaften Anwendung: 0x01ce1838f129045f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Samsung\Recovery\WCScheduler.exe Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 41dd7b2d-842c-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 03.03.2013 14:11:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x2b0 Startzeit der fehlerhaften Anwendung: 0x01ce183a9431427e Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: d2509993-842d-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 03.03.2013 14:26:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x1d3c Startzeit der fehlerhaften Anwendung: 0x01ce183cacd342e7 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: eae1905c-842f-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 03.03.2013 14:41:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x16d0 Startzeit der fehlerhaften Anwendung: 0x01ce183ec57be84d Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 036850a1-8432-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 03.03.2013 14:56:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x28b8 Startzeit der fehlerhaften Anwendung: 0x01ce1840de245483 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 1c11bcab-8434-11e2-be95-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
[ System Events ]
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 12:54:17 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 13:53:16 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:57:27 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:09 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 18:47:44
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003b ST500LM012_HN-M500MBB rev.2AR10002 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\pgdoypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\Explorer.EXE[4920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007febdf0177a 4 bytes [F0, BD, FE, 07]
.text C:\windows\Explorer.EXE[4920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007febdf01782 4 bytes [F0, BD, FE, 07]
.text C:\windows\Explorer.EXE[4920] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fea3471b32 4 bytes [47, A3, FE, 07]
.text C:\windows\Explorer.EXE[4920] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fea3471b3a 4 bytes [47, A3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007feb93a1532 4 bytes [3A, B9, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007feb93a153a 4 bytes [3A, B9, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007feb93a165a 4 bytes [3A, B9, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1984:1992] 0000000000240060
Thread C:\windows\SYSTEM32\ntdll.dll [2016:2020] 0000000000f61c24
Thread C:\windows\SYSTEM32\ntdll.dll [2016:2196] 000000006949e54e
Thread C:\windows\SYSTEM32\ntdll.dll [2016:3240] 000000006777319b
Thread C:\windows\SYSTEM32\ntdll.dll [2016:4724] 00000000689c7019
Thread C:\windows\SYSTEM32\ntdll.dll [2016:3268] 000000006761eec8
Thread C:\windows\SYSTEM32\ntdll.dll [2016:5308] 000000006761eec8
Thread C:\windows\SYSTEM32\ntdll.dll [2016:4232] 000000006761eec8
Thread C:\windows\SYSTEM32\ntdll.dll [2016:4664] 00000000667f16dc
Thread C:\windows\system32\csrss.exe [3984:5832] fffff960008bf5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
15.03.2013, 23:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
__________________
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
16.03.2013, 10:50
| #3 |
| | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Schon mal vielen Dank an dieser Stelle.
__________________Hier die Logs: MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.16.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
User :: SAMSUNG [administrator]
16.03.2013 10:33:44
mbar-log-2013-03-16 (10-33-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 8295
Time elapsed: 6 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-16 10:37:43
-----------------------------
10:37:43.185 OS Version: Windows x64 6.2.9200
10:37:43.185 Number of processors: 4 586 0x2A07
10:37:43.185 ComputerName: SAMSUNG UserName: User
10:37:43.185 Initialze error 1
10:40:14.306 AVAST engine defs: 13031501
10:40:20.050 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
10:40:20.050 Disk 0 Vendor: ST500LM012_HN-M500MBB 2AR10002 Size: 476940MB BusType: 11
10:40:20.096 Disk 0 MBR read successfully
10:40:20.096 Disk 0 MBR scan
10:40:20.096 Disk 0 unknown MBR code
10:40:20.096 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
10:40:20.096 Disk 0 scanning C:\windows\system32\drivers
10:40:20.112 Service scanning
10:40:20.737 Modules scanning
10:40:20.737 Disk 0 trace - called modules:
10:40:20.737 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
10:40:20.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092d6060]
10:40:20.753 3 CLASSPNP.SYS[fffff880018388aa] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa800799a060]
10:40:20.753 AVAST engine scan C:\windows
10:40:20.753 AVAST engine scan C:\windows\system32
10:40:20.753 AVAST engine scan C:\windows\system32\drivers
10:40:20.768 AVAST engine scan C:\Users\User
10:40:20.768 AVAST engine scan C:\ProgramData
10:40:20.768 Scan finished successfully
10:40:33.227 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
10:40:33.243 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
Code:
ATTFilter 10:43:16.0961 4480 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:43:16.0961 4480 UEFI system
10:43:17.0242 4480 ============================================================
10:43:17.0242 4480 Current date / time: 2013/03/16 10:43:17.0242
10:43:17.0242 4480 SystemInfo:
10:43:17.0242 4480
10:43:17.0242 4480 OS Version: 6.2.9200 ServicePack: 0.0
10:43:17.0242 4480 Product type: Workstation
10:43:17.0242 4480 ComputerName: SAMSUNG
10:43:17.0242 4480 UserName: User
10:43:17.0242 4480 Windows directory: C:\windows
10:43:17.0242 4480 System windows directory: C:\windows
10:43:17.0242 4480 Running under WOW64
10:43:17.0242 4480 Processor architecture: Intel x64
10:43:17.0242 4480 Number of processors: 4
10:43:17.0242 4480 Page size: 0x1000
10:43:17.0242 4480 Boot type: Normal boot
10:43:17.0242 4480 ============================================================
10:43:18.0695 4480 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:43:18.0695 4480 ============================================================
10:43:18.0695 4480 \Device\Harddisk0\DR0:
10:43:18.0695 4480 GPT partitions:
10:43:18.0695 4480 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {118EA028-1713-43C0-909C-37C4E9E17B62}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
10:43:18.0695 4480 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {14AC08E6-8D77-4270-80B7-27F9676D7685}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x96000
10:43:18.0695 4480 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {11BD816E-0D91-424D-AC43-6C9107922E53}, Name: Microsoft reserved partition, StartLBA 0x190800, BlocksNum 0x40000
10:43:18.0695 4480 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {15F4A025-5EF9-49D1-8C93-8EE5F0688354}, Name: Basic data partition, StartLBA 0x1D0800, BlocksNum 0x370FA801
10:43:18.0695 4480 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3F8CDA94-01D3-48DB-AD67-9852013F4EAC}, Name: Basic data partition, StartLBA 0x372CB001, BlocksNum 0x2EBB000
10:43:18.0695 4480 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F98CC789-F9B9-40F0-4173-636C65706975}, Name: Basic data partition, StartLBA 0x3A186001, BlocksNum 0x200000
10:43:18.0695 4480 MBR partitions:
10:43:18.0695 4480 ============================================================
10:43:18.0726 4480 C: <-> \Device\Harddisk0\DR0\Partition4
10:43:18.0726 4480 ============================================================
10:43:18.0726 4480 Initialize success
10:43:18.0726 4480 ============================================================
10:43:29.0604 1036 ============================================================
10:43:29.0604 1036 Scan started
10:43:29.0604 1036 Mode: Manual; SigCheck; TDLFS;
10:43:29.0604 1036 ============================================================
10:43:30.0151 1036 ================ Scan system memory ========================
10:43:30.0151 1036 System memory - ok
10:43:30.0151 1036 ================ Scan services =============================
10:43:30.0292 1036 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
10:43:30.0385 1036 1394ohci - ok
10:43:30.0417 1036 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\windows\system32\drivers\3ware.sys
10:43:30.0464 1036 3ware - ok
10:43:30.0651 1036 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\windows\system32\drivers\ACPI.sys
10:43:30.0667 1036 ACPI - ok
10:43:30.0714 1036 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\windows\system32\Drivers\acpiex.sys
10:43:30.0714 1036 acpiex - ok
10:43:30.0760 1036 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
10:43:30.0870 1036 acpipagr - ok
10:43:30.0917 1036 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
10:43:30.0995 1036 AcpiPmi - ok
10:43:31.0020 1036 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\windows\System32\drivers\acpitime.sys
10:43:31.0093 1036 acpitime - ok
10:43:31.0280 1036 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:31.0280 1036 AdobeARMservice - ok
10:43:31.0921 1036 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:31.0921 1036 AdobeFlashPlayerUpdateSvc - ok
10:43:32.0046 1036 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\windows\system32\drivers\adp94xx.sys
10:43:32.0062 1036 adp94xx - ok
10:43:32.0109 1036 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\windows\system32\drivers\adpahci.sys
10:43:32.0124 1036 adpahci - ok
10:43:32.0156 1036 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\windows\system32\drivers\adpu320.sys
10:43:32.0171 1036 adpu320 - ok
10:43:32.0207 1036 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:43:32.0301 1036 AeLookupSvc - ok
10:43:32.0394 1036 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\windows\system32\drivers\afd.sys
10:43:32.0488 1036 AFD - ok
10:43:32.0551 1036 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\windows\system32\drivers\agp440.sys
10:43:32.0551 1036 agp440 - ok
10:43:32.0597 1036 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\windows\System32\alg.exe
10:43:32.0676 1036 ALG - ok
10:43:32.0707 1036 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
10:43:32.0754 1036 AllUserInstallAgent - ok
10:43:32.0817 1036 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\windows\System32\drivers\amdk8.sys
10:43:32.0895 1036 AmdK8 - ok
10:43:32.0938 1036 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\windows\System32\drivers\amdppm.sys
10:43:33.0008 1036 AmdPPM - ok
10:43:33.0055 1036 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\windows\system32\drivers\amdsata.sys
10:43:33.0055 1036 amdsata - ok
10:43:33.0102 1036 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
10:43:33.0118 1036 amdsbs - ok
10:43:33.0149 1036 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:43:33.0149 1036 amdxata - ok
10:43:33.0216 1036 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\windows\system32\drivers\appid.sys
10:43:33.0247 1036 AppID - ok
10:43:33.0310 1036 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\windows\System32\appidsvc.dll
10:43:33.0357 1036 AppIDSvc - ok
10:43:33.0388 1036 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\windows\System32\appinfo.dll
10:43:33.0466 1036 Appinfo - ok
10:43:33.0529 1036 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\windows\system32\drivers\arc.sys
10:43:33.0544 1036 arc - ok
10:43:33.0575 1036 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\windows\system32\drivers\arcsas.sys
10:43:33.0591 1036 arcsas - ok
10:43:33.0638 1036 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:43:33.0700 1036 AsyncMac - ok
10:43:33.0716 1036 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\windows\system32\drivers\atapi.sys
10:43:33.0732 1036 atapi - ok
10:43:33.0794 1036 [ 51C6777AD7649F6C3ED389151CFD9DE6 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
10:43:33.0810 1036 AthBTPort - ok
10:43:33.0919 1036 [ 67EC05E67E1416A51C478A5DAA59302E ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:43:33.0935 1036 AtherosSvc - ok
10:43:34.0341 1036 [ 221F28472FB210E2D4A7B4488BC798F9 ] athr C:\windows\system32\DRIVERS\athw8x.sys
10:43:34.0404 1036 athr - ok
10:43:34.0466 1036 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
10:43:34.0513 1036 AudioEndpointBuilder - ok
10:43:34.0638 1036 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\windows\System32\Audiosrv.dll
10:43:34.0674 1036 Audiosrv - ok
10:43:34.0736 1036 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\windows\System32\AxInstSV.dll
10:43:34.0846 1036 AxInstSV - ok
10:43:34.0940 1036 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
10:43:34.0955 1036 b06bdrv - ok
10:43:35.0023 1036 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
10:43:35.0081 1036 BasicDisplay - ok
10:43:35.0112 1036 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
10:43:35.0175 1036 BasicRender - ok
10:43:35.0222 1036 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\windows\System32\bdesvc.dll
10:43:35.0269 1036 BDESVC - ok
10:43:35.0331 1036 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\windows\system32\drivers\Beep.sys
10:43:35.0378 1036 Beep - ok
10:43:35.0534 1036 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\windows\System32\bfe.dll
10:43:35.0597 1036 BFE - ok
10:43:35.0847 1036 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
10:43:35.0863 1036 BHDrvx64 - ok
10:43:35.0925 1036 [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
10:43:35.0941 1036 BingDesktopUpdate - ok
10:43:35.0988 1036 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\windows\System32\qmgr.dll
10:43:36.0019 1036 BITS - ok
10:43:36.0034 1036 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:43:36.0113 1036 bowser - ok
10:43:36.0159 1036 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
10:43:36.0175 1036 BrokerInfrastructure - ok
10:43:36.0206 1036 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\windows\System32\browser.dll
10:43:36.0300 1036 Browser - ok
10:43:36.0316 1036 [ B600D86961C6DF87EEB637D4C4ABB663 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
10:43:36.0331 1036 BTATH_A2DP - ok
10:43:36.0347 1036 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\windows\system32\drivers\btath_avdt.sys
10:43:36.0347 1036 btath_avdt - ok
10:43:36.0378 1036 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\windows\System32\drivers\btath_bus.sys
10:43:36.0378 1036 BTATH_BUS - ok
10:43:36.0394 1036 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\windows\System32\drivers\btath_hcrp.sys
10:43:36.0394 1036 BTATH_HCRP - ok
10:43:36.0441 1036 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
10:43:36.0456 1036 BTATH_LWFLT - ok
10:43:36.0456 1036 [ 057DA8351AD21AE485A11A8237DC9263 ] BTATH_RCP C:\windows\System32\drivers\btath_rcp.sys
10:43:36.0472 1036 BTATH_RCP - ok
10:43:36.0488 1036 [ 185C8FCF6FD4D263AB1AC5A32ADD86AD ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
10:43:36.0503 1036 BtFilter - ok
10:43:36.0519 1036 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
10:43:36.0566 1036 BthAvrcpTg - ok
10:43:36.0628 1036 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\windows\System32\drivers\BthEnum.sys
10:43:36.0659 1036 BthEnum - ok
10:43:36.0691 1036 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
10:43:36.0722 1036 BthHFEnum - ok
10:43:36.0753 1036 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
10:43:36.0800 1036 bthhfhid - ok
10:43:36.0831 1036 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\windows\system32\DRIVERS\BthLEEnum.sys
10:43:36.0894 1036 BthLEEnum - ok
10:43:36.0925 1036 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
10:43:36.0956 1036 BTHMODEM - ok
10:43:36.0988 1036 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
10:43:37.0003 1036 BthPan - ok
10:43:37.0050 1036 [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
10:43:37.0081 1036 BTHPORT - ok
10:43:37.0097 1036 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\windows\system32\bthserv.dll
10:43:37.0113 1036 bthserv - ok
10:43:37.0144 1036 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
10:43:37.0175 1036 BTHUSB - ok
10:43:37.0222 1036 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
10:43:37.0222 1036 ccSet_N360 - ok
10:43:37.0253 1036 [ E41F70406C34F1CB667B4B27D81AD162 ] ccSet_NARA C:\windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys
10:43:37.0269 1036 ccSet_NARA - ok
10:43:37.0331 1036 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:43:37.0347 1036 cdfs - ok
10:43:37.0363 1036 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\windows\System32\drivers\cdrom.sys
10:43:37.0378 1036 cdrom - ok
10:43:37.0410 1036 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\windows\System32\certprop.dll
10:43:37.0441 1036 CertPropSvc - ok
10:43:37.0441 1036 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\windows\System32\drivers\circlass.sys
10:43:37.0472 1036 circlass - ok
10:43:37.0535 1036 [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
10:43:37.0535 1036 ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
10:43:37.0535 1036 ClassicShellService - detected UnsignedFile.Multi.Generic (1)
10:43:37.0597 1036 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\windows\system32\drivers\CLFS.sys
10:43:37.0613 1036 CLFS - ok
10:43:37.0660 1036 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
10:43:37.0660 1036 CLVirtualDrive - ok
10:43:37.0675 1036 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\windows\System32\drivers\CmBatt.sys
10:43:37.0691 1036 CmBatt - ok
10:43:37.0738 1036 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\windows\system32\Drivers\cng.sys
10:43:37.0753 1036 CNG - ok
10:43:37.0753 1036 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
10:43:37.0769 1036 CompositeBus - ok
10:43:37.0785 1036 COMSysApp - ok
10:43:37.0800 1036 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\windows\system32\drivers\condrv.sys
10:43:37.0831 1036 condrv - ok
10:43:37.0941 1036 [ C6D620A69098AB17EBD5C0CAADA1D7DC ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
10:43:37.0956 1036 cphs - ok
10:43:37.0988 1036 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\windows\system32\cryptsvc.dll
10:43:38.0019 1036 CryptSvc - ok
10:43:38.0066 1036 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\windows\system32\drivers\dam.sys
10:43:38.0081 1036 dam - ok
10:43:38.0113 1036 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\windows\system32\rpcss.dll
10:43:38.0144 1036 DcomLaunch - ok
10:43:38.0175 1036 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\windows\System32\defragsvc.dll
10:43:38.0253 1036 defragsvc - ok
10:43:38.0269 1036 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\windows\system32\das.dll
10:43:38.0300 1036 DeviceAssociationService - ok
10:43:38.0316 1036 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
10:43:38.0331 1036 DeviceInstall - ok
10:43:38.0347 1036 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
10:43:38.0363 1036 Dfsc - ok
10:43:38.0394 1036 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\windows\system32\dhcpcore.dll
10:43:38.0425 1036 Dhcp - ok
10:43:38.0441 1036 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\windows\system32\drivers\discache.sys
10:43:38.0456 1036 discache - ok
10:43:38.0519 1036 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\windows\system32\drivers\disk.sys
10:43:38.0519 1036 disk - ok
10:43:38.0535 1036 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\windows\System32\drivers\dmvsc.sys
10:43:38.0550 1036 dmvsc - ok
10:43:38.0566 1036 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:43:38.0597 1036 Dnscache - ok
10:43:38.0644 1036 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\windows\System32\dot3svc.dll
10:43:38.0675 1036 dot3svc - ok
10:43:38.0691 1036 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\windows\system32\dps.dll
10:43:38.0706 1036 DPS - ok
10:43:38.0738 1036 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:43:38.0753 1036 drmkaud - ok
10:43:38.0769 1036 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
10:43:38.0785 1036 DsmSvc - ok
10:43:38.0831 1036 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:43:38.0863 1036 DXGKrnl - ok
10:43:38.0914 1036 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\windows\System32\eapsvc.dll
10:43:38.0945 1036 Eaphost - ok
10:43:39.0039 1036 [ 843E8B2127D7283845E29E6176C15887 ] Easy Launcher C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
10:43:39.0070 1036 Easy Launcher - ok
10:43:39.0164 1036 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\windows\system32\drivers\evbda.sys
10:43:39.0227 1036 ebdrv - ok
10:43:39.0289 1036 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:43:39.0305 1036 eeCtrl - ok
10:43:39.0336 1036 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\windows\System32\lsass.exe
10:43:39.0398 1036 EFS - ok
10:43:39.0430 1036 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
10:43:39.0430 1036 EhStorClass - ok
10:43:39.0461 1036 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
10:43:39.0461 1036 EhStorTcgDrv - ok
10:43:39.0492 1036 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:43:39.0508 1036 EraserUtilRebootDrv - ok
10:43:39.0508 1036 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\windows\System32\drivers\errdev.sys
10:43:39.0555 1036 ErrDev - ok
10:43:39.0586 1036 [ 6073E00157E6D99FC8D0D0CC8EF61DF9 ] ETD C:\windows\system32\DRIVERS\ETD.sys
10:43:39.0586 1036 ETD - ok
10:43:39.0648 1036 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\windows\system32\es.dll
10:43:39.0680 1036 EventSystem - ok
10:43:39.0727 1036 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\windows\system32\drivers\exfat.sys
10:43:39.0758 1036 exfat - ok
10:43:39.0773 1036 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\windows\system32\drivers\fastfat.sys
10:43:39.0789 1036 fastfat - ok
10:43:39.0820 1036 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\windows\system32\fxssvc.exe
10:43:39.0836 1036 Fax - ok
10:43:39.0836 1036 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\windows\System32\drivers\fdc.sys
10:43:39.0852 1036 fdc - ok
10:43:39.0867 1036 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\windows\system32\fdPHost.dll
10:43:39.0898 1036 fdPHost - ok
10:43:39.0930 1036 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\windows\system32\fdrespub.dll
10:43:39.0992 1036 FDResPub - ok
10:43:40.0023 1036 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\windows\system32\fhsvc.dll
10:43:40.0086 1036 fhsvc - ok
10:43:40.0102 1036 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
10:43:40.0117 1036 FileInfo - ok
10:43:40.0133 1036 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\windows\system32\drivers\filetrace.sys
10:43:40.0164 1036 Filetrace - ok
10:43:40.0195 1036 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\windows\System32\drivers\flpydisk.sys
10:43:40.0258 1036 flpydisk - ok
10:43:40.0274 1036 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:43:40.0289 1036 FltMgr - ok
10:43:40.0320 1036 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\windows\system32\FntCache.dll
10:43:40.0352 1036 FontCache - ok
10:43:40.0477 1036 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:43:40.0477 1036 FontCache3.0.0.0 - ok
10:43:40.0492 1036 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\windows\system32\drivers\FsDepends.sys
10:43:40.0508 1036 FsDepends - ok
10:43:40.0524 1036 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:43:40.0539 1036 Fs_Rec - ok
10:43:40.0602 1036 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
10:43:40.0617 1036 fvevol - ok
10:43:40.0648 1036 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\windows\System32\drivers\fxppm.sys
10:43:40.0680 1036 FxPPM - ok
10:43:40.0695 1036 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
10:43:40.0695 1036 gagp30kx - ok
10:43:40.0758 1036 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
10:43:40.0773 1036 gencounter - ok
10:43:40.0789 1036 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
10:43:40.0805 1036 GPIOClx0101 - ok
10:43:40.0840 1036 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\windows\System32\gpsvc.dll
10:43:40.0888 1036 gpsvc - ok
10:43:40.0920 1036 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:43:40.0920 1036 HdAudAddService - ok
10:43:40.0951 1036 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
10:43:41.0029 1036 HDAudBus - ok
10:43:41.0060 1036 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\windows\System32\drivers\HidBatt.sys
10:43:41.0076 1036 HidBatt - ok
10:43:41.0076 1036 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\windows\System32\drivers\hidbth.sys
10:43:41.0107 1036 HidBth - ok
10:43:41.0123 1036 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
10:43:41.0185 1036 hidi2c - ok
10:43:41.0201 1036 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\windows\System32\drivers\hidir.sys
10:43:41.0232 1036 HidIr - ok
10:43:41.0263 1036 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\windows\system32\hidserv.dll
10:43:41.0295 1036 hidserv - ok
10:43:41.0342 1036 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\windows\System32\drivers\hidusb.sys
10:43:41.0420 1036 HidUsb - ok
10:43:41.0435 1036 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\windows\system32\kmsvc.dll
10:43:41.0467 1036 hkmsvc - ok
10:43:41.0529 1036 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:43:41.0560 1036 HomeGroupListener - ok
10:43:41.0592 1036 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:43:41.0607 1036 HomeGroupProvider - ok
10:43:41.0638 1036 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
10:43:41.0654 1036 HpSAMD - ok
10:43:41.0685 1036 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\windows\system32\drivers\HTTP.sys
10:43:41.0748 1036 HTTP - ok
10:43:41.0842 1036 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
10:43:41.0857 1036 hwpolicy - ok
10:43:41.0875 1036 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
10:43:41.0893 1036 hyperkbd - ok
10:43:41.0893 1036 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
10:43:41.0908 1036 HyperVideo - ok
10:43:41.0940 1036 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\windows\System32\drivers\i8042prt.sys
10:43:41.0955 1036 i8042prt - ok
10:43:41.0987 1036 [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA C:\windows\system32\drivers\iaStorA.sys
10:43:42.0002 1036 iaStorA - ok
10:43:42.0018 1036 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
10:43:42.0033 1036 iaStorV - ok
10:43:42.0268 1036 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130313.001\IDSvia64.sys
10:43:42.0283 1036 IDSVia64 - ok
10:43:42.0457 1036 [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
10:43:42.0567 1036 igfx - ok
10:43:42.0582 1036 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\windows\system32\drivers\iirsp.sys
10:43:42.0598 1036 iirsp - ok
10:43:42.0645 1036 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\windows\System32\ikeext.dll
10:43:42.0667 1036 IKEEXT - ok
10:43:42.0741 1036 [ 8524178B895E4BC04776B319DA3A70EC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
10:43:42.0803 1036 IntcAzAudAddService - ok
10:43:42.0834 1036 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
10:43:42.0850 1036 IntcDAud - ok
10:43:42.0931 1036 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:43:42.0947 1036 Intel(R) Capability Licensing Service Interface - ok
10:43:42.0994 1036 [ 30E9FAC23E2537D82F2836CB81AEE186 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
10:43:43.0009 1036 Intel(R) ME Service - ok
10:43:43.0025 1036 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\windows\system32\drivers\intelide.sys
10:43:43.0025 1036 intelide - ok
10:43:43.0056 1036 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\windows\System32\drivers\intelppm.sys
10:43:43.0087 1036 intelppm - ok
10:43:43.0134 1036 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:43:43.0165 1036 IpFilterDriver - ok
10:43:43.0212 1036 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\windows\System32\iphlpsvc.dll
10:43:43.0245 1036 iphlpsvc - ok
10:43:43.0307 1036 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
10:43:43.0323 1036 IPMIDRV - ok
10:43:43.0338 1036 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\windows\system32\drivers\ipnat.sys
10:43:43.0354 1036 IPNAT - ok
10:43:43.0370 1036 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\windows\system32\drivers\irenum.sys
10:43:43.0386 1036 IRENUM - ok
10:43:43.0386 1036 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\windows\system32\drivers\isapnp.sys
10:43:43.0401 1036 isapnp - ok
10:43:43.0437 1036 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
10:43:43.0437 1036 iScsiPrt - ok
10:43:43.0531 1036 [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:43:43.0531 1036 jhi_service - ok
10:43:43.0547 1036 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
10:43:43.0563 1036 kbdclass - ok
10:43:43.0578 1036 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\windows\System32\drivers\kbdhid.sys
10:43:43.0594 1036 kbdhid - ok
10:43:43.0609 1036 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
10:43:43.0625 1036 kdnic - ok
10:43:43.0688 1036 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\windows\system32\lsass.exe
10:43:43.0688 1036 KeyIso - ok
10:43:43.0719 1036 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
10:43:43.0734 1036 KSecDD - ok
10:43:43.0750 1036 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
10:43:43.0766 1036 KSecPkg - ok
10:43:43.0781 1036 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
10:43:43.0797 1036 ksthunk - ok
10:43:43.0891 1036 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\windows\system32\msdtckrm.dll
10:43:43.0906 1036 KtmRm - ok
10:43:43.0953 1036 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\windows\system32\srvsvc.dll
10:43:43.0969 1036 LanmanServer - ok
10:43:44.0016 1036 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:43:44.0031 1036 LanmanWorkstation - ok
10:43:44.0049 1036 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
10:43:44.0067 1036 lltdio - ok
10:43:44.0145 1036 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\windows\System32\lltdsvc.dll
10:43:44.0161 1036 lltdsvc - ok
10:43:44.0176 1036 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\windows\System32\lmhsvc.dll
10:43:44.0208 1036 lmhosts - ok
10:43:44.0228 1036 [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:43:44.0228 1036 LMS - ok
10:43:44.0259 1036 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
10:43:44.0275 1036 LSI_SAS - ok
10:43:44.0275 1036 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
10:43:44.0290 1036 LSI_SAS2 - ok
10:43:44.0290 1036 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
10:43:44.0306 1036 LSI_SCSI - ok
10:43:44.0306 1036 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
10:43:44.0321 1036 LSI_SSS - ok
10:43:44.0353 1036 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\windows\System32\lsm.dll
10:43:44.0384 1036 LSM - ok
10:43:44.0405 1036 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\windows\system32\drivers\luafv.sys
10:43:44.0435 1036 luafv - ok
10:43:44.0498 1036 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:43:44.0529 1036 MDM ( UnsignedFile.Multi.Generic ) - warning
10:43:44.0529 1036 MDM - detected UnsignedFile.Multi.Generic (1)
10:43:44.0591 1036 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\windows\system32\drivers\megasas.sys
10:43:44.0607 1036 megasas - ok
10:43:44.0607 1036 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
10:43:44.0623 1036 MegaSR - ok
10:43:44.0638 1036 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\windows\System32\drivers\HECIx64.sys
10:43:44.0654 1036 MEIx64 - ok
10:43:44.0685 1036 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\windows\system32\mmcss.dll
10:43:44.0701 1036 MMCSS - ok
10:43:44.0701 1036 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\windows\system32\drivers\modem.sys
10:43:44.0732 1036 Modem - ok
10:43:44.0748 1036 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\windows\system32\DRIVERS\monitor.sys
10:43:44.0810 1036 monitor - ok
10:43:44.0810 1036 [ 618446B98C79776654340CE27C73485E ] mouclass C:\windows\System32\drivers\mouclass.sys
10:43:44.0826 1036 mouclass - ok
10:43:44.0842 1036 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\windows\System32\drivers\mouhid.sys
10:43:44.0857 1036 mouhid - ok
10:43:44.0857 1036 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\windows\system32\drivers\mountmgr.sys
10:43:44.0873 1036 mountmgr - ok
10:43:44.0904 1036 [ 7E164DE3EE617E3A7EAD9ADB471D6AAD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:43:44.0904 1036 MozillaMaintenance - ok
10:43:44.0935 1036 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
10:43:44.0967 1036 mpsdrv - ok
10:43:45.0013 1036 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\windows\system32\mpssvc.dll
10:43:45.0045 1036 MpsSvc - ok
10:43:45.0060 1036 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
10:43:45.0076 1036 MRxDAV - ok
10:43:45.0123 1036 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:43:45.0201 1036 mrxsmb - ok
10:43:45.0217 1036 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
10:43:45.0232 1036 mrxsmb10 - ok
10:43:45.0248 1036 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
10:43:45.0263 1036 mrxsmb20 - ok
10:43:45.0295 1036 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
10:43:45.0310 1036 MsBridge - ok
10:43:45.0357 1036 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\windows\System32\msdtc.exe
10:43:45.0388 1036 MSDTC - ok
10:43:45.0404 1036 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\windows\system32\drivers\Msfs.sys
10:43:45.0420 1036 Msfs - ok
10:43:45.0459 1036 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
10:43:45.0459 1036 msgpiowin32 - ok
10:43:45.0473 1036 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
10:43:45.0489 1036 mshidkmdf - ok
10:43:45.0504 1036 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
10:43:45.0536 1036 mshidumdf - ok
10:43:45.0551 1036 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\windows\system32\drivers\msisadrv.sys
10:43:45.0551 1036 msisadrv - ok
10:43:45.0587 1036 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\windows\system32\iscsiexe.dll
10:43:45.0649 1036 MSiSCSI - ok
10:43:45.0649 1036 msiserver - ok
10:43:45.0681 1036 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:43:45.0712 1036 MSKSSRV - ok
10:43:45.0743 1036 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
10:43:45.0774 1036 MsLldp - ok
10:43:45.0774 1036 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:43:45.0790 1036 MSPCLOCK - ok
10:43:45.0806 1036 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:43:45.0821 1036 MSPQM - ok
10:43:45.0853 1036 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
10:43:45.0868 1036 MsRPC - ok
10:43:45.0915 1036 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\windows\System32\drivers\mssmbios.sys
10:43:45.0915 1036 mssmbios - ok
10:43:45.0931 1036 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
10:43:45.0931 1036 MSTEE - ok
10:43:45.0946 1036 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\windows\System32\drivers\MTConfig.sys
10:43:45.0962 1036 MTConfig - ok
10:43:45.0962 1036 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\windows\system32\Drivers\mup.sys
10:43:45.0978 1036 Mup - ok
10:43:45.0978 1036 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\windows\system32\drivers\mvumis.sys
10:43:45.0993 1036 mvumis - ok
10:43:46.0106 1036 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
10:43:46.0121 1036 N360 - ok
10:43:46.0153 1036 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\windows\system32\qagentRT.dll
10:43:46.0184 1036 napagent - ok
10:43:46.0246 1036 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
10:43:46.0262 1036 NativeWifiP - ok
10:43:46.0340 1036 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\ENG64.SYS
10:43:46.0356 1036 NAVENG - ok
10:43:46.0450 1036 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\EX64.SYS
10:43:46.0481 1036 NAVEX15 - ok
10:43:46.0512 1036 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\windows\System32\ncasvc.dll
10:43:46.0528 1036 NcaSvc - ok
10:43:46.0543 1036 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
10:43:46.0575 1036 NcdAutoSetup - ok
10:43:46.0610 1036 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\windows\system32\drivers\ndis.sys
10:43:46.0625 1036 NDIS - ok
10:43:46.0657 1036 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
10:43:46.0672 1036 NdisCap - ok
10:43:46.0735 1036 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
10:43:46.0751 1036 NdisImPlatform - ok
10:43:46.0782 1036 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:43:46.0829 1036 NdisTapi - ok
10:43:46.0844 1036 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:43:46.0860 1036 Ndisuio - ok
10:43:46.0922 1036 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:43:46.0954 1036 NdisWan - ok
10:43:46.0954 1036 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
10:43:46.0969 1036 NDISWANLEGACY - ok
10:43:46.0989 1036 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:43:47.0003 1036 NDProxy - ok
10:43:47.0003 1036 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\windows\system32\drivers\Ndu.sys
10:43:47.0035 1036 Ndu - ok
10:43:47.0097 1036 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:43:47.0128 1036 NetBIOS - ok
10:43:47.0144 1036 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:43:47.0175 1036 NetBT - ok
10:43:47.0191 1036 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\windows\system32\lsass.exe
10:43:47.0191 1036 Netlogon - ok
10:43:47.0238 1036 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\windows\System32\netman.dll
10:43:47.0316 1036 Netman - ok
10:43:47.0352 1036 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\windows\System32\netprofmsvc.dll
10:43:47.0383 1036 netprofm - ok
10:43:47.0508 1036 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:43:47.0508 1036 NetTcpPortSharing - ok
10:43:47.0555 1036 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
10:43:47.0555 1036 nfrd960 - ok
10:43:47.0586 1036 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\windows\System32\nlasvc.dll
10:43:47.0617 1036 NlaSvc - ok
10:43:47.0742 1036 [ EC6B98656770A0441C14BB86FEFC90AE ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:43:47.0805 1036 NOBU - ok
10:43:47.0828 1036 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\windows\system32\drivers\Npfs.sys
10:43:47.0840 1036 Npfs - ok
10:43:47.0840 1036 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
10:43:47.0872 1036 npsvctrig - ok
10:43:47.0887 1036 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\windows\system32\nsisvc.dll
10:43:47.0965 1036 nsi - ok
10:43:47.0965 1036 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
10:43:47.0981 1036 nsiproxy - ok
10:43:48.0048 1036 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:43:48.0095 1036 Ntfs - ok
10:43:48.0110 1036 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\windows\system32\drivers\Null.sys
10:43:48.0126 1036 Null - ok
10:43:48.0379 1036 [ 859DE855E2033DA779A8DF6A5D3F70EF ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
10:43:48.0535 1036 nvlddmkm - ok
10:43:48.0551 1036 [ F284328A608A5BAF53BDBEF39DFDF4F4 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
10:43:48.0567 1036 nvpciflt - ok
10:43:48.0598 1036 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\windows\system32\drivers\nvraid.sys
10:43:48.0598 1036 nvraid - ok
10:43:48.0614 1036 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\windows\system32\drivers\nvstor.sys
10:43:48.0614 1036 nvstor - ok
10:43:48.0707 1036 [ 51D0D2020A7A05D288DDDD4D7743BD69 ] nvsvc C:\windows\system32\nvvsvc.exe
10:43:48.0723 1036 nvsvc - ok
10:43:48.0785 1036 [ 6821F2DF8E4BDCE734C036F90D60C771 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:43:48.0801 1036 nvUpdatusService - ok
10:43:48.0817 1036 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
10:43:48.0832 1036 nv_agp - ok
10:43:48.0910 1036 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:43:48.0926 1036 odserv - ok
10:43:48.0973 1036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:48.0973 1036 ose - ok
10:43:49.0024 1036 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\windows\system32\pnrpsvc.dll
10:43:49.0024 1036 p2pimsvc - ok
10:43:49.0040 1036 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\windows\system32\p2psvc.dll
10:43:49.0071 1036 p2psvc - ok
10:43:49.0102 1036 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\windows\System32\drivers\parport.sys
10:43:49.0118 1036 Parport - ok
10:43:49.0180 1036 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\windows\system32\drivers\partmgr.sys
10:43:49.0196 1036 partmgr - ok
10:43:49.0212 1036 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\windows\System32\pcasvc.dll
10:43:49.0227 1036 PcaSvc - ok
10:43:49.0243 1036 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\windows\system32\drivers\pci.sys
10:43:49.0259 1036 pci - ok
10:43:49.0259 1036 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\windows\system32\drivers\pciide.sys
10:43:49.0274 1036 pciide - ok
10:43:49.0274 1036 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
10:43:49.0290 1036 pcmcia - ok
10:43:49.0305 1036 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\windows\system32\drivers\pcw.sys
10:43:49.0321 1036 pcw - ok
10:43:49.0352 1036 [ AECC24430301DBC6A76916E3029B6B83 ] pdc C:\windows\system32\drivers\pdc.sys
10:43:49.0352 1036 pdc - ok
10:43:49.0384 1036 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\windows\system32\drivers\peauth.sys
10:43:49.0399 1036 PEAUTH - ok
10:43:49.0462 1036 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\windows\SysWow64\perfhost.exe
10:43:49.0493 1036 PerfHost - ok
10:43:49.0587 1036 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\windows\system32\pla.dll
10:43:49.0634 1036 pla - ok
10:43:49.0665 1036 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\windows\system32\umpnpmgr.dll
10:43:49.0680 1036 PlugPlay - ok
10:43:49.0727 1036 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
10:43:49.0759 1036 PNRPAutoReg - ok
10:43:49.0774 1036 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\windows\system32\pnrpsvc.dll
10:43:49.0790 1036 PNRPsvc - ok
10:43:49.0821 1036 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
10:43:49.0852 1036 PolicyAgent - ok
10:43:49.0884 1036 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\windows\system32\umpo.dll
10:43:49.0899 1036 Power - ok
10:43:49.0915 1036 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:43:49.0946 1036 PptpMiniport - ok
10:43:50.0040 1036 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
10:43:50.0071 1036 PrintNotify - ok
10:43:50.0102 1036 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\windows\System32\drivers\processr.sys
10:43:50.0134 1036 Processor - ok
10:43:50.0196 1036 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\windows\system32\profsvc.dll
10:43:50.0227 1036 ProfSvc - ok
10:43:50.0243 1036 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\windows\system32\DRIVERS\pacer.sys
10:43:50.0274 1036 Psched - ok
10:43:50.0306 1036 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\windows\system32\qwave.dll
10:43:50.0306 1036 QWAVE - ok
10:43:50.0337 1036 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
10:43:50.0368 1036 QWAVEdrv - ok
10:43:50.0384 1036 [ 194ED3C117525613E701FF257882303E ] RadioHIDMini C:\windows\System32\drivers\RadioHIDMini.sys
10:43:50.0384 1036 RadioHIDMini - ok
10:43:50.0446 1036 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:43:50.0477 1036 RasAcd - ok
10:43:50.0509 1036 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
10:43:50.0509 1036 RasAgileVpn - ok
10:43:50.0540 1036 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\windows\System32\rasauto.dll
10:43:50.0571 1036 RasAuto - ok
10:43:50.0634 1036 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:43:50.0665 1036 Rasl2tp - ok
10:43:50.0696 1036 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\windows\System32\rasmans.dll
10:43:50.0712 1036 RasMan - ok
10:43:50.0743 1036 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:43:50.0743 1036 RasPppoe - ok
10:43:50.0759 1036 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
10:43:50.0759 1036 RasSstp - ok
10:43:50.0806 1036 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:43:50.0837 1036 rdbss - ok
10:43:50.0837 1036 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
10:43:50.0852 1036 rdpbus - ok
10:43:50.0868 1036 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
10:43:50.0899 1036 RDPDR - ok
10:43:50.0931 1036 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:43:50.0947 1036 RdpVideoMiniport - ok
10:43:51.0009 1036 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:43:51.0041 1036 RDPWD - ok
10:43:51.0056 1036 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
10:43:51.0072 1036 rdyboost - ok
10:43:51.0087 1036 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\windows\System32\mprdim.dll
10:43:51.0119 1036 RemoteAccess - ok
10:43:51.0150 1036 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\windows\system32\regsvc.dll
10:43:51.0197 1036 RemoteRegistry - ok
10:43:51.0212 1036 [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
10:43:51.0291 1036 RFCOMM - ok
10:43:51.0322 1036 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
10:43:51.0400 1036 RpcEptMapper - ok
10:43:51.0427 1036 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\windows\system32\locator.exe
10:43:51.0451 1036 RpcLocator - ok
10:43:51.0467 1036 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\windows\system32\rpcss.dll
10:43:51.0483 1036 RpcSs - ok
10:43:51.0514 1036 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
10:43:51.0545 1036 rspndr - ok
10:43:51.0608 1036 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys
10:43:51.0623 1036 RTL8168 - ok
10:43:51.0654 1036 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\windows\System32\drivers\vms3cap.sys
10:43:51.0670 1036 s3cap - ok
10:43:51.0686 1036 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\windows\system32\lsass.exe
10:43:51.0701 1036 SamSs - ok
10:43:51.0717 1036 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
10:43:51.0733 1036 sbp2port - ok
10:43:51.0748 1036 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\windows\System32\SCardSvr.dll
10:43:51.0779 1036 SCardSvr - ok
10:43:51.0795 1036 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
10:43:51.0873 1036 scfilter - ok
10:43:51.0906 1036 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\windows\system32\schedsvc.dll
10:43:51.0938 1036 Schedule - ok
10:43:51.0969 1036 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\windows\System32\certprop.dll
10:43:51.0984 1036 SCPolicySvc - ok
10:43:52.0063 1036 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\windows\System32\drivers\sdbus.sys
10:43:52.0063 1036 sdbus - ok
10:43:52.0094 1036 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\windows\System32\SDRSVC.dll
10:43:52.0125 1036 SDRSVC - ok
10:43:52.0156 1036 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\windows\System32\drivers\sdstor.sys
10:43:52.0156 1036 sdstor - ok
10:43:52.0234 1036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
10:43:52.0250 1036 secdrv - ok
10:43:52.0266 1036 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\windows\system32\seclogon.dll
10:43:52.0281 1036 seclogon - ok
10:43:52.0297 1036 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\windows\System32\sens.dll
10:43:52.0328 1036 SENS - ok
10:43:52.0344 1036 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\windows\system32\sensrsvc.dll
10:43:52.0359 1036 SensrSvc - ok
10:43:52.0375 1036 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\windows\system32\drivers\SerCx.sys
10:43:52.0391 1036 SerCx - ok
10:43:52.0391 1036 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\windows\System32\drivers\serenum.sys
10:43:52.0406 1036 Serenum - ok
10:43:52.0406 1036 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\windows\System32\drivers\serial.sys
10:43:52.0438 1036 Serial - ok
10:43:52.0438 1036 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\windows\System32\drivers\sermouse.sys
10:43:52.0438 1036 sermouse - ok
10:43:52.0500 1036 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\windows\system32\sessenv.dll
10:43:52.0516 1036 SessionEnv - ok
10:43:52.0531 1036 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\windows\System32\drivers\sfloppy.sys
10:43:52.0547 1036 sfloppy - ok
10:43:52.0594 1036 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\windows\System32\ipnathlp.dll
10:43:52.0625 1036 SharedAccess - ok
10:43:52.0656 1036 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:43:52.0688 1036 ShellHWDetection - ok
10:43:52.0703 1036 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
10:43:52.0719 1036 SiSRaid2 - ok
10:43:52.0719 1036 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
10:43:52.0734 1036 SiSRaid4 - ok
10:43:52.0750 1036 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\windows\System32\snmptrap.exe
10:43:52.0766 1036 SNMPTRAP - ok
10:43:52.0781 1036 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\windows\system32\drivers\spaceport.sys
10:43:52.0797 1036 spaceport - ok
10:43:52.0813 1036 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\windows\system32\drivers\SpbCx.sys
10:43:52.0828 1036 SpbCx - ok
10:43:52.0859 1036 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\windows\System32\spoolsv.exe
10:43:52.0891 1036 Spooler - ok
10:43:52.0984 1036 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\windows\system32\sppsvc.exe
10:43:53.0031 1036 sppsvc - ok
10:43:53.0125 1036 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\windows\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
10:43:53.0125 1036 SRTSP - ok
10:43:53.0141 1036 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
10:43:53.0156 1036 SRTSPX - ok
10:43:53.0172 1036 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\windows\system32\DRIVERS\srv.sys
10:43:53.0188 1036 srv - ok
10:43:53.0234 1036 [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
10:43:53.0250 1036 srv2 - ok
10:43:53.0281 1036 [ FD8B4F201B681C555A4AF41922C52557 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
10:43:53.0297 1036 srvnet - ok
10:43:53.0328 1036 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:43:53.0344 1036 SSDPSRV - ok
10:43:53.0360 1036 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\windows\system32\sstpsvc.dll
10:43:53.0391 1036 SstpSvc - ok
10:43:53.0426 1036 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\windows\system32\drivers\stexstor.sys
10:43:53.0426 1036 stexstor - ok
10:43:53.0458 1036 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\windows\System32\wiaservc.dll
10:43:53.0473 1036 stisvc - ok
10:43:53.0473 1036 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\windows\system32\drivers\storahci.sys
10:43:53.0473 1036 storahci - ok
10:43:53.0505 1036 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
10:43:53.0505 1036 storflt - ok
10:43:53.0520 1036 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\windows\system32\storsvc.dll
10:43:53.0551 1036 StorSvc - ok
10:43:53.0567 1036 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\windows\system32\drivers\storvsc.sys
10:43:53.0583 1036 storvsc - ok
10:43:53.0583 1036 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\windows\system32\svsvc.dll
10:43:53.0630 1036 svsvc - ok
10:43:53.0630 1036 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\windows\System32\drivers\swenum.sys
10:43:53.0645 1036 swenum - ok
10:43:53.0661 1036 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\windows\System32\swprv.dll
10:43:53.0708 1036 swprv - ok
10:43:53.0755 1036 SWUpdateService - ok
10:43:53.0801 1036 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
10:43:53.0801 1036 SymDS - ok
10:43:53.0833 1036 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
10:43:53.0848 1036 SymEFA - ok
10:43:53.0880 1036 [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM C:\windows\system32\drivers\N360x64\1403000.024\SymELAM.sys
10:43:53.0895 1036 SymELAM - ok
10:43:53.0927 1036 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
10:43:53.0927 1036 SymEvent - ok
10:43:53.0958 1036 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
10:43:53.0973 1036 SymIRON - ok
10:43:54.0005 1036 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
10:43:54.0020 1036 SymNetS - ok
10:43:54.0083 1036 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\windows\system32\sysmain.dll
10:43:54.0114 1036 SysMain - ok
10:43:54.0130 1036 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
10:43:54.0161 1036 SystemEventsBroker - ok
10:43:54.0177 1036 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\windows\System32\TabSvc.dll
10:43:54.0208 1036 TabletInputService - ok
10:43:54.0223 1036 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\windows\System32\tapisrv.dll
10:43:54.0239 1036 TapiSrv - ok
10:43:54.0353 1036 [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip C:\windows\system32\drivers\tcpip.sys
10:43:54.0400 1036 Tcpip - ok
10:43:54.0415 1036 [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
10:43:54.0462 1036 TCPIP6 - ok
10:43:54.0493 1036 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
10:43:54.0509 1036 tcpipreg - ok
10:43:54.0509 1036 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\windows\system32\DRIVERS\tdx.sys
10:43:54.0540 1036 tdx - ok
10:43:54.0572 1036 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\windows\System32\drivers\terminpt.sys
10:43:54.0572 1036 terminpt - ok
10:43:54.0603 1036 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\windows\System32\termsrv.dll
10:43:54.0634 1036 TermService - ok
10:43:54.0650 1036 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\windows\system32\themeservice.dll
10:43:54.0665 1036 Themes - ok
10:43:54.0697 1036 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\windows\system32\mmcss.dll
10:43:54.0697 1036 THREADORDER - ok
10:43:54.0728 1036 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
10:43:54.0759 1036 TimeBroker - ok
10:43:54.0806 1036 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\windows\system32\drivers\tpm.sys
10:43:54.0822 1036 TPM - ok
10:43:54.0837 1036 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\windows\System32\trkwks.dll
10:43:54.0853 1036 TrkWks - ok
10:43:54.0900 1036 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:43:54.0915 1036 TrustedInstaller - ok
10:43:54.0947 1036 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
10:43:54.0962 1036 TsUsbFlt - ok
10:43:55.0025 1036 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
10:43:55.0072 1036 TsUsbGD - ok
10:43:55.0103 1036 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
10:43:55.0134 1036 tunnel - ok
10:43:55.0150 1036 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\windows\system32\drivers\uagp35.sys
10:43:55.0150 1036 uagp35 - ok
10:43:55.0150 1036 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\windows\System32\drivers\uaspstor.sys
10:43:55.0165 1036 UASPStor - ok
10:43:55.0181 1036 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
10:43:55.0197 1036 UCX01000 - ok
10:43:55.0212 1036 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\windows\system32\DRIVERS\udfs.sys
10:43:55.0228 1036 udfs - ok
10:43:55.0259 1036 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\windows\system32\UI0Detect.exe
10:43:55.0275 1036 UI0Detect - ok
10:43:55.0275 1036 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
10:43:55.0275 1036 uliagpkx - ok
10:43:55.0306 1036 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\windows\System32\drivers\umbus.sys
10:43:55.0322 1036 umbus - ok
10:43:55.0322 1036 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\windows\System32\drivers\umpass.sys
10:43:55.0337 1036 UmPass - ok
10:43:55.0400 1036 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\windows\System32\umrdp.dll
10:43:55.0431 1036 UmRdpService - ok
10:43:55.0525 1036 [ DBE2E6388379D5CC78099650541E9566 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:43:55.0525 1036 UNS - ok
10:43:55.0556 1036 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\windows\System32\upnphost.dll
10:43:55.0587 1036 upnphost - ok
10:43:55.0619 1036 [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
10:43:55.0634 1036 usbaudio - ok
10:43:55.0665 1036 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\windows\System32\drivers\usbccgp.sys
10:43:55.0681 1036 usbccgp - ok
10:43:55.0697 1036 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\windows\System32\drivers\usbcir.sys
10:43:55.0712 1036 usbcir - ok
10:43:55.0744 1036 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\windows\System32\drivers\usbehci.sys
10:43:55.0744 1036 usbehci - ok
10:43:55.0790 1036 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\windows\System32\drivers\usbhub.sys
10:43:55.0806 1036 usbhub - ok
10:43:55.0837 1036 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
10:43:55.0853 1036 USBHUB3 - ok
10:43:55.0869 1036 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\windows\System32\drivers\usbohci.sys
10:43:55.0900 1036 usbohci - ok
10:43:55.0931 1036 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\windows\System32\drivers\usbprint.sys
10:43:55.0931 1036 usbprint - ok
10:43:55.0947 1036 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
10:43:55.0947 1036 USBSTOR - ok
10:43:55.0962 1036 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\windows\System32\drivers\usbuhci.sys
10:43:55.0994 1036 usbuhci - ok
10:43:56.0009 1036 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
10:43:56.0025 1036 usbvideo - ok
10:43:56.0040 1036 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
10:43:56.0056 1036 USBXHCI - ok
10:43:56.0072 1036 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\windows\system32\lsass.exe
10:43:56.0087 1036 VaultSvc - ok
10:43:56.0103 1036 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
10:43:56.0119 1036 vdrvroot - ok
10:43:56.0159 1036 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\windows\System32\vds.exe
10:43:56.0184 1036 vds - ok
10:43:56.0200 1036 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
10:43:56.0215 1036 VerifierExt - ok
10:43:56.0231 1036 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\windows\System32\drivers\vhdmp.sys
10:43:56.0247 1036 vhdmp - ok
10:43:56.0247 1036 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\windows\system32\drivers\viaide.sys
10:43:56.0262 1036 viaide - ok
10:43:56.0262 1036 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\windows\system32\drivers\vmbus.sys
10:43:56.0278 1036 vmbus - ok
10:43:56.0278 1036 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
10:43:56.0294 1036 VMBusHID - ok
10:43:56.0325 1036 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\windows\System32\ICSvc.dll
10:43:56.0340 1036 vmicheartbeat - ok
10:43:56.0356 1036 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\windows\System32\ICSvc.dll
10:43:56.0356 1036 vmickvpexchange - ok
10:43:56.0372 1036 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\windows\System32\ICSvc.dll
10:43:56.0372 1036 vmicrdv - ok
10:43:56.0387 1036 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\windows\System32\ICSvc.dll
10:43:56.0403 1036 vmicshutdown - ok
10:43:56.0403 1036 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\windows\System32\ICSvc.dll
10:43:56.0419 1036 vmictimesync - ok
10:43:56.0419 1036 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\windows\System32\ICSvc.dll
10:43:56.0434 1036 vmicvss - ok
10:43:56.0450 1036 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\windows\system32\drivers\volmgr.sys
10:43:56.0450 1036 volmgr - ok
10:43:56.0465 1036 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
10:43:56.0481 1036 volmgrx - ok
10:43:56.0481 1036 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\windows\system32\drivers\volsnap.sys
10:43:56.0497 1036 volsnap - ok
10:43:56.0512 1036 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\windows\System32\drivers\vpci.sys
10:43:56.0512 1036 vpci - ok
10:43:56.0528 1036 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
10:43:56.0528 1036 vsmraid - ok
10:43:56.0590 1036 [ EA658570314042C914964FC72AB50E6B ] VSS C:\windows\system32\vssvc.exe
10:43:56.0637 1036 VSS - ok
10:43:56.0669 1036 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
10:43:56.0684 1036 VSTXRAID - ok
10:43:56.0684 1036 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
10:43:56.0700 1036 vwifibus - ok
10:43:56.0715 1036 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
10:43:56.0731 1036 vwififlt - ok
10:43:56.0747 1036 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
10:43:56.0762 1036 vwifimp - ok
10:43:56.0809 1036 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\windows\system32\w32time.dll
10:43:56.0840 1036 W32Time - ok
10:43:56.0840 1036 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\windows\System32\drivers\wacompen.sys
10:43:56.0872 1036 WacomPen - ok
10:43:56.0919 1036 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
10:43:56.0934 1036 Wanarp - ok
10:43:56.0950 1036 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
10:43:56.0950 1036 Wanarpv6 - ok
10:43:57.0012 1036 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\windows\system32\wbengine.exe
10:43:57.0044 1036 wbengine - ok
10:43:57.0075 1036 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
10:43:57.0090 1036 WbioSrvc - ok
10:43:57.0106 1036 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\windows\System32\wcmsvc.dll
10:43:57.0137 1036 Wcmsvc - ok
10:43:57.0153 1036 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\windows\System32\wcncsvc.dll
10:43:57.0184 1036 wcncsvc - ok
10:43:57.0200 1036 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:43:57.0215 1036 WcsPlugInService - ok
10:43:57.0247 1036 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\windows\system32\drivers\wd.sys
10:43:57.0247 1036 Wd - ok
10:43:57.0294 1036 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
10:43:57.0294 1036 WdBoot - ok
10:43:57.0329 1036 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
10:43:57.0345 1036 Wdf01000 - ok
10:43:57.0361 1036 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\windows\system32\drivers\WdFilter.sys
10:43:57.0376 1036 WdFilter - ok
10:43:57.0392 1036 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\windows\system32\wdi.dll
10:43:57.0423 1036 WdiServiceHost - ok
10:43:57.0423 1036 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\windows\system32\wdi.dll
10:43:57.0439 1036 WdiSystemHost - ok
10:43:57.0470 1036 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\windows\System32\webclnt.dll
10:43:57.0485 1036 WebClient - ok
10:43:57.0501 1036 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\windows\system32\wecsvc.dll
10:43:57.0517 1036 Wecsvc - ok
10:43:57.0532 1036 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\windows\System32\wercplsupport.dll
10:43:57.0564 1036 wercplsupport - ok
10:43:57.0595 1036 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\windows\System32\WerSvc.dll
10:43:57.0642 1036 WerSvc - ok
10:43:57.0658 1036 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
10:43:57.0673 1036 WFPLWFS - ok
10:43:57.0689 1036 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\windows\System32\wiarpc.dll
10:43:57.0720 1036 WiaRpc - ok
10:43:57.0736 1036 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\windows\system32\drivers\wimmount.sys
10:43:57.0736 1036 WIMMount - ok
10:43:57.0767 1036 WinDefend - ok
10:43:57.0814 1036 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
10:43:57.0861 1036 WinHttpAutoProxySvc - ok
10:43:57.0908 1036 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:43:57.0939 1036 Winmgmt - ok
10:43:58.0001 1036 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\windows\system32\WsmSvc.dll
10:43:58.0048 1036 WinRM - ok
10:43:58.0095 1036 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\windows\System32\wlansvc.dll
10:43:58.0111 1036 WlanSvc - ok
10:43:58.0158 1036 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\windows\system32\wlidsvc.dll
10:43:58.0205 1036 wlidsvc - ok
10:43:58.0226 1036 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
10:43:58.0240 1036 WmiAcpi - ok
10:43:58.0272 1036 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
10:43:58.0287 1036 wmiApSrv - ok
10:43:58.0318 1036 WMPNetworkSvc - ok
10:43:58.0334 1036 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
10:43:58.0350 1036 wpcfltr - ok
10:43:58.0381 1036 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\windows\System32\wpcsvc.dll
10:43:58.0397 1036 WPCSvc - ok
10:43:58.0428 1036 [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
10:43:58.0475 1036 WPDBusEnum - ok
10:43:58.0506 1036 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
10:43:58.0522 1036 WpdUpFltr - ok
10:43:58.0553 1036 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
10:43:58.0569 1036 ws2ifsl - ok
10:43:58.0584 1036 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\windows\System32\wscsvc.dll
10:43:58.0610 1036 wscsvc - ok
10:43:58.0610 1036 WSearch - ok
10:43:58.0682 1036 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\windows\System32\WSService.dll
10:43:58.0729 1036 WSService - ok
10:43:58.0792 1036 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\windows\system32\wuaueng.dll
10:43:58.0823 1036 wuauserv - ok
10:43:58.0854 1036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
10:43:58.0886 1036 WudfPf - ok
10:43:58.0901 1036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
10:43:58.0932 1036 WUDFRd - ok
10:43:58.0964 1036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
10:43:58.0979 1036 wudfsvc - ok
10:43:59.0011 1036 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\windows\System32\wwansvc.dll
10:43:59.0026 1036 WwanSvc - ok
10:43:59.0089 1036 [ 03CD249A16CF815FFFD347DC61EF9E6D ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
10:43:59.0104 1036 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
10:43:59.0104 1036 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
10:43:59.0104 1036 ================ Scan global ===============================
10:43:59.0151 1036 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\windows\system32\basesrv.dll
10:43:59.0182 1036 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\windows\system32\winsrv.dll
10:43:59.0214 1036 [ BD7C6949984D19AAA609896B675E7357 ] C:\windows\system32\sxssrv.dll
10:43:59.0245 1036 [ 8F226143046435C75C033B0C52E90FFE ] C:\windows\system32\services.exe
10:43:59.0245 1036 [Global] - ok
10:43:59.0245 1036 ================ Scan MBR ==================================
10:43:59.0245 1036 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:43:59.0339 1036 \Device\Harddisk0\DR0 - ok
10:43:59.0339 1036 ================ Scan VBR ==================================
10:43:59.0370 1036 [ 1FC715F2428BA6E96A6F124B92E56B6A ] \Device\Harddisk0\DR0\Partition1
10:43:59.0370 1036 \Device\Harddisk0\DR0\Partition1 - ok
10:43:59.0386 1036 [ 78A21C0515704A19C549D053105EDE5E ] \Device\Harddisk0\DR0\Partition2
10:43:59.0386 1036 \Device\Harddisk0\DR0\Partition2 - ok
10:43:59.0401 1036 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
10:43:59.0401 1036 \Device\Harddisk0\DR0\Partition3 - ok
10:43:59.0401 1036 [ BB8589C567F65DF46E5BFA6D7423EA1E ] \Device\Harddisk0\DR0\Partition4
10:43:59.0401 1036 \Device\Harddisk0\DR0\Partition4 - ok
10:43:59.0436 1036 [ E532332B129E69B1D410A7B867757292 ] \Device\Harddisk0\DR0\Partition5
10:43:59.0436 1036 \Device\Harddisk0\DR0\Partition5 - ok
10:43:59.0451 1036 [ 6FD382DA2E0481C968CBD903953448B1 ] \Device\Harddisk0\DR0\Partition6
10:43:59.0451 1036 \Device\Harddisk0\DR0\Partition6 - ok
10:43:59.0451 1036 ============================================================
10:43:59.0451 1036 Scan finished
10:43:59.0451 1036 ============================================================
10:43:59.0467 5148 Detected object count: 3
10:43:59.0467 5148 Actual detected object count: 3
10:44:27.0907 5148 ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:27.0907 5148 ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:44:27.0907 5148 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:27.0907 5148 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:44:27.0907 5148 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:27.0907 5148 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:45:40.0805 0864 Deinitialize success
|
|
16.03.2013, 19:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2013, 21:33
| #5 |
| | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Super, also nochmal danke für die schnellen Antworten... Hier die Logs: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 8 x64
Ran by User on 16.03.2013 at 20:54:14,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\minidumps [12 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.03.2013 at 21:00:31,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 16/03/2013 um 21:02:56 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : User - SAMSUNG
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
*************************
AdwCleaner[S1].txt - [303 octets] - [16/03/2013 21:02:20]
AdwCleaner[S2].txt - [689 octets] - [16/03/2013 21:02:56]
########## EOF - C:\AdwCleaner[S2].txt - [748 octets] ##########
OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.03.2013 21:08:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 80,62% Memory free 8,89 Gb Paging File | 7,47 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 440,49 Gb Total Space | 391,59 Gb Free Space | 88,90% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe () PRC - C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll () MOD - C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (SWUpdateService) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (Easy Launcher) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Samsung Electronics CO., LTD.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys (Symantec Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (RadioHIDMini) -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130313.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1008\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95 FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1 FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013.01.28 19:43:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013.03.14 17:39:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 17:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.14 19:12:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 17:48:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.02 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.02.14 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions [2013.02.07 21:15:33 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions\sammelfreund@webmiles.de [2013.02.14 19:40:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\testpilot@labs.mozilla.com.xpi [2013.02.12 19:48:20 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\tineye@ideeinc.com.xpi [2013.02.07 21:15:33 | 000,128,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\toolbar-ff@payback.de.xpi [2013.03.15 17:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.15 17:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.03.15 17:48:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.12 22:09:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.12 22:09:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.12 22:09:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.12 22:09:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.12 22:09:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.12 22:09:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAEB5F0-1A65-4275-B88E-A13B42C731CE}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.16 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.03.16 21:05:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.03.16 20:54:09 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.03.16 20:54:02 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.16 20:53:35 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe [2013.03.16 10:42:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\tdsskiller.exe [2013.03.16 10:34:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\aswMBR.exe [2013.03.16 10:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.16 10:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\mbar-1.01.0.1021 [2013.03.15 17:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.14 22:28:26 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.03.14 22:28:26 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.14 18:27:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.14 17:50:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.03.14 17:49:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.03.14 17:49:53 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll [2013.03.14 17:49:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.03.14 17:49:51 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.03.14 17:49:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.03.14 17:49:50 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.03.14 17:49:50 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.03.14 17:49:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll [2013.03.14 17:49:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.03.14 17:49:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.03.14 17:49:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll [2013.03.14 17:48:03 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll [2013.03.14 17:48:02 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll [2013.03.14 17:48:00 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.03.14 17:48:00 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.03.14 17:48:00 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys [2013.03.14 17:47:59 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll [2013.03.14 17:45:14 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll [2013.03.14 17:45:10 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll [2013.03.14 17:45:09 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2013.03.14 17:45:02 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013.03.14 17:45:00 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll [2013.03.14 17:44:59 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll [2013.03.14 17:44:55 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll [2013.03.14 17:44:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.03.14 17:44:54 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll [2013.03.14 17:44:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.14 17:44:53 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll [2013.03.14 17:44:52 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll [2013.03.14 17:44:52 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2013.03.14 17:44:52 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.14 17:44:51 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS [2013.03.14 17:44:49 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.03.14 17:44:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.14 17:44:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe [2013.03.14 17:44:48 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll [2013.03.14 17:44:48 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll [2013.03.14 17:44:48 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2013.03.14 17:44:47 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe [2013.03.14 17:44:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll [2013.03.14 17:44:45 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll [2013.03.14 17:44:45 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2013.03.14 17:44:44 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll [2013.03.14 17:44:42 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe [2013.03.14 17:44:41 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys [2013.03.14 17:44:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll [2013.03.14 17:44:39 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2013.03.14 17:44:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe [2013.03.14 17:44:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll [2013.03.14 17:44:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll [2013.03.14 17:43:53 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll [2013.03.14 17:43:52 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll [2013.03.14 17:43:50 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll [2013.03.14 17:43:50 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll [2013.03.13 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 20:54:12 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys [2013.03.13 20:54:10 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys [2013.03.13 20:53:10 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013.03.12 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com [2013.03.12 19:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Spyware Scanner [2013.03.12 19:59:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX [2013.03.12 19:59:11 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vbar332.dll [2013.03.12 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner [2013.03.08 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.08 16:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2013.03.07 20:12:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.03.07 20:12:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.03.07 20:12:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.03.07 20:12:49 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.01 16:29:03 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll [2013.03.01 16:29:03 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll [2013.03.01 16:29:03 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll [2013.03.01 14:32:34 | 000,000,000 | ---D | C] -- C:\83653373651835b891237365 [2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV [2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV [2013.02.28 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.02.28 18:14:56 | 006,206,312 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll [2013.02.28 18:14:56 | 003,298,664 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll [2013.02.28 18:14:56 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll [2013.02.28 18:14:56 | 000,870,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nv3dappshext.dll [2013.02.28 18:14:56 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll [2013.02.28 18:14:56 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll [2013.02.28 18:14:56 | 000,055,144 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nv3dappshextr.dll [2013.02.28 18:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.02.28 18:12:45 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco64.dll [2013.02.28 18:12:45 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll [2013.02.28 18:12:43 | 014,997,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll [2013.02.28 18:12:42 | 012,563,048 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll [2013.02.28 18:12:41 | 019,911,528 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll [2013.02.28 18:12:40 | 000,975,472 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvumdshimx.dll [2013.02.28 18:12:40 | 000,832,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll [2013.02.28 18:12:37 | 026,335,592 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll [2013.02.28 18:12:36 | 007,454,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll [2013.02.28 18:12:36 | 006,158,968 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll [2013.02.28 18:12:36 | 000,244,184 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll [2013.02.28 18:12:36 | 000,199,888 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll [2013.02.28 18:12:36 | 000,030,056 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys [2013.02.28 18:12:34 | 018,366,592 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll [2013.02.28 18:12:32 | 015,405,336 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll [2013.02.28 18:12:32 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll [2013.02.28 18:12:32 | 002,441,632 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll [2013.02.28 18:12:32 | 002,218,856 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll [2013.02.28 18:12:31 | 009,181,024 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll [2013.02.28 18:12:30 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll [2013.02.28 18:12:30 | 002,747,584 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll [2013.02.28 18:12:29 | 007,750,824 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll [2013.02.28 18:12:29 | 002,575,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll [2013.02.28 18:12:28 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll [2013.02.28 18:12:28 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll [2013.02.27 21:11:21 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [2013.02.24 19:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.02.15 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Studium [2013.02.15 20:06:02 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mmc.exe [2013.02.15 20:06:02 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidsvc.dll [2013.02.15 20:06:00 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe [2013.02.15 20:05:58 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll [2013.02.15 20:05:54 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupapi.dll [2013.02.15 20:05:51 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll [2013.02.15 20:05:51 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll [2013.02.15 20:05:51 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpiowin32.sys [2013.02.15 20:05:50 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll [2013.02.15 20:05:50 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MP4SDECD.DLL [2013.02.15 20:05:50 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll [2013.02.15 20:05:50 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL [2013.02.15 20:05:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll [2013.02.15 20:05:50 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.02.15 20:05:50 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll [2013.02.15 20:05:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll [2013.02.15 20:05:50 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe [2013.02.15 20:05:50 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys [2013.02.15 20:05:50 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncbservice.dll [2013.02.15 20:05:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll [2013.02.15 20:05:50 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys [2013.02.15 20:05:50 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxm.dll [2013.02.15 20:05:50 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wiaacmgr.exe [2013.02.15 20:05:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe [2013.02.15 20:05:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhsvc.dll [2013.02.15 20:05:50 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhapi.dll [2013.02.15 20:05:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxp.dll [2013.02.15 20:05:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\keepaliveprovider.dll [2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe ========== Files - Modified Within 30 Days ========== [2013.03.16 21:11:27 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.03.16 21:11:27 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.03.16 21:11:27 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.03.16 21:11:27 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.03.16 21:11:27 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.03.16 21:05:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.16 21:03:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.03.16 21:03:48 | 2324,926,463 | -HS- | M] () -- C:\hiberfil.sys [2013.03.16 21:03:04 | 000,000,101 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013.03.16 21:01:53 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.03.16 21:00:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.16 20:53:42 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe [2013.03.16 20:42:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job [2013.03.16 10:42:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\tdsskiller.exe [2013.03.16 10:40:33 | 000,000,512 | ---- | M] () -- C:\Users\User\MBR.dat [2013.03.16 10:35:39 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\aswMBR.exe [2013.03.16 10:23:49 | 013,786,977 | ---- | M] () -- C:\Users\User\mbar-1.01.0.1021.zip [2013.03.16 10:14:41 | 000,427,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.14 22:26:57 | 002,221,863 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013.03.14 18:49:57 | 000,022,258 | ---- | M] () -- C:\Users\User\gmer fehlermeldung.jpg [2013.03.14 18:38:19 | 000,377,856 | ---- | M] () -- C:\Users\User\gmer_2.1.19155.exe [2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.14 18:25:51 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.03.14 18:24:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Defogger.exe [2013.03.13 20:36:28 | 000,002,928 | ---- | M] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9} [2013.03.13 19:29:20 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE [2013.03.12 19:58:49 | 006,423,656 | ---- | M] () -- C:\Users\User\FreeSpywareScanner9.6.exe [2013.03.12 19:35:39 | 000,002,928 | ---- | M] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7} [2013.03.08 16:31:19 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013.03.08 16:30:05 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021 [2013.03.07 20:12:43 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 20:12:42 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.03.07 20:12:42 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013.03.07 20:12:42 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.03.07 20:12:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.03.07 20:12:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.03.06 00:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.03.06 00:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.02 09:22:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll [2013.03.02 03:44:30 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll [2013.03.01 19:36:01 | 000,002,928 | ---- | M] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72} [2013.02.28 18:58:28 | 000,002,928 | ---- | M] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E} [2013.02.21 16:59:08 | 002,063,240 | ---- | M] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [2013.02.14 22:17:54 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk ========== Files Created - No Company Name ========== [2013.03.16 21:03:01 | 000,000,101 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013.03.16 21:01:47 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.03.16 10:40:33 | 000,000,512 | ---- | C] () -- C:\Users\User\MBR.dat [2013.03.16 10:23:24 | 013,786,977 | ---- | C] () -- C:\Users\User\mbar-1.01.0.1021.zip [2013.03.16 10:14:25 | 000,427,328 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.14 18:49:57 | 000,022,258 | ---- | C] () -- C:\Users\User\gmer fehlermeldung.jpg [2013.03.14 18:38:15 | 000,377,856 | ---- | C] () -- C:\Users\User\gmer_2.1.19155.exe [2013.03.14 18:25:51 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.03.14 18:24:37 | 000,050,477 | ---- | C] () -- C:\Users\User\Defogger.exe [2013.03.13 20:36:27 | 000,002,928 | ---- | C] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9} [2013.03.13 19:29:19 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2013.03.12 19:58:34 | 006,423,656 | ---- | C] () -- C:\Users\User\FreeSpywareScanner9.6.exe [2013.03.12 19:35:39 | 000,002,928 | ---- | C] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7} [2013.03.01 19:36:00 | 000,002,928 | ---- | C] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72} [2013.02.28 18:58:27 | 000,002,928 | ---- | C] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E} [2013.02.28 18:14:56 | 003,547,239 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin [2013.02.28 18:12:35 | 000,014,148 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb [2013.02.27 21:11:21 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2013.02.15 20:05:50 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.02.14 22:17:53 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.14 22:17:52 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.28 10:59:15 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.08.16 03:27:12 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.08.16 03:27:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.08.16 03:26:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.08.16 03:26:32 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.08.16 03:26:32 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.03.2013 21:08:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,71 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 80,62% Memory free
8,89 Gb Paging File | 7,47 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,59 Gb Free Space | 88,90% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3777642976-2438380877-1723110391-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0E22F-B40D-47E3-A964-CF8750555235}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FC054FA-4BB8-4912-9296-DD5BB598864E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23C46A72-6547-4F4A-B25E-D187E39EF5C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{338E5BE1-C7DE-4456-9DD5-D44C1398E204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E28B3FB-95F5-403D-BDE3-7CEC45164122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F321406-B2A5-4374-9F4D-91B35628892A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4768B628-0369-434A-B9A1-DC760EC11A0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48D386C3-82FB-489C-8DDB-7FF6D9E62063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E516A26-9160-401E-B1AF-EB47F14C6139}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AF4E63F-10FF-4E31-8814-DF8FB618B100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{620A2EE9-10F9-4324-ADC2-00439E6600C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7C50FB0B-61F0-4674-BD20-055C52C564A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{91B674A2-D43B-4DE5-BC2E-B9617B8CDB2D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{948D3014-4F4C-402B-92CE-34928DD626D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C122646-305B-4E8D-BE55-BA70CF4BDE78}" = lport=137 | protocol=17 | dir=in | app=system |
"{9DC9E6D5-9416-436B-B27A-4632C37A7A80}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3E99500-C0BC-4E05-9962-CD4D99B1F7E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFE77CDC-F02B-45DD-9B98-1DEDE6110B8A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C46C0C89-9B68-4D61-B7C4-8E176D6CC73B}" = lport=445 | protocol=6 | dir=in | app=system |
"{C47EB13A-9628-4371-B542-91307CBEFE55}" = rport=139 | protocol=6 | dir=out | app=system |
"{D51958C0-A7FF-4F88-A331-ABA83698CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6524EE1-07D7-41DF-9080-FF306EA158A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F15D5A8C-44CB-4A03-918A-9A67F6B54B17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F71F5687-2B37-4309-8995-3253B0F5B5E3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C7F723-B67F-4D2A-9EDC-FA2DEF522987}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{03947F51-900C-4711-88E3-1A6178D2E49F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{0A0EE794-A424-4BFC-9396-253C430BE12D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E7F0D49-6F94-4F22-858D-33BB1D52E00F}" = dir=out | name=adera |
"{157E0455-EA79-46AD-9405-75AAB545F424}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{23EE1B42-1C0D-48E3-AD44-2918A4538C77}" = dir=out | name=family story |
"{24B7411C-596B-45B7-9278-7E7408EE0C0A}" = dir=out | name=music hub |
"{251A4228-798C-40A4-B599-510B291B9746}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2981EE46-466D-4011-9F08-8D13F839E0E1}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{29AB4D3E-6AE2-45B9-A4EB-1654F5916B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D7FE2F7-A448-45D2-8150-6CBC9B392FB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3463939C-02E9-4EFE-8D78-993F7C256F32}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{35DF66F2-B735-4510-9AF5-CCC22E67C67C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A765185-2BFC-4321-8470-2DD53BB6A10C}" = dir=out | name=s camera |
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 |
"{40407DBB-A9D9-4668-A7B8-39D73E5A11A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{40D1620A-C5F5-4234-9863-81495598FA1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{426EC8C6-7167-4C1B-9C6A-F06BF92858E3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{441E7D06-7C23-46CE-B773-16240F47863F}" = dir=out | name=merriam-webster dictionary |
"{45266AA1-B184-4FA0-94CB-F0DCBA4E0866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4723CB53-FBE4-49D7-B122-4EB45F541DAC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4BD51EF7-BE2F-4553-A055-209CE101CD99}" = dir=out | name=s gallery |
"{51A982BE-53E5-47E1-BFA1-BBF93602D2CF}" = dir=in | name=music maker jam |
"{5491807E-7D97-44A7-83F1-3D193077A3DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55C95C95-1EC3-46A1-826C-BBF8973BA6DE}" = dir=out | name=norton studio |
"{57F97677-D36A-42F6-9120-2EC48512B159}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{64AB37F5-31EB-4660-9606-6F2AB2D7DA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E62161C-E7D4-481A-B4A5-09D17EC47281}" = dir=in | name=evernote |
"{6F4F6184-AF3F-40E9-AD8F-BAF53F7A1F45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{779BB8C4-A7F8-44B5-9820-6055E3BCFCF7}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{88AE6507-037F-446C-B7FF-F5C0F04B963E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{895D5A9B-37B6-4D3D-B43B-9AAC81B36300}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{907946DF-C38A-41A1-ABAF-052AA0663303}" = dir=out | name=music maker jam |
"{96D6F905-B40C-45E4-B032-55C9B0AE0994}" = dir=out | name=jamie's recipes |
"{99B5D7E3-D2F5-4152-9EE1-1A204CFE94FA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{9A735D89-D8EA-4304-B562-78935416D8A8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9D866BCA-0ADA-4860-80BC-E2E2E448E327}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AC59D521-E864-4A16-B607-AB3E1958BF23}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B1621F46-F7F4-4900-A0E1-31AC6B8BFE79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA978257-6012-4E0B-AD64-FD1D34A01607}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BBB6D5F7-1373-4F54-87B5-9B89259CF600}" = dir=out | name=evernote |
"{BE0E349D-D3A0-42F2-8DFE-61E4056A4383}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BFA165C6-4CED-487B-9F14-4F9716675CC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0C6D77C-4A66-4E44-8260-BA15494B0CAA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C52DF6BE-2A2F-4D58-A867-F9653688823E}" = dir=out | name=chaton |
"{C760AEBD-6746-44B0-9B5E-D98CDC94E973}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{C808AE20-51B2-4B08-B0F1-009DA788BBF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1754342-686C-40C3-BB45-C9DC3DCDC975}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D24EBE1A-2F76-4A93-A788-EC80C9797660}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D4EE6555-512E-42B1-91DA-24C990090D52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6AD9DC8-7719-4CE9-B3C1-2DB6B916F20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7147F10-36FF-43A0-86EB-DEEA51EE4B49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAC6759A-12A5-4F35-B8BF-E704BF1CCB45}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{DBE3A4A8-2691-4604-A011-7744D9512E07}" = protocol=6 | dir=out | app=system |
"{DD031D44-15E8-44F8-AF12-C217195A94F4}" = dir=in | name=kindle |
"{E0A75F32-EF15-4D06-87D4-2C199652C39C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E38E967A-69BA-43D3-B971-01F0B204EC48}" = dir=out | name=kindle |
"{E75F4DFF-B69E-4326-B098-9C75BA574FF1}" = dir=out | name=fresh paint |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB06B60A-A975-4BCF-924F-8128F3D69ABF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED420043-48F3-486E-AF3A-9859D8E6B54A}" = dir=out | name=photoeditor |
"{F086076A-A823-4D43-A2B6-CADF8E2C77CC}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{F1612BB2-ABCE-4698-9532-6ABEED1ED499}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7847B06-EBEC-4D07-AB50-AC922102E697}" = dir=out | name=s player |
"{FF18FCE0-593F-42EF-BD58-5BA190856238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9135430C-DA05-4391-BE81-E7754A4DB8CD}" = Support Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
"Elantech" = ETDWare PS/2-X64 11.7.2.1_WHQL
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039EA659-E421-45C6-8913-BED5D69B5536}" = User Guide
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6531175A-067C-42EA-B3BC-8FFDBB470377}" = SW Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7DAA5461-5442-4234-9F01-A6C4AEFFD891}" = Support Center FAQ
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NARA" = Norton Online Backup ARA
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live
"Xerox PhotoCafe" = Xerox PhotoCafe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.03.2013 14:04:58 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x15dc Startzeit der fehlerhaften Anwendung: 0x01ce1b5e475a7ff5 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 855a7f41-8751-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 14:19:58 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0x01ce1b605ffe133d Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9dff3563-8753-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 14:34:58 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0xe5c Startzeit der fehlerhaften Anwendung: 0x01ce1b6278a737f9 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: b693b6a9-8755-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 14:49:59 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x1534 Startzeit der fehlerhaften Anwendung: 0x01ce1b64914ec9fc Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: cf3c4e58-8757-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 15:04:59 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x11a0 Startzeit der fehlerhaften Anwendung: 0x01ce1b66a9f71b8c Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: e7d3a907-8759-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 15:20:00 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x618 Startzeit der fehlerhaften Anwendung: 0x01ce1b68c29ea725 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 008d2bdc-875c-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 15:35:00 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x1210 Startzeit der fehlerhaften Anwendung: 0x01ce1b6adb47e618 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 1942a13a-875e-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 15:50:00 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0xcb4 Startzeit der fehlerhaften Anwendung: 0x01ce1b6cf3edfdca Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 31db49f8-8760-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 16:05:01 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0xefc Startzeit der fehlerhaften Anwendung: 0x01ce1b6f0c9aec4e Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 4a8aa989-8762-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 07.03.2013 16:20:01 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
Zeitstempel: 0x505a90d6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x00000004 Fehleroffset: 0x00014b32 ID des fehlerhaften
Prozesses: 0x984 Startzeit der fehlerhaften Anwendung: 0x01ce1b71253edc32 Pfad der
fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe Pfad des fehlerhaften Moduls:
C:\windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 6330d37f-8764-11e2-be96-20689dab7571
Vollständiger
Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
[ System Events ]
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 12:54:17 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 13:53:16 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:57:27 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 14.02.2013 13:58:09 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 15.02.2013 16:55:52 | Computer Name = Samsung | Source = Service Control Manager | ID = 7034
Description = Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.02.2013 15:15:35 | Computer Name = Samsung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 22:01:35 unerwartet heruntergefahren.
< End of report >
|
|
17.03.2013, 15:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95
[2013.03.16 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ --> GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. |
|
17.03.2013, 16:23
| #7 |
| | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: toolbar-ff%40payback.de:1.1.5.95 removed from extensions.enabledAddons
Folder move failed. C:\ProgramData\boost_interprocess scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: EasySurvey
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User
->Temp folder emptied: 3944839 bytes
->Temporary Internet Files folder emptied: 1152164 bytes
->Java cache emptied: 3248071 bytes
->FireFox cache emptied: 166593035 bytes
->Flash cache emptied: 25394 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 167,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_161645
Files\Folders moved on Reboot...
C:\ProgramData\boost_interprocess folder moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.03.2013, 17:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2013, 18:58
| #9 |
| | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Kleine Zwischennachricht: Seit 2 Tagen finden nun keine Zugriffe mehr statt.  Allerdings gehe ich nur noch über den Laptop online, so dass evtl. der PC auch noch gecheckt werden müsste. Nochmal vielen Dank, und hier gerne die Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.17.09 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 User :: SAMSUNG [Administrator] Schutz: Aktiviert 17.03.2013 17:19:40 mbam-log-2013-03-17 (17-19-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234463 Laufzeit: 2 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b7c58e10e049d448b45b40673eac37d7
# engine=13407
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-17 05:32:51
# local_time=2013-03-17 06:32:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3592 16777213 100 91 77315 114204067 0 0
# compatibility_mode=5893 16776574 100 94 332074 4495613 0 0
# scanned=211069
# found=0
# cleaned=0
# scan_time=3441
|
|
17.03.2013, 19:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Mach für den anderen Rechner auch bitte einen neuen Strang auf Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2013, 20:17
| #11 |
| | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Das war's soweit auf dem Laptop, keine weiteren Befunde oder Probleme. Für den anderen Rechner mache ich einen neuen Strang auf.  für deine wirklich tolle und schnelle Hilfe!! |
|
17.03.2013, 20:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.12.2014, 17:20
| #13 |
| | Die Fritzbox ..ich hatte auch unerklärliche Logins auf GMX, bis ich das Problem gefunden habe, meine Fritzbox, die sendet mir ein Pushmail und dieses verursacht diese Meldung....... |
|
| Themen zu GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. |
| adfarm, bho, computer, computern, down, error, excel, firefox, flash player, gebraucht, helper, iexplore.exe, install.exe, installation, logfile, mozilla, msvcrt, ntdll.dll, nvpciflt.sys, office 2007, plug-in, realtek, registry, scan, security, software, spyware, super, svchost.exe, symantec, trojaner, unknown mbr, virus, warnung, windows |
Textbox. 
Linear-Darstellung
