Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GMX-Fremdzugriff - Fortsetzung

GMX-Fremdzugriff - Fortsetzung


Log-Analyse und Auswertung: GMX-Fremdzugriff - Fortsetzung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.03.2013, 22:37   #1
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Hallo,

schon in meinem letzten Thread hatte ich darüber berichtet, dass ich aufgrund Fremdzugriffen auf mein GMX-Konto Keylogger/Trojaner auf Laptop und PC vermutet. Dank der wirklich tollen Hilfe von cosinus wurde mein Laptop schon gecheckt und bereinigt/gefixt.

Seitdem ich nur noch über den Laptop zugreife, sind auch die ungewollten Log-Ins bei GMX nicht mehr vorgekommen. Nun möchte ich zur Sicherheit noch meinen PC durchchecken und hoffe auf ebenso freundliche Unterstützung wie beim letzten Mal.

Viele Grüße

Stevie-1984

PS. Hier die Logs:

Code:
ATTFilter
 OTL logfile created on: 17.03.2013 22:08:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,50 Gb Available Physical Memory | 75,09% Memory free
12,00 Gb Paging File | 10,47 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 493,38 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 401,07 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive E: | 13,84 Gb Total Space | 1,93 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive F: | 236,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.17 22:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.06.30 20:24:46 | 000,762,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.02 09:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:08:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.03.16 20:23:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.12 21:12:52 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 04:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 04:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2012.07.26 04:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.07 00:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.01 16:31:52 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.07 05:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 12:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 02:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.29 00:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.21 21:24:46 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.06 19:05:06 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:30:26 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.19 11:02:12 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011.12.19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.06.24 17:41:31 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.24 17:41:31 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009.06.30 20:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2006.12.12 01:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2013.01.16 19:13:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15)
DRV - [2013.01.16 19:13:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG)
DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.11.21 17:52:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130313.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.11.20 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.09 20:31:53 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 7F 8C 32 B9 1F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{BDCB0600-0332-4771-9D94-148955443118}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013.03.16 19:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012.11.21 21:46:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.16 20:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 20:23:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.16 20:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 20:23:25 | 000,000,000 | ---D | M]
 
[2013.03.16 17:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2013.03.16 17:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\aai2wk9e.default\extensions
[2013.03.16 17:35:40 | 000,615,654 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\aai2wk9e.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.03.16 20:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.16 20:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.16 20:23:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 23:34:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 23:34:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 23:34:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 23:34:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 23:34:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 23:34:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun File not found
O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB488BB-3F76-438A-AE0B-A234FD9B60CB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.14 18:59:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 22:03:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.03.17 17:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.16 21:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.16 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.16 20:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop
[2013.03.16 20:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.03.16 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2013.03.16 17:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.12 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013.03.12 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.12 20:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.03.12 20:50:22 | 023,008,800 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Stefan\Documents\SUPER14AntiSpyware.exe
[2013.03.11 20:23:20 | 046,023,440 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\Stefan\Documents\MFC-5490CN-inst-win8-A1.EXE
[2013.03.10 12:50:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\NPE
[2013.03.02 10:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.16 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\iPod Photo Cache
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 22:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.03.17 22:03:00 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2013.03.17 22:02:22 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2013.03.17 21:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.17 17:45:35 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.16 20:04:12 | 002,217,713 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013.03.16 20:03:11 | 002,040,954 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.03.16 20:03:11 | 000,867,886 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.03.16 20:03:11 | 000,806,384 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.03.16 20:03:11 | 000,198,384 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.03.16 20:03:11 | 000,166,582 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.03.16 19:55:48 | 001,054,248 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.03.16 19:55:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.16 19:55:44 | 536,256,511 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 17:35:21 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.16 17:26:42 | 000,001,936 | ---- | M] () -- C:\{DC16E5E3-51B3-4E14-A412-E625DA0AFEE5}
[2013.03.13 21:14:28 | 000,002,640 | ---- | M] () -- C:\{767D88AC-1AFE-49F1-BC1A-B9E39CA080BB}
[2013.03.12 20:51:10 | 023,008,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Stefan\Documents\SUPER14AntiSpyware.exe
[2013.03.12 20:18:12 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013.03.12 20:18:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2013.03.11 20:33:32 | 046,023,440 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\Stefan\Documents\MFC-5490CN-inst-win8-A1.EXE
[2013.03.09 11:27:21 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.09 11:25:52 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013.03.02 10:13:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.24 11:34:02 | 000,108,449 | ---- | M] () -- C:\Users\Stefan\ESt2012_Zimmermann_Stefan.elfo
[2013.02.23 17:59:24 | 000,000,129 | ---- | M] () -- C:\WINDOWS\SysWow64\~.inf
[2013.02.23 17:46:40 | 000,928,097 | ---- | M] () -- C:\Users\Stefan\Documents\Anna Gemüsebilder.pdf
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.17 22:03:00 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2013.03.17 22:02:21 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2013.03.16 19:55:48 | 001,054,248 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.03.16 17:35:21 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.16 17:35:21 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.16 17:26:41 | 000,001,936 | ---- | C] () -- C:\{DC16E5E3-51B3-4E14-A412-E625DA0AFEE5}
[2013.03.13 21:14:28 | 000,002,640 | ---- | C] () -- C:\{767D88AC-1AFE-49F1-BC1A-B9E39CA080BB}
[2013.03.02 10:13:09 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.23 20:00:11 | 000,108,449 | ---- | C] () -- C:\Users\Stefan\ESt2012_Zimmermann_Stefan.elfo
[2013.02.23 17:46:39 | 000,928,097 | ---- | C] () -- C:\Users\Stefan\Documents\Anna Gemüsebilder.pdf
[2013.02.22 16:20:18 | 000,001,466 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paint (2).lnk
[2013.02.16 11:42:57 | 000,386,577 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.01.12 10:19:12 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.30 22:38:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012.11.06 20:19:32 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.06 19:08:23 | 000,000,197 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\burnaware.ini
[2012.10.28 22:55:52 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.10.27 22:26:40 | 001,968,878 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012.10.27 22:23:49 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.10.27 22:23:49 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012.07.27 19:49:20 | 000,000,040 | ---- | C] () -- C:\ProgramData\aknhqwdnwnsgria
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012.03.21 22:35:50 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2012.01.13 23:47:03 | 000,138,015 | ---- | C] () -- C:\Users\Stefan\ESt2011_Zimmermann_Stefan.elfo
[2012.01.06 18:58:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI
[2011.12.30 17:08:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2011.07.01 16:32:08 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.05.31 21:13:42 | 000,001,036 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011.05.31 21:13:42 | 000,000,161 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011.05.31 21:13:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\BrMuSNMP.dll
[2011.05.31 21:12:59 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011.05.31 21:12:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.31 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\AlawarEntertainment
[2011.06.20 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2011.06.20 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Programme
[2012.08.18 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Autodesk
[2011.08.08 10:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\biu software
[2011.06.03 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cerasus.media
[2011.10.29 14:03:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Downloaded Installations
[2012.09.28 20:30:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2012.08.18 20:17:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GeoVid
[2011.11.23 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Keynote Systems
[2012.08.18 20:19:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nokia
[2012.05.29 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nokia Suite
[2012.08.18 19:53:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Orbit
[2012.05.27 12:27:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PC Suite
[2011.06.17 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PC-FAX TX
[2013.01.03 13:24:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PlayFirst
[2012.08.15 12:39:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ProgSense
[2011.12.28 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ProtectDisc
[2011.09.21 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Scribus
[2011.12.30 22:37:37 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sprengkönig
[2011.12.28 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\The Games Company
[2012.08.31 18:45:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\thriXXX
[2012.03.30 10:00:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2011.06.02 12:09:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Tific
[2012.12.30 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Twintale Entertainment
[2013.02.03 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1372 bytes -> C:\Users\Stefan\Documents\Kennziffer  P-12_110 - Bewerbung um die Stelle als Sachbearbeiter in der Abteilung für Personal und Organisation.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2C57161

< End of report >
Code:
ATTFilter
 OTL Extras logfile created on: 17.03.2013 22:08:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,50 Gb Available Physical Memory | 75,09% Memory free
12,00 Gb Paging File | 10,47 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 493,38 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 401,07 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive E: | 13,84 Gb Total Space | 1,93 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive F: | 236,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06ABE5AC-5EC0-4A43-A113-27482B3DAA17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0F4018C7-F518-4443-B808-6E5971D28E3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44316C54-BBA5-42C6-86A9-889C11C945C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5FFDA51B-F2EC-40CF-8BBB-56A94732EBC7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5FFFC276-251D-45A9-B77C-6DB2BB417F36}" = lport=49318 | protocol=6 | dir=in | name=akamai netsession interface | 
"{615219D7-8DE9-410A-896B-67D323EBF454}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6567B83B-EA91-4F5A-8FB8-B54081DEF4DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{733592F1-0A6F-4A46-AC4C-46A3217A6FC7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{786A922C-DB40-47C4-8707-07ECE02AC286}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{79B7E2FB-564A-47BB-B9D8-028ADA5ADCC5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{7ABC9882-24BC-4B1E-A18D-224C5A024FE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EDD7CB4-FB0D-4B60-8DEB-0222664ED636}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A0BC5ED0-A164-4B22-8219-07F0FB8E6C05}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{AA0EC870-AD11-4206-86FA-E15CD88D5AF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA46AB6B-9AE2-4A7F-8C7A-8FCB71BBEA63}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE2D5755-BB90-4DA7-852A-4FC0C1FD0C1D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C459CDE0-9717-4705-9613-A8687C789B2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5CA0D9C-C68A-4F55-95A4-F7366193F9D1}" = lport=49183 | protocol=6 | dir=in | name=akamai netsession interface | 
"{C7A46DBE-737E-477B-8A12-0F4BAC686F82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0454E74B-B645-4C2F-AC88-0F65E906F69D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{0C611A1E-2FC0-4FD4-BDE4-93E1748845E6}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{0CE96268-13A3-4BB7-A2CA-B3E073D5B234}" = dir=in | app=c:\users\stefan\appdata\local\microsoft\skydrive\skydrive.exe | 
"{19EF2980-2FCC-480B-BCDD-4BC092DCE2CE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1AD505CD-D8AD-4F20-9806-942834DD19BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FB337C0-0294-4C32-AE4D-876C0798F4FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23F4D3A4-2431-44B3-AA6F-9EA4D25CCBBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{286146F1-4AD8-446E-8D7F-6B05CD3ADC22}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{313332B1-84C4-435F-BAD6-675FA7CF1B5C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3605C9AD-29CA-4C6A-9C1B-E791A9FEE944}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\icqm\icq.exe | 
"{392E1694-B839-402A-8F1E-2A028893C92D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{4026DEA9-AE64-4EF9-BB16-BA1335F8F496}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{46F5C791-1476-4BB8-83A1-CE82E09E91C8}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{4E6BAF2C-20BB-410A-8AD8-BBC8F7001F5B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4F93D4E9-F564-45B3-8C1E-7A7EDA096AAB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{50D7086B-3318-4587-8686-21C153F21807}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{56EFEE22-1FF9-47BE-B38F-DCD7978077EF}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{578F1D6E-F99D-49AB-9983-6B56BE9CDC96}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
"{61CAC80D-A27B-4DA3-9A72-58938DDF5C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{63BAF5F9-40F0-475D-A196-1E151779F4B4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7417E2F8-380D-44D5-BE9F-D0AC6565BE0C}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{772DE3C3-1D40-4408-9147-4CCEC1310987}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
"{794090FF-0BF3-4EB3-9DF8-7DDAA423028A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8493DD97-F0BC-4B7C-B3AA-7134208E7343}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{8F7FBFAD-4CD8-4B5E-961C-55839BBB8FE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{95A7E9B4-0D8C-4E13-8605-7EE9364896B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{969DD105-DADA-4C3C-8F31-CE4FCD6299D5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9FBD8499-1ECC-49E1-900A-C349BE99AFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A69D142F-8EBB-4D95-AB96-C2078940C6C0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A7D83B6F-4B2E-4DDA-AB92-E73D6977868F}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\icqm\icq.exe | 
"{B4D7B72D-6945-4C0D-A303-BD430450DB6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC38A022-E600-4825-B8EE-B42738380B84}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{BE217227-2453-443B-A73E-5B7F5382482B}" = protocol=6 | dir=out | app=system | 
"{C31617EC-5BAD-4775-A57E-F770637F7473}" = dir=out | name=windows_ie_ac_001 | 
"{C4F98F4A-5226-4550-A891-59CB3929F499}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{C519D382-579F-48CD-A1B1-403C367DF4B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA086723-065B-438A-B3F4-A1DDEF0F85D3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{CE89F4D5-E705-4D42-B613-05EB07553DB8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{D2E5A37D-52C0-404A-8739-5252E6CFBFC7}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DF704350-A41A-4059-B35D-15D8BEBE5F11}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EAE385FD-A626-4917-A74F-85CF976953BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EB0EF784-5686-406A-A345-8CB924B0D911}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FCE1F482-DA59-401B-B998-937527E40319}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"TCP Query User{0A14DB61-D63C-4E4B-BB14-B5F445E6D3F9}C:\users\stefan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{CB6FED15-674F-4054-8F86-BFFDB53F5AE9}C:\users\stefan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5AF3560C-09BA-426F-BFA0-FEF0A94A9D8B}" = Microsoft Corporation
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EC9E7BB-2443-49B1-8476-490EBF932C2E}" = Microsoft LifeCam
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51B5CAB0-6F72-4086-BB0D-42D0BDC88F67}" = Hama WLAN PCI Card
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1CF7B76-682D-4547-AA96-11B659A2CEAC}" = Microsoft Corporation
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"PROR" = Microsoft Office Professional 2007
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2012 14:16:58 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 16:24:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2012 13:23:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2012 12:57:08 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 07:50:01 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.08.2012 05:08:03 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.08.2012 03:23:11 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.08.2012 11:39:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2012 11:32:53 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2012 13:11:26 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.08.2012 12:56:05 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 31.10.2011 08:59:37 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5191
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2012 13:52:06 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.05.2012 13:08:32 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 195
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2012 12:21:44 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11701
 seconds with 6840 seconds of active time.  This session ended with a crash.
 
 
< End of report >
Code:
ATTFilter
 GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-17 22:27:47
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugdyqpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\mqsvc.exe[1912] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742                                   000007feb4681b32 4 bytes [68, B4, FE, 07]
.text   C:\WINDOWS\system32\mqsvc.exe[1912] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750                                   000007feb4681b3a 4 bytes [68, B4, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5200] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5200] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5200] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                              000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                              000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                            000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                    000007febda7177a 4 bytes [A7, BD, FE, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                    000007febda71782 4 bytes [A7, BD, FE, 07]
.text   C:\Program Files\Classic Shell\ClassicStartMenu.exe[4160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690         000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text   C:\Program Files\Classic Shell\ClassicStartMenu.exe[4160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698         000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text   C:\Program Files\Classic Shell\ClassicStartMenu.exe[4160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246       000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                     000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                     000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                   000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                           000007febda7177a 4 bytes [A7, BD, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                           000007febda71782 4 bytes [A7, BD, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                         000007feb4681b32 4 bytes [68, B4, FE, 07]
.text   C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                         000007feb4681b3a 4 bytes [68, B4, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [5828:1448]                                                                            fffff960008285e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                    -692159595

---- EOF - GMER 2.1 ----

Alt 18.03.2013, 14:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


hello again

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________
Alt 18.03.2013, 19:12   #3
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Hey, tolle Sache, dass du mir wieder hilfst

Das erste Log kann ich dir posten, beim zweiten kommt immer eine Fehlermeldung (Anhang). Von daher habe ich das dritte nicht mehr gemacht.

Wenn ich die Logs so sehe, frage ich mich, was für einen Mist ich da teilweise runtergeladen habe. Zu sehr sollte man seinem Virenscanner wohl nicht vertrauen...

Wie machen wir weiter - TDSS?

Code:
ATTFilter
 Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Stefan :: STEFAN-PC [administrator]

18.03.2013 18:40:06
mbar-log-2013-03-18 (18-40-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29109
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Stefan\Downloads\w7kf-setup.exe (PUP.Hacktool) -> Delete on reboot.
c:\Users\Stefan\Downloads\PDFConverterSetup.exe (Adware.InstallCore) -> Delete on reboot.

(end)
__________________
Miniaturansicht angehängter Grafiken
GMX-Fremdzugriff - Fortsetzung-fehlermeldung.jpg  

Alt 18.03.2013, 23:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Das mit aswMBR reicht mir vorerst, es erkennt einen Standard Win7-MBR
Mach bitte mit dem tdsskiller weiter
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 19:05   #5
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Also Respekt für die schnellen Antworten - echt Wahnsinn!

Code:
ATTFilter
 18:58:27.0669 5444  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:58:27.0981 5444  ============================================================
18:58:27.0981 5444  Current date / time: 2013/03/19 18:58:27.0981
18:58:27.0981 5444  SystemInfo:
18:58:27.0981 5444  
18:58:27.0981 5444  OS Version: 6.2.9200 ServicePack: 0.0
18:58:27.0981 5444  Product type: Workstation
18:58:27.0981 5444  ComputerName: STEFAN-PC
18:58:27.0981 5444  UserName: Stefan
18:58:27.0981 5444  Windows directory: C:\WINDOWS
18:58:27.0981 5444  System windows directory: C:\WINDOWS
18:58:27.0981 5444  Running under WOW64
18:58:27.0981 5444  Processor architecture: Intel x64
18:58:27.0981 5444  Number of processors: 4
18:58:27.0981 5444  Page size: 0x1000
18:58:27.0981 5444  Boot type: Normal boot
18:58:27.0981 5444  ============================================================
18:58:29.0276 5444  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:29.0291 5444  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:29.0385 5444  ============================================================
18:58:29.0385 5444  \Device\Harddisk0\DR0:
18:58:29.0385 5444  MBR partitions:
18:58:29.0385 5444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CA7A33
18:58:29.0385 5444  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48CA7A72, BlocksNum 0x1BAF44F
18:58:29.0385 5444  \Device\Harddisk1\DR1:
18:58:29.0385 5444  MBR partitions:
18:58:29.0385 5444  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
18:58:29.0385 5444  ============================================================
18:58:29.0401 5444  C: <-> \Device\Harddisk0\DR0\Partition1
18:58:29.0432 5444  D: <-> \Device\Harddisk1\DR1\Partition1
18:58:29.0494 5444  E: <-> \Device\Harddisk0\DR0\Partition2
18:58:29.0494 5444  ============================================================
18:58:29.0494 5444  Initialize success
18:58:29.0494 5444  ============================================================
18:58:35.0968 0488  ============================================================
18:58:35.0968 0488  Scan started
18:58:35.0968 0488  Mode: Manual; SigCheck; TDLFS; 
18:58:35.0968 0488  ============================================================
18:58:36.0873 0488  ================ Scan system memory ========================
18:58:36.0873 0488  System memory - ok
18:58:36.0873 0488  ================ Scan services =============================
18:58:37.0076 0488  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:58:37.0170 0488  1394ohci - ok
18:58:37.0216 0488  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:58:37.0279 0488  3ware - ok
18:58:37.0357 0488  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:58:37.0372 0488  ACPI - ok
18:58:37.0419 0488  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:58:37.0466 0488  acpiex - ok
18:58:37.0497 0488  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:58:37.0560 0488  acpipagr - ok
18:58:37.0622 0488  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:58:37.0684 0488  AcpiPmi - ok
18:58:37.0747 0488  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:58:37.0825 0488  acpitime - ok
18:58:38.0059 0488  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:58:38.0074 0488  AdobeARMservice - ok
18:58:38.0308 0488  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:58:38.0324 0488  AdobeFlashPlayerUpdateSvc - ok
18:58:38.0418 0488  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
18:58:38.0464 0488  adp94xx - ok
18:58:38.0527 0488  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
18:58:38.0574 0488  adpahci - ok
18:58:38.0620 0488  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
18:58:38.0636 0488  adpu320 - ok
18:58:38.0667 0488  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:58:38.0698 0488  AeLookupSvc - ok
18:58:38.0730 0488  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:58:38.0776 0488  AFD - ok
18:58:38.0792 0488  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:58:38.0808 0488  agp440 - ok
18:58:38.0839 0488  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\WINDOWS\System32\alg.exe
18:58:38.0870 0488  ALG - ok
18:58:38.0901 0488  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
18:58:38.0932 0488  AllUserInstallAgent - ok
18:58:38.0948 0488  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:58:38.0979 0488  AmdK8 - ok
18:58:38.0995 0488  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:58:39.0026 0488  AmdPPM - ok
18:58:39.0042 0488  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:58:39.0057 0488  amdsata - ok
18:58:39.0088 0488  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:58:39.0104 0488  amdsbs - ok
18:58:39.0120 0488  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:58:39.0135 0488  amdxata - ok
18:58:39.0198 0488  [ 823F34D1DEF120A657BB7529ABF4461F ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
18:58:39.0213 0488  AppHostSvc - ok
18:58:39.0244 0488  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:58:39.0276 0488  AppID - ok
18:58:39.0307 0488  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:58:39.0338 0488  AppIDSvc - ok
18:58:39.0354 0488  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:58:39.0385 0488  Appinfo - ok
18:58:39.0463 0488  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:58:39.0478 0488  Apple Mobile Device - ok
18:58:39.0510 0488  [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
18:58:39.0556 0488  AppMgmt - ok
18:58:39.0588 0488  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\WINDOWS\system32\drivers\arc.sys
18:58:39.0603 0488  arc - ok
18:58:39.0603 0488  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:58:39.0619 0488  arcsas - ok
18:58:39.0712 0488  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:58:39.0728 0488  aspnet_state - ok
18:58:39.0744 0488  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:58:39.0775 0488  AsyncMac - ok
18:58:39.0806 0488  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:58:39.0822 0488  atapi - ok
18:58:39.0853 0488  [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
18:58:39.0868 0488  atksgt - ok
18:58:39.0884 0488  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:58:39.0915 0488  AudioEndpointBuilder - ok
18:58:39.0946 0488  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:58:39.0978 0488  Audiosrv - ok
18:58:40.0009 0488  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:58:40.0024 0488  AxInstSV - ok
18:58:40.0056 0488  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:58:40.0087 0488  b06bdrv - ok
18:58:40.0102 0488  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:58:40.0134 0488  BasicDisplay - ok
18:58:40.0165 0488  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:58:40.0196 0488  BasicRender - ok
18:58:40.0227 0488  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:58:40.0258 0488  BDESVC - ok
18:58:40.0290 0488  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:58:40.0305 0488  Beep - ok
18:58:40.0336 0488  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\WINDOWS\System32\bfe.dll
18:58:40.0368 0488  BFE - ok
18:58:40.0555 0488  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
18:58:40.0602 0488  BHDrvx64 - ok
18:58:40.0711 0488  [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
18:58:40.0726 0488  BingDesktopUpdate - ok
18:58:40.0773 0488  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\WINDOWS\System32\qmgr.dll
18:58:40.0820 0488  BITS - ok
18:58:40.0898 0488  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:58:40.0914 0488  Bonjour Service - ok
18:58:40.0914 0488  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:58:40.0945 0488  bowser - ok
18:58:40.0960 0488  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:58:40.0992 0488  BrokerInfrastructure - ok
18:58:41.0007 0488  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\WINDOWS\System32\browser.dll
18:58:41.0038 0488  Browser - ok
18:58:41.0054 0488  [ 34F6C504B150F99DAE69D7073D2A4DF4 ] BrSerIf         C:\WINDOWS\system32\DRIVERS\BrSerIf.sys
18:58:41.0085 0488  BrSerIf - ok
18:58:41.0101 0488  [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer        C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys
18:58:41.0116 0488  BrUsbSer - ok
18:58:41.0132 0488  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:58:41.0148 0488  BthAvrcpTg - ok
18:58:41.0179 0488  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:58:41.0210 0488  BthHFEnum - ok
18:58:41.0226 0488  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:58:41.0257 0488  bthhfhid - ok
18:58:41.0288 0488  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:58:41.0319 0488  BTHMODEM - ok
18:58:41.0350 0488  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:58:41.0366 0488  bthserv - ok
18:58:41.0413 0488  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360x64\1403000.024\ccSetx64.sys
18:58:41.0428 0488  ccSet_N360 - ok
18:58:41.0460 0488  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:58:41.0475 0488  cdfs - ok
18:58:41.0506 0488  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:58:41.0538 0488  cdrom - ok
18:58:41.0584 0488  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:58:41.0616 0488  CertPropSvc - ok
18:58:41.0631 0488  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:58:41.0662 0488  circlass - ok
18:58:41.0709 0488  [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
18:58:41.0725 0488  ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
18:58:41.0725 0488  ClassicShellService - detected UnsignedFile.Multi.Generic (1)
18:58:41.0756 0488  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:58:41.0772 0488  CLFS - ok
18:58:41.0818 0488  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:58:41.0834 0488  CmBatt - ok
18:58:41.0865 0488  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:58:41.0896 0488  CNG - ok
18:58:41.0928 0488  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:58:41.0959 0488  CompositeBus - ok
18:58:41.0959 0488  COMSysApp - ok
18:58:41.0974 0488  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:58:42.0006 0488  condrv - ok
18:58:42.0037 0488  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:58:42.0099 0488  CryptSvc - ok
18:58:42.0130 0488  [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
18:58:42.0177 0488  CSC - ok
18:58:42.0208 0488  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService      C:\WINDOWS\System32\cscsvc.dll
18:58:42.0255 0488  CscService - ok
18:58:42.0271 0488  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:58:42.0286 0488  dam - ok
18:58:42.0333 0488  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:58:42.0364 0488  DcomLaunch - ok
18:58:42.0396 0488  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:58:42.0489 0488  defragsvc - ok
18:58:42.0520 0488  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:58:42.0552 0488  DeviceAssociationService - ok
18:58:42.0583 0488  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:58:42.0598 0488  DeviceInstall - ok
18:58:42.0645 0488  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:58:42.0661 0488  Dfsc - ok
18:58:42.0692 0488  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:58:42.0708 0488  Dhcp - ok
18:58:42.0723 0488  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\WINDOWS\system32\drivers\discache.sys
18:58:42.0754 0488  discache - ok
18:58:42.0786 0488  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:58:42.0786 0488  disk - ok
18:58:42.0817 0488  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:58:42.0848 0488  dmvsc - ok
18:58:42.0879 0488  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:58:42.0910 0488  Dnscache - ok
18:58:42.0942 0488  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:58:42.0973 0488  dot3svc - ok
18:58:43.0004 0488  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\WINDOWS\system32\dps.dll
18:58:43.0020 0488  DPS - ok
18:58:43.0051 0488  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:58:43.0066 0488  drmkaud - ok
18:58:43.0098 0488  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:58:43.0129 0488  DsmSvc - ok
18:58:43.0176 0488  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:58:43.0269 0488  DXGKrnl - ok
18:58:43.0300 0488  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:58:43.0332 0488  Eaphost - ok
18:58:43.0410 0488  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:58:43.0519 0488  ebdrv - ok
18:58:43.0566 0488  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:58:43.0581 0488  eeCtrl - ok
18:58:43.0612 0488  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\WINDOWS\System32\lsass.exe
18:58:43.0644 0488  EFS - ok
18:58:43.0690 0488  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:58:43.0706 0488  EhStorClass - ok
18:58:43.0737 0488  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:58:43.0753 0488  EhStorTcgDrv - ok
18:58:43.0784 0488  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:58:43.0784 0488  EraserUtilRebootDrv - ok
18:58:43.0815 0488  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:58:43.0831 0488  ErrDev - ok
18:58:43.0893 0488  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\WINDOWS\system32\es.dll
18:58:43.0924 0488  EventSystem - ok
18:58:43.0940 0488  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:58:43.0971 0488  exfat - ok
18:58:43.0987 0488  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:58:44.0002 0488  fastfat - ok
18:58:44.0049 0488  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:58:44.0096 0488  Fax - ok
18:58:44.0112 0488  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:58:44.0127 0488  fdc - ok
18:58:44.0158 0488  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:58:44.0190 0488  fdPHost - ok
18:58:44.0221 0488  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:58:44.0252 0488  FDResPub - ok
18:58:44.0283 0488  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:58:44.0299 0488  fhsvc - ok
18:58:44.0330 0488  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:58:44.0346 0488  FileInfo - ok
18:58:44.0361 0488  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:58:44.0392 0488  Filetrace - ok
18:58:44.0470 0488  [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:58:44.0517 0488  FLEXnet Licensing Service 64 - ok
18:58:44.0533 0488  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:58:44.0580 0488  flpydisk - ok
18:58:44.0595 0488  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:58:44.0626 0488  FltMgr - ok
18:58:44.0673 0488  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:58:44.0751 0488  FontCache - ok
18:58:44.0798 0488  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:58:44.0814 0488  FontCache3.0.0.0 - ok
18:58:44.0829 0488  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:58:44.0845 0488  FsDepends - ok
18:58:44.0876 0488  [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr.sys
18:58:44.0892 0488  fssfltr - ok
18:58:44.0970 0488  [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:58:45.0048 0488  fsssvc - ok
18:58:45.0079 0488  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:58:45.0094 0488  Fs_Rec - ok
18:58:45.0126 0488  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:58:45.0157 0488  fvevol - ok
18:58:45.0188 0488  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:58:45.0219 0488  FxPPM - ok
18:58:45.0250 0488  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:58:45.0266 0488  gagp30kx - ok
18:58:45.0297 0488  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:58:45.0297 0488  GEARAspiWDM - ok
18:58:45.0328 0488  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:58:45.0360 0488  gencounter - ok
18:58:45.0375 0488  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:58:45.0391 0488  GPIOClx0101 - ok
18:58:45.0422 0488  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:58:45.0453 0488  gpsvc - ok
18:58:45.0484 0488  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:58:45.0516 0488  HDAudBus - ok
18:58:45.0547 0488  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:58:45.0562 0488  HidBatt - ok
18:58:45.0594 0488  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:58:45.0625 0488  HidBth - ok
18:58:45.0625 0488  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:58:45.0656 0488  hidi2c - ok
18:58:45.0672 0488  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:58:45.0718 0488  HidIr - ok
18:58:45.0750 0488  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:58:45.0765 0488  hidserv - ok
18:58:45.0796 0488  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:58:45.0812 0488  HidUsb - ok
18:58:45.0843 0488  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:58:45.0859 0488  hkmsvc - ok
18:58:45.0890 0488  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:58:45.0921 0488  HomeGroupListener - ok
18:58:45.0937 0488  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:58:45.0952 0488  HomeGroupProvider - ok
18:58:45.0968 0488  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:58:45.0984 0488  HpSAMD - ok
18:58:46.0030 0488  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:58:46.0077 0488  HTTP - ok
18:58:46.0093 0488  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:58:46.0093 0488  hwpolicy - ok
18:58:46.0124 0488  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:58:46.0155 0488  hyperkbd - ok
18:58:46.0171 0488  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:58:46.0202 0488  HyperVideo - ok
18:58:46.0218 0488  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:58:46.0233 0488  i8042prt - ok
18:58:46.0249 0488  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:58:46.0280 0488  iaStorV - ok
18:58:46.0358 0488  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130316.002\IDSvia64.sys
18:58:46.0374 0488  IDSVia64 - ok
18:58:46.0389 0488  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
18:58:46.0452 0488  iirsp - ok
18:58:46.0498 0488  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
18:58:46.0530 0488  IKEEXT - ok
18:58:46.0686 0488  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:58:46.0779 0488  IntcAzAudAddService - ok
18:58:46.0810 0488  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:58:46.0826 0488  intelide - ok
18:58:46.0857 0488  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:58:46.0873 0488  intelppm - ok
18:58:46.0920 0488  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:58:46.0935 0488  IpFilterDriver - ok
18:58:46.0966 0488  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:58:47.0013 0488  iphlpsvc - ok
18:58:47.0029 0488  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:58:47.0044 0488  IPMIDRV - ok
18:58:47.0076 0488  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:58:47.0107 0488  IPNAT - ok
18:58:47.0138 0488  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:58:47.0154 0488  iPod Service - ok
18:58:47.0200 0488  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:58:47.0232 0488  IRENUM - ok
18:58:47.0263 0488  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:58:47.0278 0488  isapnp - ok
18:58:47.0310 0488  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:58:47.0325 0488  iScsiPrt - ok
18:58:47.0356 0488  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:58:47.0372 0488  kbdclass - ok
18:58:47.0403 0488  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:58:47.0419 0488  kbdhid - ok
18:58:47.0466 0488  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:58:47.0481 0488  kdnic - ok
18:58:47.0528 0488  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:58:47.0544 0488  KeyIso - ok
18:58:47.0575 0488  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:58:47.0575 0488  KSecDD - ok
18:58:47.0606 0488  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:58:47.0622 0488  KSecPkg - ok
18:58:47.0668 0488  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:58:47.0684 0488  ksthunk - ok
18:58:47.0715 0488  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:58:47.0731 0488  KtmRm - ok
18:58:47.0778 0488  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:58:47.0809 0488  LanmanServer - ok
18:58:47.0856 0488  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:58:47.0871 0488  LanmanWorkstation - ok
18:58:47.0887 0488  [ 955982BF4421B77722196552B62E8DC2 ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18:58:47.0902 0488  lirsgt - ok
18:58:47.0902 0488  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:58:47.0918 0488  lltdio - ok
18:58:47.0965 0488  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:58:47.0980 0488  lltdsvc - ok
18:58:47.0996 0488  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:58:48.0012 0488  lmhosts - ok
18:58:48.0043 0488  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:58:48.0058 0488  LSI_SAS - ok
18:58:48.0074 0488  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:58:48.0090 0488  LSI_SAS2 - ok
18:58:48.0105 0488  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
18:58:48.0105 0488  LSI_SCSI - ok
18:58:48.0136 0488  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:58:48.0152 0488  LSI_SSS - ok
18:58:48.0183 0488  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\WINDOWS\System32\lsm.dll
18:58:48.0261 0488  LSM - ok
18:58:48.0292 0488  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:58:48.0324 0488  luafv - ok
18:58:48.0324 0488  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:58:48.0339 0488  megasas - ok
18:58:48.0370 0488  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
18:58:48.0402 0488  MegaSR - ok
18:58:48.0417 0488  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:58:48.0433 0488  MMCSS - ok
18:58:48.0464 0488  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:58:48.0495 0488  Modem - ok
18:58:48.0511 0488  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\WINDOWS\system32\DRIVERS\monitor.sys
18:58:48.0526 0488  monitor - ok
18:58:48.0542 0488  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:58:48.0558 0488  mouclass - ok
18:58:48.0558 0488  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:58:48.0573 0488  mouhid - ok
18:58:48.0573 0488  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:58:48.0589 0488  mountmgr - ok
18:58:48.0667 0488  [ 7E164DE3EE617E3A7EAD9ADB471D6AAD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:58:48.0682 0488  MozillaMaintenance - ok
18:58:48.0698 0488  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:58:48.0729 0488  mpsdrv - ok
18:58:48.0776 0488  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:58:48.0838 0488  MpsSvc - ok
18:58:48.0870 0488  [ 866AF645A3B1F4358C4201CE089839EA ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
18:58:48.0885 0488  MQAC - ok
18:58:48.0916 0488  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:58:48.0932 0488  MRxDAV - ok
18:58:48.0963 0488  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:58:48.0979 0488  mrxsmb - ok
18:58:48.0994 0488  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:58:49.0010 0488  mrxsmb10 - ok
18:58:49.0026 0488  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:58:49.0041 0488  mrxsmb20 - ok
18:58:49.0057 0488  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:58:49.0088 0488  MsBridge - ok
18:58:49.0119 0488  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:58:49.0150 0488  MSDTC - ok
18:58:49.0182 0488  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:58:49.0197 0488  Msfs - ok
18:58:49.0228 0488  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:58:49.0244 0488  msgpiowin32 - ok
18:58:49.0275 0488  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:58:49.0291 0488  mshidkmdf - ok
18:58:49.0306 0488  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:58:49.0322 0488  mshidumdf - ok
18:58:49.0353 0488  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:58:49.0369 0488  msisadrv - ok
18:58:49.0416 0488  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:58:49.0431 0488  MSiSCSI - ok
18:58:49.0447 0488  msiserver - ok
18:58:49.0462 0488  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:58:49.0478 0488  MSKSSRV - ok
18:58:49.0494 0488  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:58:49.0525 0488  MsLldp - ok
18:58:49.0540 0488  [ 80FF037D6184FFACB2740A50C7949D20 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
18:58:49.0556 0488  MSMQ - ok
18:58:49.0572 0488  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:58:49.0587 0488  MSPCLOCK - ok
18:58:49.0603 0488  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:58:49.0650 0488  MSPQM - ok
18:58:49.0681 0488  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:58:49.0696 0488  MsRPC - ok
18:58:49.0712 0488  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:58:49.0728 0488  mssmbios - ok
18:58:49.0743 0488  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:58:49.0759 0488  MSTEE - ok
18:58:49.0775 0488  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:58:49.0790 0488  MTConfig - ok
18:58:49.0806 0488  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:58:49.0821 0488  Mup - ok
18:58:49.0821 0488  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:58:49.0837 0488  mvumis - ok
18:58:49.0915 0488  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
18:58:49.0915 0488  N360 - ok
18:58:49.0962 0488  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:58:49.0993 0488  napagent - ok
18:58:50.0040 0488  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:58:50.0055 0488  NativeWifiP - ok
18:58:50.0118 0488  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130319.005\ENG64.SYS
18:58:50.0118 0488  NAVENG - ok
18:58:50.0164 0488  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130319.005\EX64.SYS
18:58:50.0196 0488  NAVEX15 - ok
18:58:50.0211 0488  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:58:50.0227 0488  NcaSvc - ok
18:58:50.0258 0488  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:58:50.0289 0488  NcdAutoSetup - ok
18:58:50.0320 0488  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:58:50.0399 0488  NDIS - ok
18:58:50.0430 0488  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:58:50.0461 0488  NdisCap - ok
18:58:50.0477 0488  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:58:50.0508 0488  NdisImPlatform - ok
18:58:50.0523 0488  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:58:50.0539 0488  NdisTapi - ok
18:58:50.0570 0488  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:58:50.0570 0488  Ndisuio - ok
18:58:50.0617 0488  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:58:50.0633 0488  NdisWan - ok
18:58:50.0648 0488  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:58:50.0664 0488  NDISWANLEGACY - ok
18:58:50.0695 0488  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:58:50.0711 0488  NDProxy - ok
18:58:50.0726 0488  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:58:50.0742 0488  Ndu - ok
18:58:50.0742 0488  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:58:50.0757 0488  NetBIOS - ok
18:58:50.0804 0488  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:58:50.0820 0488  NetBT - ok
18:58:50.0851 0488  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:58:50.0867 0488  Netlogon - ok
18:58:50.0898 0488  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\WINDOWS\System32\netman.dll
18:58:50.0929 0488  Netman - ok
18:58:50.0960 0488  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:50.0976 0488  NetMsmqActivator - ok
18:58:50.0976 0488  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:50.0991 0488  NetPipeActivator - ok
18:58:51.0023 0488  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:58:51.0069 0488  netprofm - ok
18:58:51.0069 0488  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:51.0085 0488  NetTcpActivator - ok
18:58:51.0085 0488  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:51.0101 0488  NetTcpPortSharing - ok
18:58:51.0132 0488  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
18:58:51.0132 0488  nfrd960 - ok
18:58:51.0179 0488  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:58:51.0210 0488  NlaSvc - ok
18:58:51.0225 0488  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:58:51.0241 0488  Npfs - ok
18:58:51.0257 0488  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:58:51.0288 0488  npsvctrig - ok
18:58:51.0303 0488  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:58:51.0319 0488  nsi - ok
18:58:51.0350 0488  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:58:51.0366 0488  nsiproxy - ok
18:58:51.0413 0488  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:58:51.0506 0488  Ntfs - ok
18:58:51.0537 0488  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:58:51.0553 0488  Null - ok
18:58:51.0771 0488  [ 300DF34139C87F3AC18E794E44F98A97 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
18:58:52.0099 0488  nvlddmkm - ok
18:58:52.0146 0488  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:58:52.0161 0488  nvraid - ok
18:58:52.0177 0488  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:58:52.0193 0488  nvstor - ok
18:58:52.0239 0488  [ 1C63E34632CEBD6A37B82DC77C4F7575 ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:58:52.0255 0488  NVSvc - ok
18:58:52.0349 0488  [ 4A5A9DDEF3C7E4E37EB22DE00AE8B9F1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:58:52.0442 0488  nvUpdatusService - ok
18:58:52.0489 0488  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:58:52.0489 0488  nv_agp - ok
18:58:52.0567 0488  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:58:52.0598 0488  odserv - ok
18:58:52.0614 0488  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:58:52.0629 0488  ose - ok
18:58:52.0661 0488  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:58:52.0692 0488  p2pimsvc - ok
18:58:52.0723 0488  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:58:52.0770 0488  p2psvc - ok
18:58:52.0801 0488  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:58:52.0817 0488  Parport - ok
18:58:52.0848 0488  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:58:52.0863 0488  partmgr - ok
18:58:52.0895 0488  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:58:52.0926 0488  PcaSvc - ok
18:58:52.0957 0488  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:58:52.0973 0488  pci - ok
18:58:53.0004 0488  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:58:53.0019 0488  pciide - ok
18:58:53.0051 0488  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:58:53.0066 0488  pcmcia - ok
18:58:53.0082 0488  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:58:53.0097 0488  pcw - ok
18:58:53.0113 0488  [ AECC24430301DBC6A76916E3029B6B83 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:58:53.0129 0488  pdc - ok
18:58:53.0144 0488  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:58:53.0191 0488  PEAUTH - ok
18:58:53.0238 0488  [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
18:58:53.0316 0488  PeerDistSvc - ok
18:58:53.0409 0488  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:58:53.0425 0488  PerfHost - ok
18:58:53.0487 0488  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\WINDOWS\system32\pla.dll
18:58:53.0534 0488  pla - ok
18:58:53.0565 0488  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:58:53.0581 0488  PlugPlay - ok
18:58:53.0597 0488  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:58:53.0628 0488  PNRPAutoReg - ok
18:58:53.0675 0488  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:58:53.0706 0488  PNRPsvc - ok
18:58:53.0737 0488  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:58:53.0784 0488  PolicyAgent - ok
18:58:53.0815 0488  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\WINDOWS\system32\umpo.dll
18:58:53.0831 0488  Power - ok
18:58:53.0877 0488  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:58:53.0893 0488  PptpMiniport - ok
18:58:53.0987 0488  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
18:58:54.0080 0488  PrintNotify - ok
18:58:54.0127 0488  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:58:54.0143 0488  Processor - ok
18:58:54.0158 0488  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:58:54.0189 0488  ProfSvc - ok
18:58:54.0221 0488  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:58:54.0252 0488  Psched - ok
18:58:54.0283 0488  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:58:54.0314 0488  QWAVE - ok
18:58:54.0314 0488  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:58:54.0330 0488  QWAVEdrv - ok
18:58:54.0361 0488  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:58:54.0392 0488  RasAcd - ok
18:58:54.0408 0488  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
18:58:54.0439 0488  RasAgileVpn - ok
18:58:54.0470 0488  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:58:54.0501 0488  RasAuto - ok
18:58:54.0533 0488  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:58:54.0548 0488  Rasl2tp - ok
18:58:54.0595 0488  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:58:54.0626 0488  RasMan - ok
18:58:54.0642 0488  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:58:54.0657 0488  RasPppoe - ok
18:58:54.0673 0488  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
18:58:54.0689 0488  RasSstp - ok
18:58:54.0720 0488  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:58:54.0735 0488  rdbss - ok
18:58:54.0751 0488  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:58:54.0767 0488  rdpbus - ok
18:58:54.0782 0488  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:58:54.0798 0488  RDPDR - ok
18:58:54.0829 0488  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:58:54.0845 0488  RdpVideoMiniport - ok
18:58:54.0876 0488  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:58:54.0907 0488  RDPWD - ok
18:58:54.0923 0488  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:58:54.0938 0488  rdyboost - ok
18:58:54.0969 0488  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:58:55.0001 0488  RemoteAccess - ok
18:58:55.0032 0488  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:58:55.0063 0488  RemoteRegistry - ok
18:58:55.0094 0488  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:58:55.0110 0488  RpcEptMapper - ok
18:58:55.0141 0488  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:58:55.0157 0488  RpcLocator - ok
18:58:55.0188 0488  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:58:55.0203 0488  RpcSs - ok
18:58:55.0219 0488  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:58:55.0250 0488  rspndr - ok
18:58:55.0281 0488  [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64         C:\WINDOWS\system32\DRIVERS\netr6164.sys
18:58:55.0297 0488  rt61x64 - ok
18:58:55.0328 0488  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:58:55.0375 0488  RTL8168 - ok
18:58:55.0391 0488  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:58:55.0391 0488  s3cap - ok
18:58:55.0406 0488  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\WINDOWS\system32\lsass.exe
18:58:55.0422 0488  SamSs - ok
18:58:55.0453 0488  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:58:55.0469 0488  sbp2port - ok
18:58:55.0500 0488  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:58:55.0515 0488  SCardSvr - ok
18:58:55.0547 0488  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:58:55.0578 0488  scfilter - ok
18:58:55.0625 0488  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:58:55.0671 0488  Schedule - ok
18:58:55.0703 0488  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:58:55.0718 0488  SCPolicySvc - ok
18:58:55.0749 0488  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:58:55.0765 0488  sdbus - ok
18:58:55.0781 0488  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
18:58:55.0796 0488  SDRSVC - ok
18:58:55.0827 0488  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:58:55.0827 0488  sdstor - ok
18:58:55.0843 0488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:58:55.0859 0488  secdrv - ok
18:58:55.0890 0488  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:58:55.0905 0488  seclogon - ok
18:58:55.0937 0488  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\WINDOWS\System32\sens.dll
18:58:55.0968 0488  SENS - ok
18:58:55.0983 0488  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:58:55.0999 0488  SensrSvc - ok
18:58:56.0015 0488  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:58:56.0030 0488  SerCx - ok
18:58:56.0061 0488  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:58:56.0077 0488  Serenum - ok
18:58:56.0108 0488  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:58:56.0124 0488  Serial - ok
18:58:56.0155 0488  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:58:56.0171 0488  sermouse - ok
18:58:56.0217 0488  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:58:56.0233 0488  SessionEnv - ok
18:58:56.0311 0488  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:58:56.0342 0488  sfloppy - ok
18:58:56.0389 0488  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:58:56.0436 0488  SharedAccess - ok
18:58:56.0483 0488  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:58:56.0514 0488  ShellHWDetection - ok
18:58:56.0545 0488  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:58:56.0561 0488  SiSRaid2 - ok
18:58:56.0576 0488  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:58:56.0592 0488  SiSRaid4 - ok
18:58:56.0623 0488  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:58:56.0639 0488  SkypeUpdate - ok
18:58:56.0670 0488  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:58:56.0701 0488  SNMPTRAP - ok
18:58:56.0732 0488  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:58:56.0748 0488  spaceport - ok
18:58:56.0763 0488  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:58:56.0795 0488  SpbCx - ok
18:58:56.0841 0488  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:58:56.0857 0488  Spooler - ok
18:58:56.0951 0488  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:58:57.0107 0488  sppsvc - ok
18:58:57.0185 0488  [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP           C:\WINDOWS\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
18:58:57.0231 0488  SRTSP - ok
18:58:57.0247 0488  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\WINDOWS\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
18:58:57.0247 0488  SRTSPX - ok
18:58:57.0278 0488  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:58:57.0309 0488  srv - ok
18:58:57.0341 0488  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:58:57.0372 0488  srv2 - ok
18:58:57.0387 0488  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:58:57.0403 0488  srvnet - ok
18:58:57.0450 0488  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:58:57.0465 0488  SSDPSRV - ok
18:58:57.0497 0488  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:58:57.0512 0488  SstpSvc - ok
18:58:57.0528 0488  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:58:57.0528 0488  stexstor - ok
18:58:57.0575 0488  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:58:57.0606 0488  stisvc - ok
18:58:57.0637 0488  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:58:57.0653 0488  storahci - ok
18:58:57.0653 0488  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
18:58:57.0668 0488  storflt - ok
18:58:57.0684 0488  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:58:57.0699 0488  StorSvc - ok
18:58:57.0731 0488  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:58:57.0746 0488  storvsc - ok
18:58:57.0777 0488  [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
18:58:57.0793 0488  storvsp - ok
18:58:57.0809 0488  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:58:57.0840 0488  svsvc - ok
18:58:57.0855 0488  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:58:57.0871 0488  swenum - ok
18:58:57.0902 0488  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\WINDOWS\System32\swprv.dll
18:58:57.0949 0488  swprv - ok
18:58:57.0980 0488  [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS           C:\WINDOWS\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
18:58:58.0011 0488  SymDS - ok
18:58:58.0027 0488  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\WINDOWS\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
18:58:58.0074 0488  SymEFA - ok
18:58:58.0105 0488  [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM         C:\WINDOWS\system32\drivers\N360x64\1403000.024\SymELAM.sys
18:58:58.0121 0488  SymELAM - ok
18:58:58.0152 0488  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:58:58.0167 0488  SymEvent - ok
18:58:58.0199 0488  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\WINDOWS\system32\drivers\N360x64\1403000.024\Ironx64.SYS
18:58:58.0214 0488  SymIRON - ok
18:58:58.0230 0488  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\WINDOWS\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
18:58:58.0245 0488  SymNetS - ok
18:58:58.0292 0488  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:58:58.0339 0488  SysMain - ok
18:58:58.0370 0488  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:58:58.0401 0488  SystemEventsBroker - ok
18:58:58.0433 0488  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:58:58.0448 0488  TabletInputService - ok
18:58:58.0479 0488  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:58:58.0495 0488  TapiSrv - ok
18:58:58.0542 0488  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:58:58.0667 0488  Tcpip - ok
18:58:58.0698 0488  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:58:58.0745 0488  TCPIP6 - ok
18:58:58.0791 0488  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:58:58.0807 0488  tcpipreg - ok
18:58:58.0807 0488  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:58:58.0838 0488  tdx - ok
18:58:58.0869 0488  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:58:58.0885 0488  terminpt - ok
18:58:58.0901 0488  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\WINDOWS\System32\termsrv.dll
18:58:58.0947 0488  TermService - ok
18:58:58.0979 0488  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\WINDOWS\system32\themeservice.dll
18:58:59.0010 0488  Themes - ok
18:58:59.0041 0488  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:58:59.0041 0488  THREADORDER - ok
18:58:59.0072 0488  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:58:59.0072 0488  TimeBroker - ok
18:58:59.0103 0488  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:58:59.0119 0488  TPM - ok
18:58:59.0150 0488  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:58:59.0166 0488  TrkWks - ok
18:58:59.0213 0488  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:58:59.0244 0488  TrustedInstaller - ok
18:58:59.0275 0488  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:58:59.0291 0488  TsUsbFlt - ok
18:58:59.0322 0488  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:58:59.0337 0488  TsUsbGD - ok
18:58:59.0353 0488  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:58:59.0369 0488  tunnel - ok
18:58:59.0400 0488  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:58:59.0400 0488  uagp35 - ok
18:58:59.0431 0488  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:58:59.0447 0488  UASPStor - ok
18:58:59.0462 0488  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:58:59.0478 0488  UCX01000 - ok
18:58:59.0509 0488  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:58:59.0540 0488  udfs - ok
18:58:59.0571 0488  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:58:59.0603 0488  UI0Detect - ok
18:58:59.0618 0488  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:58:59.0634 0488  uliagpkx - ok
18:58:59.0649 0488  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:58:59.0681 0488  umbus - ok
18:58:59.0681 0488  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:58:59.0712 0488  UmPass - ok
18:58:59.0743 0488  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:58:59.0759 0488  UmRdpService - ok
18:58:59.0805 0488  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:58:59.0821 0488  upnphost - ok
18:58:59.0852 0488  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
18:58:59.0868 0488  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:58:59.0868 0488  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:58:59.0883 0488  [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
18:58:59.0915 0488  usbaudio - ok
18:58:59.0930 0488  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:58:59.0961 0488  usbccgp - ok
18:58:59.0993 0488  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:59:00.0024 0488  usbcir - ok
18:59:00.0039 0488  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:59:00.0055 0488  usbehci - ok
18:59:00.0086 0488  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:59:00.0117 0488  usbhub - ok
18:59:00.0133 0488  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:59:00.0164 0488  USBHUB3 - ok
18:59:00.0180 0488  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:59:00.0195 0488  usbohci - ok
18:59:00.0211 0488  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:59:00.0227 0488  usbprint - ok
18:59:00.0258 0488  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:59:00.0273 0488  usbscan - ok
18:59:00.0289 0488  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:59:00.0305 0488  USBSTOR - ok
18:59:00.0320 0488  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:59:00.0336 0488  usbuhci - ok
18:59:00.0367 0488  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:59:00.0398 0488  usbvideo - ok
18:59:00.0414 0488  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:59:00.0429 0488  USBXHCI - ok
18:59:00.0429 0488  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:59:00.0445 0488  VaultSvc - ok
18:59:00.0476 0488  [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
18:59:00.0492 0488  VBoxNetAdp - ok
18:59:00.0507 0488  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:59:00.0523 0488  vdrvroot - ok
18:59:00.0554 0488  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\WINDOWS\System32\vds.exe
18:59:00.0585 0488  vds - ok
18:59:00.0601 0488  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:59:00.0617 0488  VerifierExt - ok
18:59:00.0632 0488  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:59:00.0663 0488  vhdmp - ok
18:59:00.0663 0488  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:59:00.0679 0488  viaide - ok
18:59:00.0710 0488  [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
18:59:00.0726 0488  Vid - ok
18:59:00.0757 0488  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:59:00.0757 0488  vmbus - ok
18:59:00.0788 0488  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:59:00.0788 0488  VMBusHID - ok
18:59:00.0819 0488  [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
18:59:00.0819 0488  vmbusr - ok
18:59:00.0866 0488  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:59:00.0882 0488  vmicheartbeat - ok
18:59:00.0897 0488  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:59:00.0913 0488  vmickvpexchange - ok
18:59:00.0913 0488  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:59:00.0929 0488  vmicrdv - ok
18:59:00.0944 0488  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:59:00.0960 0488  vmicshutdown - ok
18:59:00.0960 0488  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:59:00.0975 0488  vmictimesync - ok
18:59:00.0991 0488  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:59:01.0007 0488  vmicvss - ok
18:59:01.0022 0488  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:59:01.0022 0488  volmgr - ok
18:59:01.0053 0488  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:59:01.0085 0488  volmgrx - ok
18:59:01.0100 0488  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:59:01.0116 0488  volsnap - ok
18:59:01.0131 0488  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:59:01.0147 0488  vpci - ok
18:59:01.0163 0488  [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
18:59:01.0178 0488  vpcivsp - ok
18:59:01.0209 0488  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:59:01.0225 0488  vsmraid - ok
18:59:01.0272 0488  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\WINDOWS\system32\vssvc.exe
18:59:01.0334 0488  VSS - ok
18:59:01.0365 0488  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:59:01.0381 0488  VSTXRAID - ok
18:59:01.0397 0488  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:59:01.0412 0488  vwifibus - ok
18:59:01.0412 0488  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:59:01.0428 0488  vwififlt - ok
18:59:01.0443 0488  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:59:01.0459 0488  vwifimp - ok
18:59:01.0521 0488  [ E13B31E0ADA64CF1513D993F436CA39D ] VX3000          C:\WINDOWS\system32\DRIVERS\VX3000.sys
18:59:01.0584 0488  VX3000 - ok
18:59:01.0631 0488  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:59:01.0662 0488  W32Time - ok
18:59:01.0740 0488  [ 901CC968412F8155B08D7ABE0171166A ] W3SVC           C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:59:01.0755 0488  W3SVC - ok
18:59:01.0771 0488  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:59:01.0787 0488  WacomPen - ok
18:59:01.0818 0488  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:59:01.0818 0488  Wanarp - ok
18:59:01.0833 0488  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:59:01.0849 0488  Wanarpv6 - ok
18:59:01.0865 0488  [ 901CC968412F8155B08D7ABE0171166A ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:59:01.0880 0488  WAS - ok
18:59:01.0927 0488  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:59:01.0989 0488  wbengine - ok
18:59:02.0021 0488  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:59:02.0052 0488  WbioSrvc - ok
18:59:02.0067 0488  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:59:02.0083 0488  Wcmsvc - ok
18:59:02.0114 0488  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:59:02.0145 0488  wcncsvc - ok
18:59:02.0161 0488  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:59:02.0177 0488  WcsPlugInService - ok
18:59:02.0192 0488  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\WINDOWS\system32\drivers\wd.sys
18:59:02.0208 0488  Wd - ok
18:59:02.0239 0488  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:59:02.0255 0488  WdBoot - ok
18:59:02.0286 0488  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:59:02.0333 0488  Wdf01000 - ok
18:59:02.0348 0488  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:59:02.0364 0488  WdFilter - ok
18:59:02.0411 0488  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:59:02.0426 0488  WdiServiceHost - ok
18:59:02.0426 0488  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:59:02.0457 0488  WdiSystemHost - ok
18:59:02.0473 0488  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:59:02.0504 0488  WebClient - ok
18:59:02.0535 0488  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:59:02.0551 0488  Wecsvc - ok
18:59:02.0582 0488  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:59:02.0598 0488  wercplsupport - ok
18:59:02.0629 0488  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:59:02.0660 0488  WerSvc - ok
18:59:02.0691 0488  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:59:02.0691 0488  WFPLWFS - ok
18:59:02.0723 0488  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:59:02.0754 0488  WiaRpc - ok
18:59:02.0785 0488  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:59:02.0785 0488  WIMMount - ok
18:59:02.0816 0488  WinDefend - ok
18:59:02.0863 0488  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:59:02.0879 0488  WinHttpAutoProxySvc - ok
18:59:02.0941 0488  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:59:02.0957 0488  Winmgmt - ok
18:59:03.0035 0488  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:59:03.0144 0488  WinRM - ok
18:59:03.0206 0488  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
18:59:03.0269 0488  WinUsb - ok
18:59:03.0315 0488  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:59:03.0362 0488  WlanSvc - ok
18:59:03.0425 0488  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:59:03.0581 0488  wlidsvc - ok
18:59:03.0612 0488  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:59:03.0612 0488  WmiAcpi - ok
18:59:03.0674 0488  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:59:03.0705 0488  wmiApSrv - ok
18:59:03.0737 0488  WMPNetworkSvc - ok
18:59:03.0752 0488  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:59:03.0768 0488  wpcfltr - ok
18:59:03.0799 0488  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:59:03.0815 0488  WPCSvc - ok
18:59:03.0846 0488  [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:59:03.0861 0488  WPDBusEnum - ok
18:59:03.0861 0488  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:59:03.0893 0488  WpdUpFltr - ok
18:59:03.0908 0488  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:59:03.0924 0488  ws2ifsl - ok
18:59:03.0939 0488  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:59:03.0955 0488  wscsvc - ok
18:59:03.0955 0488  WSearch - ok
18:59:04.0002 0488  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\WINDOWS\System32\WSService.dll
18:59:04.0127 0488  WSService - ok
18:59:04.0205 0488  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:59:04.0298 0488  wuauserv - ok
18:59:04.0345 0488  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:59:04.0376 0488  WudfPf - ok
18:59:04.0392 0488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:59:04.0407 0488  WUDFRd - ok
18:59:04.0423 0488  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:59:04.0439 0488  wudfsvc - ok
18:59:04.0439 0488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:59:04.0454 0488  WUDFWpdFs - ok
18:59:04.0470 0488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:59:04.0470 0488  WUDFWpdMtp - ok
18:59:04.0501 0488  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:59:04.0532 0488  WwanSvc - ok
18:59:04.0548 0488  ================ Scan global ===============================
18:59:04.0595 0488  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll
18:59:04.0610 0488  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll
18:59:04.0626 0488  [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll
18:59:04.0657 0488  [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe
18:59:04.0657 0488  [Global] - ok
18:59:04.0657 0488  ================ Scan MBR ==================================
18:59:04.0673 0488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:59:05.0343 0488  \Device\Harddisk0\DR0 - ok
18:59:05.0359 0488  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
18:59:07.0637 0488  \Device\Harddisk1\DR1 - ok
18:59:07.0637 0488  ================ Scan VBR ==================================
18:59:07.0637 0488  [ 4A755D96E49F69C619EDB06E29974177 ] \Device\Harddisk0\DR0\Partition1
18:59:07.0637 0488  \Device\Harddisk0\DR0\Partition1 - ok
18:59:07.0668 0488  [ 56ACAB07268653601D6771A4EAB0DDD3 ] \Device\Harddisk0\DR0\Partition2
18:59:07.0683 0488  \Device\Harddisk0\DR0\Partition2 - ok
18:59:07.0683 0488  [ 3C86E7712B52FA115A1064D2DE77EA04 ] \Device\Harddisk1\DR1\Partition1
18:59:07.0683 0488  \Device\Harddisk1\DR1\Partition1 - ok
18:59:07.0683 0488  ============================================================
18:59:07.0683 0488  Scan finished
18:59:07.0683 0488  ============================================================
18:59:07.0699 0340  Detected object count: 2
18:59:07.0699 0340  Actual detected object count: 2
18:59:17.0324 0340  ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:17.0324 0340  ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:17.0324 0340  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:17.0324 0340  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:24.0298 5744  Deinitialize success


Alt 20.03.2013, 11:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> GMX-Fremdzugriff - Fortsetzung

Alt 20.03.2013, 19:48   #7
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Code:
ATTFilter
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 8 Pro x64
Ran by Stefan on 20.03.2013 at 19:14:17,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Failed to delete: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Failed to delete: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Failed to delete: [Registry Key] hkey_classes_root\wow6432node\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Failed to delete: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Stefan\appdata\local\swvupdater"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.03.2013 at 19:20:46,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 20/03/2013 um 19:22:56 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Users\Stefan\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\a53dedae134eb13
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5f99b19701411b5b611d3bb2ee2d2b68
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a53dedae134eb13
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\aai2wk9e.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S5].txt - [2448 octets] - [20/03/2013 19:22:56]

########## EOF - C:\AdwCleaner[S5].txt - [2508 octets] ##########
Code:
ATTFilter
OTL logfile created on: 20.03.2013 19:28:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,56 Gb Available Physical Memory | 75,93% Memory free
12,00 Gb Paging File | 10,55 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 491,29 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 401,07 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive E: | 13,84 Gb Total Space | 1,93 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive F: | 236,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (ClassicShellService) -- C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\Drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\Drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\Drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\Drivers\lirsgt.sys ()
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\Drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\Drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\Drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130320.006\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130320.006\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130319.002\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 7F 8C 32 B9 1F CC 01  [binary data]
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\..\SearchScopes\{BDCB0600-0332-4771-9D94-148955443118}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013.03.16 19:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012.11.21 21:46:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.16 20:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 20:23:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.16 20:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 20:23:25 | 000,000,000 | ---D | M]
 
[2013.03.16 17:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2013.03.16 17:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\aai2wk9e.default\extensions
[2013.03.16 17:35:40 | 000,615,654 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\aai2wk9e.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.03.16 20:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.16 20:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.16 20:23:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 23:34:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 23:34:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 23:34:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 23:34:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 23:34:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 23:34:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O3 - HKU\S-1-5-21-3457433084-3173931118-2636661174-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun File not found
O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB488BB-3F76-438A-AE0B-A234FD9B60CB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.14 18:59:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.20 19:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.03.20 19:13:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.20 19:13:30 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Stefan\Desktop\JRT.exe
[2013.03.19 18:55:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stefan\Documents\tdsskiller.exe
[2013.03.18 18:51:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Stefan\Documents\aswMBR.exe
[2013.03.18 18:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.18 18:26:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\mbar-1.01.0.1021
[2013.03.17 22:03:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.03.17 17:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.16 21:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.16 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.16 20:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop
[2013.03.16 19:52:02 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2013.03.16 19:52:01 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2013.03.16 19:51:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2013.03.16 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2013.03.16 17:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.12 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013.03.12 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.12 20:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.03.12 20:50:22 | 023,008,800 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Stefan\Documents\SUPER14AntiSpyware.exe
[2013.03.12 20:29:39 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013.03.12 20:29:38 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013.03.12 20:29:36 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013.03.12 20:29:36 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013.03.12 20:29:36 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013.03.12 20:29:36 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013.03.12 20:29:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.03.12 20:29:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.03.12 20:29:09 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.03.12 20:29:09 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.03.12 20:29:09 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.03.12 20:29:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2013.03.12 20:29:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2013.03.12 20:29:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2013.03.12 20:29:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll
[2013.03.12 20:29:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.03.12 20:29:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll
[2013.03.12 20:29:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2013.03.12 20:28:35 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2013.03.12 20:28:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2013.03.12 20:28:33 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2013.03.12 20:28:31 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2013.03.12 20:28:31 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013.03.12 20:28:28 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013.03.12 20:28:27 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2013.03.12 20:28:27 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlroamextension.dll
[2013.03.12 20:28:27 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWanAPI.dll
[2013.03.12 20:28:27 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netprofmsvc.dll
[2013.03.12 20:28:27 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2013.03.12 20:28:27 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncsi.dll
[2013.03.12 20:28:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2013.03.12 20:28:26 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2013.03.12 20:28:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpd_ci.dll
[2013.03.12 20:28:26 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2013.03.12 20:28:26 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlroamextension.dll
[2013.03.12 20:28:26 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWanAPI.dll
[2013.03.12 20:28:26 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2013.03.12 20:28:26 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2013.03.12 20:28:26 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hotspotauth.dll
[2013.03.12 20:28:26 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsRasterService.dll
[2013.03.12 20:28:26 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll
[2013.03.12 20:28:26 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.12 20:28:26 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll
[2013.03.12 20:28:26 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsRasterService.dll
[2013.03.12 20:28:26 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskkill.exe
[2013.03.12 20:28:26 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tasklist.exe
[2013.03.12 20:28:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2013.03.12 20:28:26 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tasklist.exe
[2013.03.12 20:28:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\taskkill.exe
[2013.03.12 20:28:26 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\crashdmp.sys
[2013.03.12 20:28:26 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys
[2013.03.12 20:28:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmproxy.dll
[2013.03.12 20:28:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmsprep.dll
[2013.03.12 20:28:12 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2013.03.12 20:28:11 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2013.03.11 20:23:20 | 046,023,440 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\Stefan\Documents\MFC-5490CN-inst-win8-A1.EXE
[2013.03.10 12:50:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\NPE
[2013.03.09 10:21:43 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013.03.09 10:21:28 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013.03.02 10:44:12 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2013.03.02 10:44:12 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2013.03.02 10:44:12 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2013.03.02 10:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.20 19:31:34 | 002,040,954 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.03.20 19:31:34 | 000,867,886 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.03.20 19:31:34 | 000,806,384 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.03.20 19:31:34 | 000,198,384 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.03.20 19:31:34 | 000,166,582 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.03.20 19:26:34 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.20 19:24:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.20 19:24:28 | 536,256,511 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.20 19:22:29 | 000,609,993 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2013.03.20 19:13:43 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Stefan\Desktop\JRT.exe
[2013.03.19 21:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.19 18:56:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stefan\Documents\tdsskiller.exe
[2013.03.18 19:10:48 | 000,111,280 | ---- | M] () -- C:\Users\Stefan\Documents\Fehlermeldung.JPG
[2013.03.18 18:53:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Stefan\Documents\aswMBR.exe
[2013.03.18 18:26:38 | 013,786,977 | ---- | M] () -- C:\Users\Stefan\Documents\mbar-1.01.0.1021.zip
[2013.03.17 22:17:20 | 000,377,856 | ---- | M] () -- C:\Users\Stefan\Documents\gmer_2.1.19155.exe
[2013.03.17 22:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2013.03.17 22:03:00 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2013.03.17 22:02:22 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Documents\Defogger.exe
[2013.03.16 20:04:12 | 002,217,713 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013.03.16 19:55:48 | 001,054,248 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.03.16 17:35:21 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.16 17:26:42 | 000,001,936 | ---- | M] () -- C:\{DC16E5E3-51B3-4E14-A412-E625DA0AFEE5}
[2013.03.13 21:14:28 | 000,002,640 | ---- | M] () -- C:\{767D88AC-1AFE-49F1-BC1A-B9E39CA080BB}
[2013.03.12 20:51:10 | 023,008,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Stefan\Documents\SUPER14AntiSpyware.exe
[2013.03.12 20:18:12 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013.03.12 20:18:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2013.03.11 20:33:32 | 046,023,440 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\Stefan\Documents\MFC-5490CN-inst-win8-A1.EXE
[2013.03.09 11:27:21 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.09 11:25:52 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013.03.09 10:21:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013.03.09 10:21:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013.03.09 10:21:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2013.03.09 10:21:19 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013.03.09 10:21:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013.03.09 10:21:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013.03.06 00:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.03.06 00:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.02 10:13:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.03.02 09:22:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2013.03.02 03:44:30 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2013.02.24 11:34:02 | 000,108,449 | ---- | M] () -- C:\Users\Stefan\ESt2012_Zimmermann_Stefan.elfo
[2013.02.23 17:59:24 | 000,000,129 | ---- | M] () -- C:\WINDOWS\SysWow64\~.inf
[2013.02.23 17:46:40 | 000,928,097 | ---- | M] () -- C:\Users\Stefan\Documents\Anna Gemüsebilder.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.20 19:22:28 | 000,609,993 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2013.03.18 19:10:48 | 000,111,280 | ---- | C] () -- C:\Users\Stefan\Documents\Fehlermeldung.JPG
[2013.03.18 18:26:17 | 013,786,977 | ---- | C] () -- C:\Users\Stefan\Documents\mbar-1.01.0.1021.zip
[2013.03.17 22:17:17 | 000,377,856 | ---- | C] () -- C:\Users\Stefan\Documents\gmer_2.1.19155.exe
[2013.03.17 22:03:00 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2013.03.17 22:02:21 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Documents\Defogger.exe
[2013.03.16 19:55:48 | 001,054,248 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.03.16 17:35:21 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.16 17:35:21 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.16 17:26:41 | 000,001,936 | ---- | C] () -- C:\{DC16E5E3-51B3-4E14-A412-E625DA0AFEE5}
[2013.03.13 21:14:28 | 000,002,640 | ---- | C] () -- C:\{767D88AC-1AFE-49F1-BC1A-B9E39CA080BB}
[2013.03.02 10:13:09 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.23 20:00:11 | 000,108,449 | ---- | C] () -- C:\Users\Stefan\ESt2012_Zimmermann_Stefan.elfo
[2013.02.23 17:46:39 | 000,928,097 | ---- | C] () -- C:\Users\Stefan\Documents\Anna Gemüsebilder.pdf
[2013.02.22 16:20:18 | 000,001,466 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paint (2).lnk
[2013.01.12 10:19:12 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.30 22:38:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012.11.06 20:19:32 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.06 19:08:23 | 000,000,197 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\burnaware.ini
[2012.10.28 22:55:52 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.10.27 22:26:40 | 001,968,878 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012.10.27 22:23:49 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.10.27 22:23:49 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012.07.27 19:49:20 | 000,000,040 | ---- | C] () -- C:\ProgramData\aknhqwdnwnsgria
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012.03.21 22:35:50 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2012.01.13 23:47:03 | 000,138,015 | ---- | C] () -- C:\Users\Stefan\ESt2011_Zimmermann_Stefan.elfo
[2012.01.06 18:58:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI
[2011.12.30 17:08:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2011.07.01 16:32:08 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.05.31 21:13:42 | 000,001,036 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011.05.31 21:13:42 | 000,000,161 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011.05.31 21:13:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\BrMuSNMP.dll
[2011.05.31 21:12:59 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011.05.31 21:12:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1372 bytes -> C:\Users\Stefan\Documents\Kennziffer  P-12_110 - Bewerbung um die Stelle als Sachbearbeiter in der Abteilung für Personal und Organisation.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2C57161

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 20.03.2013 19:28:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,56 Gb Available Physical Memory | 75,93% Memory free
12,00 Gb Paging File | 10,55 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 491,29 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 401,07 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive E: | 13,84 Gb Total Space | 1,93 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive F: | 236,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06ABE5AC-5EC0-4A43-A113-27482B3DAA17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0F4018C7-F518-4443-B808-6E5971D28E3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44316C54-BBA5-42C6-86A9-889C11C945C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5FFDA51B-F2EC-40CF-8BBB-56A94732EBC7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5FFFC276-251D-45A9-B77C-6DB2BB417F36}" = lport=49318 | protocol=6 | dir=in | name=akamai netsession interface | 
"{615219D7-8DE9-410A-896B-67D323EBF454}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6567B83B-EA91-4F5A-8FB8-B54081DEF4DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{733592F1-0A6F-4A46-AC4C-46A3217A6FC7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{786A922C-DB40-47C4-8707-07ECE02AC286}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{79B7E2FB-564A-47BB-B9D8-028ADA5ADCC5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{7ABC9882-24BC-4B1E-A18D-224C5A024FE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EDD7CB4-FB0D-4B60-8DEB-0222664ED636}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A0BC5ED0-A164-4B22-8219-07F0FB8E6C05}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{AA0EC870-AD11-4206-86FA-E15CD88D5AF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA46AB6B-9AE2-4A7F-8C7A-8FCB71BBEA63}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE2D5755-BB90-4DA7-852A-4FC0C1FD0C1D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C459CDE0-9717-4705-9613-A8687C789B2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5CA0D9C-C68A-4F55-95A4-F7366193F9D1}" = lport=49183 | protocol=6 | dir=in | name=akamai netsession interface | 
"{C7A46DBE-737E-477B-8A12-0F4BAC686F82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0454E74B-B645-4C2F-AC88-0F65E906F69D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{0C611A1E-2FC0-4FD4-BDE4-93E1748845E6}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{0CE96268-13A3-4BB7-A2CA-B3E073D5B234}" = dir=in | app=c:\users\stefan\appdata\local\microsoft\skydrive\skydrive.exe | 
"{19EF2980-2FCC-480B-BCDD-4BC092DCE2CE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1AD505CD-D8AD-4F20-9806-942834DD19BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FB337C0-0294-4C32-AE4D-876C0798F4FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23F4D3A4-2431-44B3-AA6F-9EA4D25CCBBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{286146F1-4AD8-446E-8D7F-6B05CD3ADC22}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{313332B1-84C4-435F-BAD6-675FA7CF1B5C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3605C9AD-29CA-4C6A-9C1B-E791A9FEE944}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\icqm\icq.exe | 
"{392E1694-B839-402A-8F1E-2A028893C92D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{4026DEA9-AE64-4EF9-BB16-BA1335F8F496}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{46F5C791-1476-4BB8-83A1-CE82E09E91C8}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{4E6BAF2C-20BB-410A-8AD8-BBC8F7001F5B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4F93D4E9-F564-45B3-8C1E-7A7EDA096AAB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{50D7086B-3318-4587-8686-21C153F21807}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{56EFEE22-1FF9-47BE-B38F-DCD7978077EF}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{578F1D6E-F99D-49AB-9983-6B56BE9CDC96}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
"{61CAC80D-A27B-4DA3-9A72-58938DDF5C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{63BAF5F9-40F0-475D-A196-1E151779F4B4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7417E2F8-380D-44D5-BE9F-D0AC6565BE0C}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{772DE3C3-1D40-4408-9147-4CCEC1310987}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
"{794090FF-0BF3-4EB3-9DF8-7DDAA423028A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8493DD97-F0BC-4B7C-B3AA-7134208E7343}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{8F7FBFAD-4CD8-4B5E-961C-55839BBB8FE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{95A7E9B4-0D8C-4E13-8605-7EE9364896B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{969DD105-DADA-4C3C-8F31-CE4FCD6299D5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9FBD8499-1ECC-49E1-900A-C349BE99AFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A69D142F-8EBB-4D95-AB96-C2078940C6C0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A7D83B6F-4B2E-4DDA-AB92-E73D6977868F}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\icqm\icq.exe | 
"{B4D7B72D-6945-4C0D-A303-BD430450DB6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC38A022-E600-4825-B8EE-B42738380B84}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{BE217227-2453-443B-A73E-5B7F5382482B}" = protocol=6 | dir=out | app=system | 
"{C31617EC-5BAD-4775-A57E-F770637F7473}" = dir=out | name=windows_ie_ac_001 | 
"{C4F98F4A-5226-4550-A891-59CB3929F499}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{C519D382-579F-48CD-A1B1-403C367DF4B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA086723-065B-438A-B3F4-A1DDEF0F85D3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{CE89F4D5-E705-4D42-B613-05EB07553DB8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{D2E5A37D-52C0-404A-8739-5252E6CFBFC7}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DF704350-A41A-4059-B35D-15D8BEBE5F11}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EAE385FD-A626-4917-A74F-85CF976953BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EB0EF784-5686-406A-A345-8CB924B0D911}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FCE1F482-DA59-401B-B998-937527E40319}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"TCP Query User{0A14DB61-D63C-4E4B-BB14-B5F445E6D3F9}C:\users\stefan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{CB6FED15-674F-4054-8F86-BFFDB53F5AE9}C:\users\stefan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5AF3560C-09BA-426F-BFA0-FEF0A94A9D8B}" = Microsoft Corporation
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EC9E7BB-2443-49B1-8476-490EBF932C2E}" = Microsoft LifeCam
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51B5CAB0-6F72-4086-BB0D-42D0BDC88F67}" = Hama WLAN PCI Card
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1CF7B76-682D-4547-AA96-11B659A2CEAC}" = Microsoft Corporation
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"PROR" = Microsoft Office Professional 2007
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3457433084-3173931118-2636661174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.07.2012 14:50:11 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Error - 28.07.2012 03:31:04 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 29.07.2012 04:15:08 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 30.07.2012 12:48:43 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 31.07.2012 10:49:57 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 31.07.2012 14:16:58 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 31.07.2012 16:24:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 01.08.2012 13:23:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 02.08.2012 12:57:08 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 03.08.2012 07:50:01 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
Error - 04.08.2012 05:08:03 | Computer Name = Stefan-PC | Source = WinMgmt | ID 
= 10
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >

Alt 20.03.2013, 23:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Irgendwas ging schief bei JRT, bitte wiederholen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.03.2013, 17:50   #9
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Ok, mach ich gerne:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 8 Pro x64
Ran by Stefan on 21.03.2013 at 17:40:07,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 17:48:32,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alt 22.03.2013, 10:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.03.2013, 19:35   #11
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Das klingt doch gut

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.22.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Stefan :: STEFAN-PC [Administrator]

22.03.2013 16:35:17
mbam-log-2013-03-22 (16-35-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270626
Laufzeit: 3 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=909725879aafc946904a09d7ca4f496c
# engine=13407
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-17 07:35:59
# local_time=2013-03-17 08:35:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode=3592 16777213 100 91 88776 114211455 0 0
# compatibility_mode=5893 16776574 100 94 88908 23055070 0 0
# scanned=224088
# found=0
# cleaned=0
# scan_time=9882
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=909725879aafc946904a09d7ca4f496c
# engine=13457
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-22 06:13:41
# local_time=2013-03-22 07:13:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=3592 16777213 100 91 519438 114638517 0 0
# compatibility_mode=5893 16776574 100 94 519570 23482132 0 0
# scanned=215995
# found=0
# cleaned=0
# scan_time=9160

Alt 23.03.2013, 10:08   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.03.2013, 10:25   #13
Stevie-1984
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Sonst habe ich keine Beschwerden, alles wieder bestens - tausend Dank für deine Hilfe!

Alt 23.03.2013, 16:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Fortsetzung - Standard

GMX-Fremdzugriff - Fortsetzung


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu GMX-Fremdzugriff - Fortsetzung
akamai, bho, bonjour, down, error, firefox, flash player, format, helper, iexplore.exe, logfile, mozilla, msvcrt, object, office 2007, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, udp, windows, wlan


« MacIntosh | 2 Trojaner gefunden: P2P.Worm und ZbotR.Gen »


Ähnliche Themen: GMX-Fremdzugriff - Fortsetzung


  1. Fremdzugriff auf E-Mail, Amazon etc.
    Log-Analyse und Auswertung - 28.10.2015 (13)
  2. Fremdzugriff auf meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (8)
  3. Windows 7 : Vermutung auf Fremdzugriff
    Log-Analyse und Auswertung - 29.09.2014 (13)
  4. Fremdzugriff auf meinen PC?
    Log-Analyse und Auswertung - 02.03.2014 (7)
  5. Fremdzugriff auf meinem Computer
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  6. Fremdzugriff auf meinen PC
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (7)
  7. Fremdzugriff oder Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  8. Verschlüsselungs Trojaner Windows 7 64bit --> Fortsetzung
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  9. Fremdzugriff,überwachung des Netzwerkes.
    Alles rund um Windows - 13.06.2012 (8)
  10. Fremdzugriff auf meinen PC
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (17)
  11. Fremdzugriff?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (1)
  12. Fremdzugriff auf PC trotz Schutzprogramm?
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (7)
  13. Fremdzugriff auf PC-Logdatei checken
    Log-Analyse und Auswertung - 27.12.2009 (1)
  14. Fremdzugriff über vom Trojaner erstelltes
    Mülltonne - 30.09.2008 (1)
  15. Padodor.AG.2 / MBCJLI32.EXE (Hilfe~Thread Fortsetzung)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2005 (7)
  16. Das Erlebnis: Fremdzugriff auf meinen PC !!!
    Plagegeister aller Art und deren Bekämpfung - 03.10.2003 (27)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GMX-Fremdzugriff - Fortsetzung - Hallo, schon in meinem letzten Thread hatte ich darüber berichtet, dass ich aufgrund Fremdzugriffen auf mein GMX-Konto Keylogger/Trojaner auf Laptop und PC vermutet. Dank der wirklich tollen Hilfe von cosinus - GMX-Fremdzugriff - Fortsetzung...
Archiv
Du betrachtest: GMX-Fremdzugriff - Fortsetzung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131