| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2013, 09:25
| #1 |
| |  Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Hallo! Habe seit gestern ca. 10 "Mail Delivery Failed"t Nachrichten in meinem Freenet-Postfach entdeckt (Leider habe ich diese schon gelöscht und kann euch die Mails nicht mehr zeigen....). Ich habe bereits das Passwort für mein Postfach geändert und habe schon ein Malware, Antivir und OTL drüber laufen lassen. Ich hoffe ihr könnt mir helfen. Danke im Voraus. Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16580 13.06.2013 10:01:11 mbam-log-2013-06-13 (10-01-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211014 Laufzeit: 7 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Antivir Code:
ATTFilter Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 3486
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0
OTL 1 Code:
ATTFilter OTL logfile created on: 13.06.2013 10:05:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexandra\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,71 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 50,67% Memory free 6,83 Gb Paging File | 1,83 Gb Available in Paging File | 26,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 443,17 Gb Total Space | 373,71 Gb Free Space | 84,33% Space Free | Partition Type: NTFS Computer Name: LEXI | User Name: Alexandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 10:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe PRC - [2013.06.12 09:04:56 | 022,777,168 | ---- | M] (ArenaNet) -- C:\Users\Alexandra\Desktop\Guild Wars 2\Gw2.exe PRC - [2013.04.04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2013.03.14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2012.11.06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012.10.31 13:03:00 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.04.03 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.10.08 22:03:50 | 000,090,992 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.20 07:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.05.21 09:02:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.27 17:50:00 | 004,448,104 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2013.03.14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService) SRV - [2013.03.05 16:47:00 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2012.11.08 16:25:28 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012.10.31 13:57:44 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.10.31 13:03:00 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent) SRV - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.15 04:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.03 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 18:09:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.31 13:37:42 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.10.31 13:37:40 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.10.31 13:37:38 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.10.31 13:37:36 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.10.31 13:37:36 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.10.31 13:37:34 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.10.31 13:37:34 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.10.31 13:37:34 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.08 22:03:18 | 000,325,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.18 17:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.09.06 18:25:26 | 000,719,504 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.08.09 20:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.08.06 05:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2012.07.31 04:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.27 14:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.03 01:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.25 03:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {74BFD63A-383B-407D-8AC1-BDD4E79720F3} IE:64bit: - HKLM\..\SearchScopes\{74BFD63A-383B-407D-8AC1-BDD4E79720F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {74BFD63A-383B-407D-8AC1-BDD4E79720F3} IE - HKLM\..\SearchScopes\{74BFD63A-383B-407D-8AC1-BDD4E79720F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {74BFD63A-383B-407D-8AC1-BDD4E79720F3} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.04 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\mozilla\Extensions [2013.06.12 14:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.12 14:11:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AA4DACA-731E-4792-AFE3-63FD2A23C056}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6633FB3C-3779-4E69-BBA3-6C12697E867F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 10:03:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe [2013.06.13 09:44:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Malwarebytes [2013.06.13 09:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.13 09:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.13 09:44:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.06.13 09:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.13 09:07:07 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys [2013.06.13 08:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Avira [2013.06.13 08:23:31 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.13 08:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.13 08:21:40 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.06.13 08:21:40 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.06.13 08:21:40 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.06.13 08:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.13 08:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.13 08:08:00 | 000,000,000 | R--D | C] -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.12 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.06.12 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.08 08:05:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2013.06.08 08:05:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.06.08 08:05:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.06.08 08:05:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2013.06.08 08:05:47 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Canon [2013.06.08 08:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.06.08 07:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Benutzerregistrierung [2013.06.08 07:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.06.08 07:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.06.08 07:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.06.08 07:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.06.08 07:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual [2013.06.08 07:54:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.06.08 07:54:42 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information [2013.06.08 07:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series [2013.06.08 07:53:54 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.06.08 07:53:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING [2013.06.08 07:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.06.04 16:54:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.04 16:50:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Macromedia [2013.06.04 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Mozilla [2013.06.04 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Mozilla [2013.06.04 16:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.06.04 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.04 16:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Google [2013.06.04 15:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft [2013.06.04 10:40:34 | 000,000,000 | ---D | C] -- C:\Games [2013.06.04 10:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin Games [2013.06.04 10:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games [2013.06.01 15:03:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\bigfish [2013.05.30 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\FamilyRestaurant [2013.05.27 09:22:15 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\ViquaSoft [2013.05.26 17:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2013.05.26 17:33:58 | 000,000,000 | ---D | C] -- C:\GameHouse Games [2013.05.26 17:33:54 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\WinRAR [2013.05.23 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013.05.23 15:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2013.05.21 09:03:03 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo US [2013.05.21 09:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media [2013.05.21 09:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar [2013.05.21 09:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media [2013.05.21 09:00:49 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2013.05.20 16:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBit Games [2013.05.20 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames [2013.05.20 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youdagames [2013.05.20 16:13:35 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Youdagames [2013.01.28 19:14:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.13 10:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe [2013.06.13 09:45:00 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 09:44:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.13 09:33:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.13 09:07:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys [2013.06.13 08:23:15 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.13 08:21:56 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.13 08:07:28 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 08:07:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.12 14:12:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.12 14:02:31 | 002,362,670 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.12 14:02:31 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.12 14:02:31 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.12 14:02:31 | 000,484,676 | ---- | M] () -- C:\windows\SysNative\perfh011.dat [2013.06.12 14:02:31 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.12 14:02:31 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.12 14:02:31 | 000,132,552 | ---- | M] () -- C:\windows\SysNative\perfc011.dat [2013.06.08 07:55:32 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk [2013.06.07 08:15:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.07 08:15:47 | 3183,919,104 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 15:14:43 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.06.03 15:38:46 | 000,019,194 | ---- | M] () -- C:\Users\Alexandra\Desktop\einreise.gif [2013.06.03 15:38:46 | 000,006,983 | ---- | M] () -- C:\Users\Alexandra\Desktop\customs_01.gif [2013.06.03 13:39:11 | 000,374,344 | ---- | M] () -- C:\Users\Alexandra\Desktop\11-12.pdf [2013.05.23 07:48:52 | 003,311,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.21 19:21:07 | 000,447,819 | ---- | M] () -- C:\Users\Alexandra\Desktop\A380LH.pdf [2013.05.20 16:15:01 | 000,003,072 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage [2013.05.20 16:14:58 | 000,003,072 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\file__0.localstorage [2013.05.20 16:14:46 | 000,000,250 | ---- | M] () -- C:\Users\Public\Desktop\More Youda Games.url [2013.05.15 16:09:49 | 001,007,064 | ---- | M] () -- C:\Users\Alexandra\Desktop\Anl1_zu_FB1_ab2011.pdf [2013.05.15 16:09:00 | 001,250,503 | ---- | M] () -- C:\Users\Alexandra\Desktop\FB1_ab2011.pdf [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.13 09:44:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.13 08:21:55 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.12 14:11:58 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.12 14:11:54 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.08 07:55:32 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk [2013.06.08 07:54:36 | 000,068,096 | ---- | C] () -- C:\windows\SysWow64\CNC1754D.TBL [2013.06.04 16:40:13 | 000,001,126 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 16:40:04 | 000,001,122 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 15:14:43 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.06.03 15:39:19 | 000,006,983 | ---- | C] () -- C:\Users\Alexandra\Desktop\customs_01.gif [2013.06.03 15:39:14 | 000,019,194 | ---- | C] () -- C:\Users\Alexandra\Desktop\einreise.gif [2013.06.03 13:39:10 | 000,374,344 | ---- | C] () -- C:\Users\Alexandra\Desktop\11-12.pdf [2013.05.22 17:50:33 | 003,311,280 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.21 19:21:06 | 000,447,819 | ---- | C] () -- C:\Users\Alexandra\Desktop\A380LH.pdf [2013.05.21 09:02:35 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.20 16:14:59 | 000,003,072 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage [2013.05.20 16:14:58 | 000,003,072 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\file__0.localstorage [2013.05.20 16:14:46 | 000,000,250 | ---- | C] () -- C:\Users\Public\Desktop\More Youda Games.url [2013.05.18 08:03:10 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.05.15 16:09:49 | 001,007,064 | ---- | C] () -- C:\Users\Alexandra\Desktop\Anl1_zu_FB1_ab2011.pdf [2013.05.15 16:09:00 | 001,250,503 | ---- | C] () -- C:\Users\Alexandra\Desktop\FB1_ab2011.pdf [2013.04.18 15:49:45 | 000,010,111 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\recently-used.xbel [2013.01.28 19:34:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2013.01.28 19:14:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2013.01.28 18:18:22 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.11.06 18:09:26 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.11.06 18:09:26 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.11.06 18:09:04 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.06 18:09:00 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.11.06 18:09:00 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 06:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.08 08:05:47 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon [2013.04.18 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\IGG [2013.04.11 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\OpenOffice.org [2013.06.04 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\ViquaSoft [2013.05.20 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Youdagames ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:708B64DC @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Users\Alexandra\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Alexandra\Documents\desktop.ini:gs5sys @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:74B502CB @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B1E64E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:BAC2F271 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DF0BC727 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:490BCC52 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:0D52F295 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8B51CAAE < End of report > OTL Extras Code:
ATTFilter OTL Extras logfile created on: 13.06.2013 10:05:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexandra\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,71 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 50,67% Memory free
6,83 Gb Paging File | 1,83 Gb Available in Paging File | 26,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443,17 Gb Total Space | 373,71 Gb Free Space | 84,33% Space Free | Partition Type: NTFS
Computer Name: LEXI | User Name: Alexandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D189D38-62DE-41E1-A7B3-D8353CC88CE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{208CDF61-0B7A-4BFC-B08F-A5DF89786DD2}" = rport=137 | protocol=17 | dir=out | app=system |
"{35F9AA52-F3C8-4838-833A-E4701E9F2303}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D22FDAC-2521-436C-BFAE-C833D6436A30}" = rport=139 | protocol=6 | dir=out | app=system |
"{47513DAF-2167-4C78-9759-B8F875F60436}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54629E24-36F9-4661-85DF-4CE5D74DB9BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571D4C1B-CEE8-4AB5-B625-8D6E27C84532}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59F45975-1497-4591-A6DF-F6D7E0D346DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5ADF229E-2065-4E60-BCCD-AEFD80804D41}" = rport=138 | protocol=17 | dir=out | app=system |
"{643C9AB8-1AD8-498C-ABAD-8EB4BCD39586}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BDB8C79-3331-4F47-8D95-A40F93BD8706}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86EE0891-600A-4BE2-89B9-545A564BF6B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8936FEFB-9B78-44A9-A50B-6DCD5BED2043}" = rport=10243 | protocol=6 | dir=out | app=system |
"{97FC185A-490C-4817-9E24-82D796785351}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2BA61D8-33C4-4FFE-91D0-7A6FFD618709}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B44F27C4-EF7E-4269-AC82-1D18C05AD755}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDBDE3A6-031B-44E7-A22E-37AD39BC1BE8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C018EDFA-EEAC-4E6E-97E9-AB2C71758797}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA2FD45A-FDD4-4995-85DD-FAA19EAA3A61}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC7ED819-CC46-4715-B377-3130EEAC9669}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DDB17128-8FC3-434F-8A0E-B5F1DD35FAB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{F91BF137-A93B-46E2-AB4E-A1F0ED45F5AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA3336F8-6088-4C33-BB15-0A7B580D462A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AB8418-DBCD-46DF-B69C-16BCAFF1B7AF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{034D99B9-0187-4535-9231-FBC1B5271F84}" = dir=out | name=s camera |
"{0D4BD699-8E27-4212-B9AB-A7F78840FD77}" = dir=out | name=s player |
"{0E7A5A43-CF52-43E9-A081-A744C27144D8}" = dir=in | name=evernote |
"{160DD7D0-AE36-4E68-8206-3099A72B33B9}" = dir=out | name=norton studio |
"{1B189C04-5612-4C68-980E-4AA47CABD51C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{1C671CE7-E59E-4764-84B7-C4A049C4B0D2}" = dir=out | name=shark dash |
"{1CE7BB98-8714-4652-A8FD-C209F2F01A91}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22B76632-2110-4665-B0A9-EEFB7FC06A7F}" = dir=in | name=music maker jam |
"{2890F564-4016-4DED-B226-09147893D792}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{2A36AF9A-3987-4193-BCCB-A8D7275018C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2A5A9538-4386-4DFC-AD00-9B168F017BA3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B8FB385-FDD8-45F2-B1A0-CB9844C0625C}" = dir=out | name=s gallery |
"{2C9E2392-9A64-4D33-8402-6137B04582BA}" = dir=out | name=chaton |
"{31F0E700-2D44-437D-B670-D386A85F1ECB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{347816FA-27B5-4F49-A487-2433ED114F22}" = dir=out | name=jamie's recipes |
"{3B785F12-10D2-47C3-A836-D9C02923D9A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C50FAE0-D7B7-4372-A92B-B74A74628CFE}" = dir=out | name=wetter.com |
"{40382918-379B-4C1C-9415-7202CA3EB063}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4409665A-190D-42DA-969F-418241631D9C}" = protocol=6 | dir=out | app=system |
"{44E9C856-C44C-4BBE-89B8-1C7AAEEEE817}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4B085741-B95D-4D85-9F9D-ED53C7E66F1E}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4F013CA0-D48E-424D-AEE3-56E2E29293DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53A2D9A3-0C34-4B5D-AB20-E22F673F57DC}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{57661CD4-A396-41E6-9CDC-89277F3B4211}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5816D353-FD70-4B26-B0D7-43E12CF6D880}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{59B63644-61C0-47B1-95BB-E597BDDE8036}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{59F38315-C1B4-447E-BE87-C0C93904F150}" = dir=in | name=süddeutsche zeitung digital |
"{699AF58C-B0E1-4AA0-B4B6-250D137E79B3}" = dir=out | name=taptiles |
"{69D6C8D6-8E80-4A0E-8DF4-14D4606D6C31}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{6EB3F949-E4FC-46F1-814A-BF48DF75654D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AB35C8A-E427-4E4D-94B8-22B18941EEAA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7DD44F8E-9AD6-4204-884B-DC509145AC85}" = dir=out | name=music maker jam |
"{7ECE7533-2083-487A-9986-F057119184BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81A93E06-871A-46CA-ADBF-DC1057E16CF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{853F8DC5-479F-44A2-B212-416B05F45DCB}" = dir=out | name=adera |
"{8A4503B0-881F-452D-89BE-03B53D92EFC6}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{931F3DDB-B3B9-4856-8E24-10B97AFF8A51}" = dir=out | name=süddeutsche zeitung digital |
"{941BED8F-CD4C-46A4-87D7-0DD010D865C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9706CF2E-B709-4D67-A84F-97148651378E}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A0272AA9-D713-49C9-8532-DBA372DEEAF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A15D8D47-B2EA-4B34-B8AF-2324F57DF65D}" = dir=out | name=fresh paint |
"{A7474A0F-B238-4812-BC4F-AF8007107D50}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{AB5E853C-952F-4759-A2A7-2E81A4B73339}" = dir=out | name=netzwelt |
"{ABFBE5CC-A313-4B30-B993-29DC9C515229}" = dir=in | name=bitcasa infinite storage for samsung |
"{ACF4C77E-3AD6-4190-A55E-B0E7F6CF2FB7}" = dir=out | name=evernote |
"{B679484D-A60A-4E14-B793-FCF8E5DE33C1}" = dir=out | name=windows_ie_ac_001 |
"{B728B8BE-66FC-469C-9892-96A1429B4213}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BE7F0F34-2B00-4177-B393-B9D74AC7DD9C}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C50EBECB-F0FD-4CD9-B3C8-4AE9C612FB1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D2A95FA8-7D0E-4191-8FD2-D926E13DDF81}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{D3048195-5A8C-4945-8CDB-77F54C679FCD}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D4D0BE00-211D-4A18-99C7-8A6F1E3A9D26}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{D5853B6E-D3C7-4882-9F06-87F5C936F7EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D74A8FC6-1377-439B-B4E5-F21F64AAC2F1}" = dir=out | name=zalando |
"{DA12EB35-2770-4900-88E3-44FF804AB015}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{DE144A09-CF6F-45AF-88DF-5F947AB68CFD}" = dir=out | name=bitcasa infinite storage for samsung |
"{E07D37E2-4C9D-446E-9DE5-57F927EAF8D3}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{E0DA727E-ED11-436E-B485-EAE370BDBC6E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1BB13C7-C58C-4956-A673-DAA228EAA95B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E2AD20FC-CA0E-40EA-93EC-1BFB32381435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E31A535D-70F7-4A38-8A51-108DDE77A607}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F3D0A83B-5411-49AC-80ED-E1554EA8FF23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1A8F6272-5DA3-4353-99E4-85F629680CFB}C:\users\alexandra\desktop\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\alexandra\desktop\guild wars 2\gw2.exe |
"TCP Query User{50332EA7-9864-4607-99A7-0CAB6ED5FE35}C:\users\alexandra\desktop\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\alexandra\desktop\guild wars 2\gw2.exe |
"TCP Query User{6D4E29C1-5CFB-45E6-8C41-A074B9D24EC3}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{569AF015-245C-4682-AB09-B5FC04E35C01}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{649D725B-76F7-4376-B84D-D8102FEDC363}C:\users\alexandra\desktop\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\alexandra\desktop\guild wars 2\gw2.exe |
"UDP Query User{6722256D-E43B-426A-8999-C60892730216}C:\users\alexandra\desktop\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\alexandra\desktop\guild wars 2\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{3EB3E946-FB88-45C2-A19B-410D254657D9}" = Support Center
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1" = Bitcasa version 0.9.20.4135
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Elantech" = ETDWare X64 11.7.5.5_WHQL
"EPSON BX535WD Series" = Druckerdeinstallation für EPSON BX535WD Series
"GIMP-2_is1" = GIMP 2.8.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}" = User Guide
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2DA2D0B6-7B27-4248-B42E-6C87EDB41818}" = Update for Japanese Microsoft IME Standard Extended Dictionary
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3D3085B0-BC4D-4559-B0AE-F5C879DEFFC4}" = Adobe Flash Player 11 Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{58B2C2CD-26D3-4205-A9F9-FE488B5883AB}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66792BEC-2401-4DEC-AD4E-BEBFD9EF7F8D}" = SW Update
"{6FB58056-0BD1-4E42-BC61-26A840895497}" = Overwolf
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}" = Settings
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9478A3AA-4C2C-4104-97D7-32C7EEB32F59}" = Support Center FAQ
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9772C904-8064-46BC-AEBC-3209F2EA9829}" = Update for Japanese Microsoft IME Standard Dictionary
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Anki" = Anki
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EPSON Scanner" = EPSON Scan
"Guild Wars 2" = Guild Wars 2
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NARA" = Norton Online Backup ARA
"Plants vs. Zombies" = Plants vs. Zombies
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.05.2013 09:23:13 | Computer Name = Lexi | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2cbec Startzeit: 01ce4e4a9b11f3a5 Endzeit: 15 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: e7d6dbeb-ba3d-11e2-be86-50b7c3fbd634
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.05.2013 10:15:41 | Computer Name = Lexi | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 13.05.2013 09:52:21 | Computer Name = Lexi | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1228 Startzeit: 01ce4f9ebe51a668 Endzeit: 1941 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: 50a49f42-bbd4-11e2-be87-50b7c3fbd634
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 14.05.2013 02:35:06 | Computer Name = Lexi | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Das Paket „Microsoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbwe“ wurde
beendet, da das Anhalten zu lange dauerte.
Error - 14.05.2013 02:35:20 | Computer Name = Lexi | Source = Application Hang | ID = 1002
Description = Programm Map.exe, Version 1.5.1.240 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1bfc Startzeit:
01ce506d229ab56d Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbwe\Map.exe
Berichts-ID:
6ab2b843-bc60-11e2-be87-50b7c3fbd634 Vollständiger Name des fehlerhaften Pakets:
Microsoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften
Paket ist: AppexMaps
Error - 14.05.2013 03:13:18 | Computer Name = Lexi | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ wurde nicht innerhalb
der vorgesehenen Zeit gestartet.
Error - 15.05.2013 03:04:11 | Computer Name = Lexi | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1320 Startzeit: 01ce513031cf5d4c Endzeit: 22 Anwendungspfad:
C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: 9aefdcc9-bd2d-11e2-be87-50b7c3fbd634
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.05.2013 06:28:56 | Computer Name = Lexi | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader“ wurde nicht
innerhalb der vorgesehenen Zeit gestartet.
Error - 15.05.2013 10:04:51 | Computer Name = Lexi | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1a564 Startzeit: 01ce51571b13583f Endzeit: 39 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: 65d34e62-bd68-11e2-be87-50b7c3fbd634
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 18.05.2013 02:45:39 | Computer Name = Lexi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ccSet.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x50cfcbaf Ausnahmecode: 0xc0000005 Fehleroffset: 0x735bb899
ID
des fehlerhaften Prozesses: 0xff4 Startzeit der fehlerhaften Anwendung: 0x01ce538b661e420b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Pfad
des fehlerhaften Moduls: ccSet.dll Berichtskennung: 8cdf1ed9-bf86-11e2-be88-50b7c3fbd634
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 19.05.2013 08:05:04 | Computer Name = Lexi | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung
erkannt. In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden.
Die Dateireferenznummer ist 0x1300000001976b. Der Name der Datei ist "\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_979be417fa2e2c19".
Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION".
Error - 19.05.2013 08:05:31 | Computer Name = Lexi | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung
erkannt. In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden.
Die Dateireferenznummer ist 0x1000000001727. Der Name der Datei ist "\Windows\System32".
Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION".
Error - 19.05.2013 11:06:48 | Computer Name = Lexi | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 20.05.2013 01:34:29 | Computer Name = Lexi | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 01:34:29 | Computer Name = Lexi | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 01:34:29 | Computer Name = Lexi | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 01:34:30 | Computer Name = Lexi | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 01:34:30 | Computer Name = Lexi | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 01:34:30 | Computer Name = Lexi | Source = DCOM | ID = 10010
Description =
Error - 20.05.2013 08:29:08 | Computer Name = Lexi | Source = DCOM | ID = 10016
Description =
< End of report >
Geändert von Kana (13.06.2013 um 09:33 Uhr) |
|
13.06.2013, 10:08
| #2 |
| /// the machine /// TB-Ausbilder    | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
13.06.2013, 10:21
| #3 |
| | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Hallo und danke für die schnelle Antwort :-)
__________________Hier sind meine Scan-Ergebnisse: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 04
Ran by Alexandra (administrator) on 13-06-2013 11:15:41
Running from C:\Users\Alexandra\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\PROGRAM FILES (X86)\SAMSUNG\SW UPDATE\SWMAGENT.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\PROGRAM FILES (X86)\SYMANTEC\NORTON ONLINE BACKUP\NOBUAGENT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\PROGRAM FILES\SAMSUNG\SUPPORT CENTER\GUARANAAGENT.EXE
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
(Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(ArenaNet) C:\Users\Alexandra\Desktop\Guild Wars 2\Gw2.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Users\ALEXAN~1\AppData\Local\Temp\gw2cache-{4B552B37-E01F-173F-342B-554B1FE03F17}\awesomium_process.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13219984 2012-11-06] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [x]
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [x]
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKCU SearchScopes: DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL =
SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\t3xmylo5.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4448104 2013-03-27] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2912304 2013-03-14] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x]
R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130412.001\IDSvia64.sys [x]
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [x]
R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x]
R4 SymDS; \SystemRoot\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x]
R4 SymEFA; \SystemRoot\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]
R4 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [x]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-13 11:15 - 2013-06-13 11:15 - 00000000 ____D C:\FRST
2013-06-13 11:14 - 2013-06-13 11:15 - 01920280 ____A (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2013-06-13 10:20 - 2013-06-13 10:20 - 00067876 ____A C:\Users\Alexandra\Desktop\Extras.Txt
2013-06-13 10:19 - 2013-06-13 10:19 - 00109728 ____A C:\Users\Alexandra\Desktop\OTL.Txt
2013-06-13 10:03 - 2013-06-13 10:03 - 00602112 ____A (OldTimer Tools) C:\Users\Alexandra\Desktop\OTL.exe
2013-06-13 09:44 - 2013-06-13 09:44 - 00001109 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-13 09:44 - 2013-06-13 09:44 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Malwarebytes
2013-06-13 09:44 - 2013-06-13 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-13 09:44 - 2013-06-13 09:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 09:44 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-13 09:07 - 2013-06-13 09:07 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-13 08:27 - 2013-06-13 08:27 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Avira
2013-06-13 08:23 - 2013-06-13 08:23 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-13 08:21 - 2013-06-13 08:21 - 00002066 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-13 08:21 - 2013-06-13 08:21 - 00000000 ____D C:\ProgramData\Avira
2013-06-13 08:21 - 2013-06-13 08:21 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-13 08:21 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-13 08:21 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-13 08:21 - 2013-02-26 16:56 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-13 08:20 - 2013-05-02 17:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-06-12 14:11 - 2013-06-12 14:12 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-12 14:11 - 2013-06-12 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-12 14:11 - 2013-06-12 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Canon
2013-06-08 08:02 - 2013-06-08 08:14 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-08 07:58 - 2013-06-08 07:58 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-06-08 07:58 - 2013-06-08 07:58 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-06-08 07:55 - 2013-06-08 07:55 - 00002356 ____A C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk
2013-06-08 07:55 - 2013-06-08 07:55 - 00000000 ____D C:\Program Files\Canon
2013-06-08 07:54 - 2013-06-08 07:54 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-06-08 07:54 - 2013-06-08 07:54 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-06-08 07:54 - 2012-03-14 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMAT.DLL
2013-06-08 07:54 - 2011-03-31 10:07 - 00302080 ____A (CANON INC.) C:\Windows\System32\CNC_ATC.dll
2013-06-08 07:54 - 2011-03-31 10:07 - 00114688 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATU.dll
2013-06-08 07:54 - 2011-03-31 10:06 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNC_ATI.dll
2013-06-08 07:54 - 2011-03-30 12:55 - 00373248 ____A (CANON INC.) C:\Windows\System32\CNC_ATL.dll
2013-06-08 07:54 - 2011-03-30 12:54 - 00323584 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATL.dll
2013-06-08 07:54 - 2011-02-03 02:20 - 00256000 ____A (CANON INC.) C:\Windows\System32\CNMIUAT.DLL
2013-06-08 07:54 - 2010-11-18 08:15 - 00098304 ____A (Canon Inc.) C:\Windows\System32\CNC_ATO.dll
2013-06-08 07:54 - 2010-11-12 11:13 - 00068096 ____A C:\Windows\SysWOW64\CNC1754D.TBL
2013-06-08 07:54 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2013-06-08 07:54 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-06-08 07:53 - 2013-06-08 07:53 - 00000000 ___HD C:\Program Files\CanonBJ
2013-06-08 07:53 - 2013-06-08 07:53 - 00000000 ____D C:\Windows\System32\STRING
2013-06-08 07:53 - 2012-06-14 10:18 - 00366592 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2013-06-08 07:53 - 2012-06-14 10:18 - 00359936 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2013-06-08 07:53 - 2012-06-14 10:18 - 00039424 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2013-06-08 07:50 - 2013-06-08 08:06 - 00000000 ____D C:\Program Files (x86)\Canon
2013-06-04 16:50 - 2013-06-04 16:50 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Macromedia
2013-06-04 16:45 - 2013-06-04 16:45 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Mozilla
2013-06-04 16:45 - 2013-06-04 16:45 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Mozilla
2013-06-04 16:45 - 2013-06-04 16:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-04 16:40 - 2013-06-13 10:45 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-04 16:40 - 2013-06-13 08:07 - 00001122 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-04 16:40 - 2013-06-04 16:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-04 16:39 - 2013-06-05 09:21 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Google
2013-06-04 15:15 - 2013-06-04 15:15 - 00000000 ____D C:\ProgramData\HipSoft
2013-06-04 15:14 - 2013-06-04 15:14 - 00001252 ____A C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2013-06-04 10:40 - 2013-06-04 10:40 - 00000000 ____D C:\Games
2013-06-04 10:35 - 2013-06-04 12:52 - 00000000 ____D C:\ProgramData\iWin Games
2013-06-01 15:03 - 2013-06-01 15:03 - 00000000 ____D C:\Users\Public\Documents\bigfish
2013-05-30 17:25 - 2013-05-30 17:25 - 00000000 ____D C:\Users\Alexandra\AppData\Local\FamilyRestaurant
2013-05-27 09:22 - 2013-06-04 14:09 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\ViquaSoft
2013-05-26 17:41 - 2013-06-04 12:49 - 00000000 ____D C:\ProgramData\Fugazo
2013-05-26 17:33 - 2013-05-26 17:33 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\WinRAR
2013-05-26 17:33 - 2013-05-26 17:33 - 00000000 ____D C:\GameHouse Games
2013-05-23 15:46 - 2013-06-04 16:16 - 00000000 ____D C:\ProgramData\Big Fish Games
2013-05-22 17:50 - 2013-05-23 07:48 - 03311280 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-21 09:02 - 2013-06-13 10:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-21 09:01 - 2013-05-21 09:01 - 00000000 ____D C:\ProgramData\Oberon Media
2013-05-21 09:01 - 2013-05-21 09:01 - 00000000 ____D C:\Program Files (x86)\GamesBar
2013-05-21 09:00 - 2013-06-04 16:16 - 00000000 ____D C:\BigFishGamesCache
2013-05-21 09:00 - 2013-05-21 09:00 - 00235080 ____A (Big Fish Games) C:\Users\Alexandra\Downloads\burger-shop-2_s1_l1_gF5134T1L1_d2078602473.exe
2013-05-20 16:15 - 2013-05-20 16:15 - 00000000 ____D C:\ProgramData\GoBit Games
2013-05-20 16:14 - 2013-05-20 16:15 - 00003072 ____A C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage
2013-05-20 16:14 - 2013-05-20 16:14 - 00003072 ____A C:\Users\Alexandra\AppData\Local\file__0.localstorage
2013-05-20 16:14 - 2013-05-20 16:14 - 00000250 ____A C:\Users\Public\Desktop\More Youda Games.url
2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\ProgramData\Youdagames
2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\Program Files (x86)\Youdagames
2013-05-20 16:13 - 2013-05-20 16:13 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Youdagames
2013-05-20 16:12 - 2013-05-20 16:13 - 51130440 ____A (Youdagames) C:\Users\Alexandra\Downloads\Burger_Shop_21.exe
2013-05-18 08:05 - 2013-04-10 01:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 08:05 - 2013-04-10 01:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 08:05 - 2013-04-10 01:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 08:05 - 2013-04-10 01:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 08:05 - 2013-04-10 01:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 08:05 - 2013-04-10 00:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-18 08:05 - 2013-04-10 00:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-18 08:05 - 2013-04-10 00:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-18 08:05 - 2013-04-10 00:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-18 08:05 - 2013-04-10 00:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-18 08:04 - 2013-04-10 01:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 08:04 - 2013-04-10 01:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-18 08:04 - 2013-04-10 01:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 08:04 - 2013-04-10 01:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 08:04 - 2013-04-10 01:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 08:04 - 2013-04-10 00:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-18 08:04 - 2013-04-10 00:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-18 08:04 - 2013-04-10 00:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-18 08:04 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-18 08:04 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-18 08:04 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-18 08:04 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-18 08:04 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-18 08:04 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-18 08:04 - 2013-02-12 03:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-05-18 08:04 - 2013-02-12 02:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-05-18 08:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-18 08:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-18 08:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-18 08:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-18 08:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-18 08:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-18 08:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-18 08:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-18 08:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-18 08:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-18 08:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-18 08:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-18 08:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-18 08:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-18 08:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-18 08:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-18 08:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-18 08:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-18 08:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-18 08:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-18 08:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-18 08:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-18 08:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-18 08:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-18 08:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-18 08:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-18 08:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-18 08:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-18 08:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-18 08:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-18 08:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-18 08:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-18 08:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-18 08:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-18 08:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-18 08:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-18 08:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-18 08:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-18 08:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-18 08:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-18 08:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-18 08:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-18 08:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-18 08:03 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-18 08:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-18 08:03 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-18 08:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-18 08:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-18 08:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-18 08:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-18 08:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-18 08:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-18 08:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-18 08:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-18 08:03 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-18 08:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-18 08:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-18 07:44 - 2013-05-21 09:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-18 07:44 - 2013-05-21 09:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-17 11:12 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 08:02 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-16 12:26 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 12:26 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 12:26 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 12:26 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 12:26 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 12:26 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 09:22 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-16 09:22 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-16 08:12 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
==================== One Month Modified Files and Folders =======
2013-06-13 11:15 - 2013-06-13 11:15 - 00000000 ____D C:\FRST
2013-06-13 11:15 - 2013-06-13 11:14 - 01920280 ____A (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2013-06-13 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-13 10:45 - 2013-06-04 16:40 - 00001126 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-13 10:33 - 2013-05-21 09:02 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-13 10:20 - 2013-06-13 10:20 - 00067876 ____A C:\Users\Alexandra\Desktop\Extras.Txt
2013-06-13 10:19 - 2013-06-13 10:19 - 00109728 ____A C:\Users\Alexandra\Desktop\OTL.Txt
2013-06-13 10:03 - 2013-06-13 10:03 - 00602112 ____A (OldTimer Tools) C:\Users\Alexandra\Desktop\OTL.exe
2013-06-13 09:44 - 2013-06-13 09:44 - 00001109 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-13 09:44 - 2013-06-13 09:44 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Malwarebytes
2013-06-13 09:44 - 2013-06-13 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-13 09:44 - 2013-06-13 09:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 09:07 - 2013-06-13 09:07 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-13 08:27 - 2013-06-13 08:27 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Avira
2013-06-13 08:23 - 2013-06-13 08:23 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-13 08:22 - 2013-01-28 18:15 - 01962023 ____A C:\Windows\WindowsUpdate.log
2013-06-13 08:21 - 2013-06-13 08:21 - 00002066 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-13 08:21 - 2013-06-13 08:21 - 00000000 ____D C:\ProgramData\Avira
2013-06-13 08:21 - 2013-06-13 08:21 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-13 08:20 - 2013-01-28 19:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-06-13 08:19 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-06-13 08:19 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-13 08:10 - 2013-01-28 19:22 - 00000000 ____D C:\ProgramData\WinClon
2013-06-13 08:07 - 2013-06-04 16:40 - 00001122 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-12 14:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-12 14:12 - 2013-06-12 14:11 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-12 14:11 - 2013-06-12 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-12 14:11 - 2013-06-12 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-12 14:02 - 2013-04-14 08:46 - 00484676 ____A C:\Windows\System32\perfh011.dat
2013-06-12 14:02 - 2013-04-14 08:46 - 00132552 ____A C:\Windows\System32\perfc011.dat
2013-06-12 14:02 - 2013-02-03 04:58 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-12 14:02 - 2013-02-03 04:58 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-12 14:02 - 2012-07-26 09:28 - 02362670 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 10:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-12 09:04 - 2013-05-12 09:27 - 00000000 ____D C:\Users\Alexandra\Desktop\Guild Wars 2
2013-06-08 08:14 - 2013-06-08 08:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-08 08:06 - 2013-06-08 07:50 - 00000000 ____D C:\Program Files (x86)\Canon
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-06-08 08:05 - 2013-06-08 08:05 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Canon
2013-06-08 08:01 - 2012-07-26 09:21 - 00030083 ____A C:\Windows\setupact.log
2013-06-08 08:00 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media
2013-06-08 07:58 - 2013-06-08 07:58 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-06-08 07:58 - 2013-06-08 07:58 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-06-08 07:55 - 2013-06-08 07:55 - 00002356 ____A C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk
2013-06-08 07:55 - 2013-06-08 07:55 - 00000000 ____D C:\Program Files\Canon
2013-06-08 07:54 - 2013-06-08 07:54 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-06-08 07:54 - 2013-06-08 07:54 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-06-08 07:53 - 2013-06-08 07:53 - 00000000 ___HD C:\Program Files\CanonBJ
2013-06-08 07:53 - 2013-06-08 07:53 - 00000000 ____D C:\Windows\System32\STRING
2013-06-07 08:16 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 08:15 - 2012-08-05 23:07 - 00032814 ____A C:\Windows\PFRO.log
2013-06-05 09:21 - 2013-06-04 16:39 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Google
2013-06-04 16:50 - 2013-06-04 16:50 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Macromedia
2013-06-04 16:45 - 2013-06-04 16:45 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Mozilla
2013-06-04 16:45 - 2013-06-04 16:45 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Mozilla
2013-06-04 16:45 - 2013-06-04 16:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-04 16:41 - 2013-06-04 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-04 16:16 - 2013-05-23 15:46 - 00000000 ____D C:\ProgramData\Big Fish Games
2013-06-04 16:16 - 2013-05-21 09:00 - 00000000 ____D C:\BigFishGamesCache
2013-06-04 15:15 - 2013-06-04 15:15 - 00000000 ____D C:\ProgramData\HipSoft
2013-06-04 15:14 - 2013-06-04 15:14 - 00001252 ____A C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2013-06-04 14:09 - 2013-05-27 09:22 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\ViquaSoft
2013-06-04 12:52 - 2013-06-04 10:35 - 00000000 ____D C:\ProgramData\iWin Games
2013-06-04 12:49 - 2013-05-26 17:41 - 00000000 ____D C:\ProgramData\Fugazo
2013-06-04 10:40 - 2013-06-04 10:40 - 00000000 ____D C:\Games
2013-06-03 15:39 - 2013-05-11 16:17 - 00100864 __ASH C:\Users\Alexandra\Desktop\Thumbs.db
2013-06-01 15:03 - 2013-06-01 15:03 - 00000000 ____D C:\Users\Public\Documents\bigfish
2013-05-30 17:25 - 2013-05-30 17:25 - 00000000 ____D C:\Users\Alexandra\AppData\Local\FamilyRestaurant
2013-05-29 15:46 - 2013-04-11 13:04 - 00000000 ____D C:\Users\Alexandra\Desktop\Bewerbung
2013-05-26 17:33 - 2013-05-26 17:33 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\WinRAR
2013-05-26 17:33 - 2013-05-26 17:33 - 00000000 ____D C:\GameHouse Games
2013-05-25 11:56 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-05-23 07:48 - 2013-05-22 17:50 - 03311280 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-21 09:02 - 2013-05-18 07:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-21 09:02 - 2013-05-18 07:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-21 09:01 - 2013-05-21 09:01 - 00000000 ____D C:\ProgramData\Oberon Media
2013-05-21 09:01 - 2013-05-21 09:01 - 00000000 ____D C:\Program Files (x86)\GamesBar
2013-05-21 09:00 - 2013-05-21 09:00 - 00235080 ____A (Big Fish Games) C:\Users\Alexandra\Downloads\burger-shop-2_s1_l1_gF5134T1L1_d2078602473.exe
2013-05-20 17:54 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-20 17:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-20 17:04 - 2013-04-11 12:41 - 00000000 ___AD C:\users\Alexandra
2013-05-20 16:15 - 2013-05-20 16:15 - 00000000 ____D C:\ProgramData\GoBit Games
2013-05-20 16:15 - 2013-05-20 16:14 - 00003072 ____A C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage
2013-05-20 16:14 - 2013-05-20 16:14 - 00003072 ____A C:\Users\Alexandra\AppData\Local\file__0.localstorage
2013-05-20 16:14 - 2013-05-20 16:14 - 00000250 ____A C:\Users\Public\Desktop\More Youda Games.url
2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\ProgramData\Youdagames
2013-05-20 16:14 - 2013-05-20 16:14 - 00000000 ____D C:\Program Files (x86)\Youdagames
2013-05-20 16:13 - 2013-05-20 16:13 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Youdagames
2013-05-20 16:13 - 2013-05-20 16:12 - 51130440 ____A (Youdagames) C:\Users\Alexandra\Downloads\Burger_Shop_21.exe
2013-05-17 18:01 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-05-16 08:23 - 2013-04-12 08:30 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-12 09:12
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2013 04 Ran by Alexandra at 2013-06-13 11:17:07 Run: Running from C:\Users\Alexandra\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 Plugin (Version: 11.3.300.257) Adobe Photoshop Elements 11 (Version: 11.0) Adobe Reader X (10.1.3) MUI (Version: 10.1.3) Anki Avira Free Antivirus (Version: 13.0.0.3640) Bitcasa version 0.9.20.4135 (Version: 0.9.20.4135) Canon Easy-PhotoPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG5300 series Benutzerregistrierung Canon MG5300 series MP Drivers Canon MG5300 series On-screen Manual Canon MP Navigator EX 5.0 Canon My Printer CyberLink Power2Go 8 (Version: 8.0.0.1912) D3DX10 (Version: 15.4.2368.0902) Druckerdeinstallation für EPSON BX535WD Series Easy File Share (Version: 1.3.6) Elements 11 Organizer (Version: 11.0) E-POP (Version: 1.0.1) EPSON Scan ETDWare X64 11.7.5.5_WHQL (Version: 11.7.5.5) Fotogalerie (Version: 16.4.3503.0728) Galerie de photos (Version: 16.4.3503.0728) GIMP 2.8.4 (Version: 2.8.4) Google Update Helper (Version: 1.3.21.145) Guild Wars 2 Help Desk (Version: 1.0.8) Intel AppUp(SM) center (Version: 3.6.1.33070.11) Intel(R) Manageability Engine Firmware Recovery Agent (Version: 1.0.0.36702) Intel(R) Management Engine Components (Version: 8.1.0.1252) Intel(R) Processor Graphics (Version: 9.17.10.2875) Intel(R) Rapid Storage Technology (Version: 11.5.2.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (Version: 14.0.6120.5004) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Movie Maker (Version: 16.4.3503.0728) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Norton Online Backup (Version: 2.2.3.51) Norton Online Backup ARA (Version: 4.1.0.14) OpenOffice.org 3.4.1 (Version: 3.41.9593) Overwolf (Version: 0.41.236) Photo Common (Version: 16.4.3503.0728) Photo Gallery (Version: 16.4.3503.0728) Plants vs. Zombies PSE11 STI Installer (Version: 11.0) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214) Qualcomm Atheros Client Installation Program (Version: 10.0) Raccolta foto (Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (Version: 8.4.907.2012) Realtek High Definition Audio Driver (Version: 6.0.1.6772) Recovery (Version: 6.0.7.2) S Agent (Version: 1.1.30) Settings (Version: 2.0.1) Support Center (Version: 2.1.20) Support Center FAQ (Version: 1.0.6) SW Update (Version: 2.1.11) Update for Japanese Microsoft IME Postal Code Dictionary (Version: 15.0.552) Update for Japanese Microsoft IME Standard Dictionary (Version: 15.0.769) Update for Japanese Microsoft IME Standard Extended Dictionary (Version: 15.0.769) User Guide (Version: 1.2.00) VLC media player 2.0.6 (Version: 2.0.6) Windows Live (Version: 16.4.3503.0728) Windows Live Communications Platform (Version: 16.4.3503.0728) Windows Live Essentials (Version: 16.4.3503.0728) Windows Live Installer (Version: 16.4.3503.0728) Windows Live Photo Common (Version: 16.4.3503.0728) Windows Live PIMT Platform (Version: 16.4.3503.0728) Windows Live SOXE (Version: 16.4.3503.0728) Windows Live SOXE Definitions (Version: 16.4.3503.0728) Windows Live UX Platform (Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (Version: 16.4.3503.0728) ==================== Restore Points ========================= 28-05-2013 06:32:57 Geplanter Prüfpunkt 04-06-2013 14:29:59 Geplanter Prüfpunkt 09-06-2013 14:37:20 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2013 09:40:29 AM) (Source: Application Hang) (User: ) Description: Programm ismagent.exe, Version 1.8.2.36564 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 27bac Startzeit: 01ce67fe6bc43fc5 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe Berichts-ID: 83a892d1-d3fc-11e2-be8b-50b7c3fbd634 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/09/2013 05:26:51 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: SYMHTML.DLL, Version: 7.3.0.30, Zeitstempel: 0x5111c8e4 Ausnahmecode: 0xc000041d Fehleroffset: 0x001ab9a2 ID des fehlerhaften Prozesses: 0x20a0 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (06/09/2013 05:26:41 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: SYMHTML.DLL, Version: 7.3.0.30, Zeitstempel: 0x5111c8e4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001ab9a2 ID des fehlerhaften Prozesses: 0x20a0 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Lexi) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Lexi) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Lexi) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Lexi) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/07/2013 05:01:47 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ccSet.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50cfcbaf Ausnahmecode: 0xc0000005 Fehleroffset: 0x737db899 ID des fehlerhaften Prozesses: 0x1240 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (06/07/2013 08:23:25 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.1.2, Zeitstempel: 0x50cfbfc9 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f0c22 Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x200 Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0 Pfad der fehlerhaften Anwendung: ccSvcHst.exe1 Pfad des fehlerhaften Moduls: ccSvcHst.exe2 Berichtskennung: ccSvcHst.exe3 Vollständiger Name des fehlerhaften Pakets: ccSvcHst.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ccSvcHst.exe5 Error: (06/07/2013 08:18:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Lexi) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (06/13/2013 08:22:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.151.2126.0) Error: (06/12/2013 00:37:35 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (06/12/2013 00:29:14 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (06/12/2013 00:14:57 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 107. Error: (06/12/2013 00:14:57 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Error: (06/12/2013 09:01:30 AM) (Source: DCOM) (User: Lexi) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (06/12/2013 09:01:30 AM) (Source: DCOM) (User: Lexi) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (06/12/2013 09:01:30 AM) (Source: DCOM) (User: Lexi) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (06/12/2013 09:01:30 AM) (Source: DCOM) (User: Lexi) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (06/12/2013 09:01:30 AM) (Source: DCOM) (User: Lexi) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Microsoft Office Sessions: ========================= Error: (06/13/2013 09:40:29 AM) (Source: Application Hang)(User: ) Description: ismagent.exe1.8.2.3656427bac01ce67fe6bc43fc54294967295C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe83a892d1-d3fc-11e2-be8b-50b7c3fbd634 Error: (06/09/2013 05:26:51 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7SYMHTML.DLL7.3.0.305111c8e4c000041d001ab9a220a001ce64d7ec4ac192C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\SYMHTML.DLL01b8d55e-d119-11e2-be8b-50b7c3fbd634 Error: (06/09/2013 05:26:41 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7SYMHTML.DLL7.3.0.305111c8e4c0000005001ab9a220a001ce64d7ec4ac192C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\SYMHTML.DLLfb9cb96d-d118-11e2-be8b-50b7c3fbd634 Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Lexi) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Lexi) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Lexi) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (06/09/2013 08:08:16 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Lexi) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (06/07/2013 05:01:47 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ccSet.dll_unloaded0.0.0.050cfcbafc0000005737db899124001ce63470749a56fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll2c16d702-cf83-11e2-be8b-50b7c3fbd634 Error: (06/07/2013 08:23:25 AM) (Source: Application Error)(User: ) Description: ccSvcHst.exe12.3.1.250cfbfc9MSVCR100.dll10.0.40219.14d5f0c22400000150008d6fd20001ce6346d4ef0ebdC:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\MSVCR100.dllc24a31c7-cf3a-11e2-be8b-50b7c3fbd634 Error: (06/07/2013 08:18:46 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Lexi) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 ==================== Memory info =========================== Percentage of memory in use: 64% Total physical RAM: 3795.53 MB Available physical RAM: 1363.97 MB Total Pagefile: 7203.54 MB Available Pagefile: 1903.45 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.17 GB) (Free:373.42 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Danke im Voraus :-) |
|
13.06.2013, 11:03
| #4 |
| /// the machine /// TB-Ausbilder | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte. Passwörter zum Mail Account bitte von anderem Rechner ändern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2013, 12:01
| #5 |
| | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Hallo und danke! Habe mein Passwort nun auf einem anderen Rechner geändert. Adwcleander: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 12:16:35 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Alexandra - LEXI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexandra\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\GamesBar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\t3xmylo5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1147 octets] - [13/06/2013 12:16:35]
########## EOF - C:\AdwCleaner[S1].txt - [1207 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Alexandra on 13.06.2013 at 12:39:01,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\windows\prefetch\APNSTUB.EXE-7E04BFBE.pf
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2013 at 12:42:32,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL: Code:
ATTFilter OTL logfile created on: 13.06.2013 12:51:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexandra\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,71 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 66,30% Memory free 6,83 Gb Paging File | 5,47 Gb Available in Paging File | 80,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 443,17 Gb Total Space | 373,69 Gb Free Space | 84,32% Space Free | Partition Type: NTFS Computer Name: LEXI | User Name: Alexandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 10:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2012.11.30 09:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe PRC - [2012.11.30 09:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe PRC - [2012.11.06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012.10.31 13:03:00 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.07.24 05:06:16 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe PRC - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.06.14 05:05:16 | 000,648,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe PRC - [2012.06.14 05:05:00 | 000,233,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012.04.03 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ========== Modules (No Company Name) ========== MOD - [2012.11.30 09:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll MOD - [2012.11.30 09:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll MOD - [2012.11.30 09:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll MOD - [2012.11.30 09:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll MOD - [2012.11.30 09:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll MOD - [2012.07.24 05:06:16 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe MOD - [2012.06.14 05:06:20 | 000,500,064 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll MOD - [2012.06.14 04:57:22 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll MOD - [2012.06.14 04:56:52 | 000,481,792 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll MOD - [2012.06.14 04:55:22 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll MOD - [2012.06.14 04:54:18 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.06.08 04:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2011.08.17 09:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll MOD - [2011.08.17 09:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll MOD - [2011.08.17 09:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll MOD - [2011.08.15 13:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll MOD - [2011.08.15 13:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll MOD - [2011.08.15 13:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll MOD - [2011.08.15 13:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll MOD - [2011.08.15 12:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll MOD - [2011.07.19 09:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll MOD - [2011.07.19 09:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.10.08 22:03:50 | 000,090,992 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.20 07:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.05.21 09:02:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.27 17:50:00 | 004,448,104 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2013.03.14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService) SRV - [2013.03.05 16:47:00 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2012.11.08 16:25:28 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012.10.31 13:57:44 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.10.31 13:03:00 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent) SRV - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.15 04:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.03 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 18:09:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.31 13:37:42 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.10.31 13:37:40 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.10.31 13:37:38 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.10.31 13:37:36 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.10.31 13:37:36 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.10.31 13:37:34 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.10.31 13:37:34 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.10.31 13:37:34 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.08 22:03:18 | 000,325,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.18 17:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.09.06 18:25:26 | 000,719,504 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.08.09 20:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.08.06 05:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2012.07.31 04:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.27 14:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.03 01:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.25 03:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{74BFD63A-383B-407D-8AC1-BDD4E79720F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{74BFD63A-383B-407D-8AC1-BDD4E79720F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {74BFD63A-383B-407D-8AC1-BDD4E79720F3} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.04 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\mozilla\Extensions [2013.06.12 14:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.12 14:11:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AA4DACA-731E-4792-AFE3-63FD2A23C056}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6633FB3C-3779-4E69-BBA3-6C12697E867F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 12:38:58 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.06.13 12:38:54 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.13 12:35:42 | 000,000,000 | R--D | C] -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.13 12:29:51 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Alexandra\Desktop\JRT.exe [2013.06.13 12:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.06.13 11:15:23 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.13 11:14:59 | 001,920,280 | ---- | C] (Farbar) -- C:\Users\Alexandra\Desktop\FRST64.exe [2013.06.13 10:03:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe [2013.06.13 09:44:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Malwarebytes [2013.06.13 09:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.13 09:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.13 09:44:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.06.13 09:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.13 09:07:07 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys [2013.06.13 08:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Avira [2013.06.13 08:23:31 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.13 08:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.13 08:21:40 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.06.13 08:21:40 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.06.13 08:21:40 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.06.13 08:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.13 08:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.12 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.06.12 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.08 08:05:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2013.06.08 08:05:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.06.08 08:05:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.06.08 08:05:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2013.06.08 08:05:47 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Canon [2013.06.08 08:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.06.08 07:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Benutzerregistrierung [2013.06.08 07:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.06.08 07:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.06.08 07:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.06.08 07:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.06.08 07:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual [2013.06.08 07:54:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.06.08 07:54:42 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information [2013.06.08 07:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series [2013.06.08 07:53:54 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.06.08 07:53:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING [2013.06.08 07:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.06.04 16:54:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.04 16:50:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Macromedia [2013.06.04 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Mozilla [2013.06.04 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Mozilla [2013.06.04 16:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.06.04 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.04 16:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Google [2013.06.04 15:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft [2013.06.04 10:40:34 | 000,000,000 | ---D | C] -- C:\Games [2013.06.04 10:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin Games [2013.06.04 10:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games [2013.06.01 15:03:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\bigfish [2013.05.30 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\FamilyRestaurant [2013.05.27 09:22:15 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\ViquaSoft [2013.05.26 17:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2013.05.26 17:33:58 | 000,000,000 | ---D | C] -- C:\GameHouse Games [2013.05.26 17:33:54 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\WinRAR [2013.05.23 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013.05.21 09:03:03 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo US [2013.05.21 09:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media [2013.05.21 09:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media [2013.05.21 09:00:49 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2013.05.20 16:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBit Games [2013.05.20 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames [2013.05.20 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youdagames [2013.05.20 16:13:35 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Youdagames [2013.01.28 19:14:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe ========== Files - Modified Within 30 Days ========== [2013.06.13 12:45:00 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 12:36:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.13 12:35:02 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 12:34:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.13 12:34:19 | 3183,919,104 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 12:33:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.13 12:29:51 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Alexandra\Desktop\JRT.exe [2013.06.13 12:29:08 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.13 12:29:08 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.13 12:29:08 | 000,484,676 | ---- | M] () -- C:\windows\SysNative\perfh011.dat [2013.06.13 12:29:08 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.13 12:29:08 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.13 12:29:08 | 000,132,552 | ---- | M] () -- C:\windows\SysNative\perfc011.dat [2013.06.13 12:29:07 | 002,362,670 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.13 12:16:52 | 000,000,101 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013.06.13 12:14:43 | 000,648,201 | ---- | M] () -- C:\Users\Alexandra\Desktop\adwcleaner.exe [2013.06.13 11:15:09 | 001,920,280 | ---- | M] (Farbar) -- C:\Users\Alexandra\Desktop\FRST64.exe [2013.06.13 10:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe [2013.06.13 09:44:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.13 09:07:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys [2013.06.13 08:23:15 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.13 08:21:56 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.12 14:12:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.08 07:55:32 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk [2013.06.04 15:14:43 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.06.03 15:38:46 | 000,019,194 | ---- | M] () -- C:\Users\Alexandra\Desktop\einreise.gif [2013.06.03 15:38:46 | 000,006,983 | ---- | M] () -- C:\Users\Alexandra\Desktop\customs_01.gif [2013.06.03 13:39:11 | 000,374,344 | ---- | M] () -- C:\Users\Alexandra\Desktop\11-12.pdf [2013.05.23 07:48:52 | 003,311,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.21 19:21:07 | 000,447,819 | ---- | M] () -- C:\Users\Alexandra\Desktop\A380LH.pdf [2013.05.20 16:15:01 | 000,003,072 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage [2013.05.20 16:14:58 | 000,003,072 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\file__0.localstorage [2013.05.20 16:14:46 | 000,000,250 | ---- | M] () -- C:\Users\Public\Desktop\More Youda Games.url [2013.05.15 16:09:49 | 001,007,064 | ---- | M] () -- C:\Users\Alexandra\Desktop\Anl1_zu_FB1_ab2011.pdf [2013.05.15 16:09:00 | 001,250,503 | ---- | M] () -- C:\Users\Alexandra\Desktop\FB1_ab2011.pdf ========== Files Created - No Company Name ========== [2013.06.13 12:16:41 | 000,000,101 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013.06.13 12:14:42 | 000,648,201 | ---- | C] () -- C:\Users\Alexandra\Desktop\adwcleaner.exe [2013.06.13 09:44:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.13 08:21:55 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.12 14:11:58 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.12 14:11:54 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.08 07:55:32 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk [2013.06.08 07:54:36 | 000,068,096 | ---- | C] () -- C:\windows\SysWow64\CNC1754D.TBL [2013.06.04 16:40:13 | 000,001,126 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 16:40:04 | 000,001,122 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 15:14:43 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.06.03 15:39:19 | 000,006,983 | ---- | C] () -- C:\Users\Alexandra\Desktop\customs_01.gif [2013.06.03 15:39:14 | 000,019,194 | ---- | C] () -- C:\Users\Alexandra\Desktop\einreise.gif [2013.06.03 13:39:10 | 000,374,344 | ---- | C] () -- C:\Users\Alexandra\Desktop\11-12.pdf [2013.05.22 17:50:33 | 003,311,280 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.21 19:21:06 | 000,447,819 | ---- | C] () -- C:\Users\Alexandra\Desktop\A380LH.pdf [2013.05.21 09:02:35 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.20 16:14:59 | 000,003,072 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage [2013.05.20 16:14:58 | 000,003,072 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\file__0.localstorage [2013.05.20 16:14:46 | 000,000,250 | ---- | C] () -- C:\Users\Public\Desktop\More Youda Games.url [2013.05.18 08:03:10 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.05.15 16:09:49 | 001,007,064 | ---- | C] () -- C:\Users\Alexandra\Desktop\Anl1_zu_FB1_ab2011.pdf [2013.05.15 16:09:00 | 001,250,503 | ---- | C] () -- C:\Users\Alexandra\Desktop\FB1_ab2011.pdf [2013.04.18 15:49:45 | 000,010,111 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\recently-used.xbel [2013.01.28 19:34:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2013.01.28 19:14:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2013.01.28 18:18:22 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.11.06 18:09:26 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.11.06 18:09:26 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.11.06 18:09:04 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.06 18:09:00 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.11.06 18:09:00 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 06:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.08 08:05:47 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon [2013.04.18 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\IGG [2013.04.11 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\OpenOffice.org [2013.06.04 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\ViquaSoft [2013.05.20 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Youdagames ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:708B64DC @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Users\Alexandra\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Alexandra\Documents\desktop.ini:gs5sys @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:74B502CB @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B1E64E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:BAC2F271 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DF0BC727 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:490BCC52 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:0D52F295 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8B51CAAE < End of report > Geändert von Kana (13.06.2013 um 12:27 Uhr) |
|
13.06.2013, 18:43
| #6 |
| /// the machine /// TB-Ausbilder | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log. Noch Probleme? 
__________________ --> Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe |
|
13.06.2013, 21:28
| #7 |
| | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Hallo, ich habe nun die Scans gemacht, ob sich das Problem gelöst hat kann ich dir erst morgen Früh mitteilen, da die Mails meistens über Nacht kamen. Aber bisher sind keine mehr aufgetaucht. Wie sieht es den mit meinem System aus, kannst du was aus den Scans heraussehen? Danke schonmal im Voraus :-) ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7412211c06c5744fa1ad871715c9e90f
# engine=14067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-13 08:15:02
# local_time=2013-06-13 10:15:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 28323 236577792 21098 0
# compatibility_mode=5893 16776574 100 94 5232985 30660613 0 0
# scanned=301909
# found=0
# cleaned=0
# scan_time=7975
SecurityCeck: Code:
ATTFilter Results of screen317's Security Check version 0.99.64
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.3.300.257
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
OTL: Code:
ATTFilter OTL logfile created on: 13.06.2013 22:21:08 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexandra\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,71 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 64,54% Memory free 6,83 Gb Paging File | 5,08 Gb Available in Paging File | 74,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 443,17 Gb Total Space | 372,91 Gb Free Space | 84,15% Space Free | Partition Type: NTFS Computer Name: LEXI | User Name: Alexandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 10:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2012.11.30 09:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe PRC - [2012.11.30 09:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe PRC - [2012.11.06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012.10.31 13:03:00 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012.04.03 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ========== Modules (No Company Name) ========== MOD - [2012.11.30 09:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll MOD - [2012.11.30 09:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll MOD - [2012.11.30 09:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll MOD - [2012.11.30 09:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll MOD - [2012.11.30 09:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.06.08 04:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.10.08 22:03:50 | 000,090,992 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.20 07:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.05.21 09:02:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.27 17:50:00 | 004,448,104 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2013.03.14 13:14:26 | 002,912,304 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService) SRV - [2013.03.05 16:47:00 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.30 09:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2012.11.08 16:25:28 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 00:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012.10.31 13:57:44 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.10.31 13:03:00 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent) SRV - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.15 04:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.18 03:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.07.18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.03 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 18:09:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.31 13:37:42 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.10.31 13:37:40 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.10.31 13:37:38 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.10.31 13:37:36 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.10.31 13:37:36 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.10.31 13:37:34 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.10.31 13:37:34 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.10.31 13:37:34 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.08 22:03:18 | 000,325,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.18 17:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.09.06 18:25:26 | 000,719,504 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.08.09 20:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.08.06 05:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2012.07.31 04:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.27 14:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.03 01:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.25 03:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{74BFD63A-383B-407D-8AC1-BDD4E79720F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{74BFD63A-383B-407D-8AC1-BDD4E79720F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {74BFD63A-383B-407D-8AC1-BDD4E79720F3} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.04 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\mozilla\Extensions [2013.06.12 14:11:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.12 14:11:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AA4DACA-731E-4792-AFE3-63FD2A23C056}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6633FB3C-3779-4E69-BBA3-6C12697E867F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 19:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.06.13 19:54:46 | 000,000,000 | R--D | C] -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.13 12:38:58 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.06.13 12:38:54 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.13 12:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.06.13 11:15:23 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.13 10:03:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe [2013.06.13 09:44:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Malwarebytes [2013.06.13 09:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.13 09:07:07 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys [2013.06.13 08:27:38 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Avira [2013.06.13 08:23:31 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.13 08:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.13 08:21:40 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.06.13 08:21:40 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.06.13 08:21:40 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.06.13 08:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.13 08:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.12 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.06.12 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.08 08:05:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2013.06.08 08:05:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.06.08 08:05:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.06.08 08:05:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2013.06.08 08:05:47 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Canon [2013.06.08 08:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.06.08 07:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Benutzerregistrierung [2013.06.08 07:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.06.08 07:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.06.08 07:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.06.08 07:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.06.08 07:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual [2013.06.08 07:54:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.06.08 07:54:42 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information [2013.06.08 07:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series [2013.06.08 07:53:54 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.06.08 07:53:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING [2013.06.08 07:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.06.04 16:54:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.04 16:50:40 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Macromedia [2013.06.04 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Mozilla [2013.06.04 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Mozilla [2013.06.04 16:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.06.04 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.04 16:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Google [2013.06.04 15:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft [2013.06.04 10:40:34 | 000,000,000 | ---D | C] -- C:\Games [2013.06.04 10:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin Games [2013.06.04 10:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games [2013.06.01 15:03:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\bigfish [2013.05.30 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\FamilyRestaurant [2013.05.27 09:22:15 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\ViquaSoft [2013.05.26 17:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2013.05.26 17:33:58 | 000,000,000 | ---D | C] -- C:\GameHouse Games [2013.05.26 17:33:54 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\WinRAR [2013.05.23 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013.05.21 09:03:03 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo US [2013.05.21 09:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media [2013.05.21 09:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media [2013.05.21 09:00:49 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2013.05.20 16:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBit Games [2013.05.20 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames [2013.05.20 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youdagames [2013.05.20 16:13:35 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Youdagames [2013.01.28 19:14:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe ========== Files - Modified Within 30 Days ========== [2013.06.13 22:19:40 | 000,890,839 | ---- | M] () -- C:\Users\Alexandra\Desktop\SecurityCheck.exe [2013.06.13 21:45:00 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 21:33:07 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.13 19:54:15 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 19:54:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.13 15:41:34 | 002,362,670 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.13 15:41:34 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.13 15:41:34 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.13 15:41:34 | 000,484,676 | ---- | M] () -- C:\windows\SysNative\perfh011.dat [2013.06.13 15:41:34 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.13 15:41:34 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.13 15:41:34 | 000,132,552 | ---- | M] () -- C:\windows\SysNative\perfc011.dat [2013.06.13 12:34:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.13 12:34:19 | 3183,919,104 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 12:16:52 | 000,000,101 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013.06.13 10:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe [2013.06.13 09:07:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys [2013.06.13 08:23:15 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.13 08:21:56 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.12 14:12:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.08 07:55:32 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk [2013.06.04 15:14:43 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.06.03 15:38:46 | 000,019,194 | ---- | M] () -- C:\Users\Alexandra\Desktop\einreise.gif [2013.06.03 15:38:46 | 000,006,983 | ---- | M] () -- C:\Users\Alexandra\Desktop\customs_01.gif [2013.06.03 13:39:11 | 000,374,344 | ---- | M] () -- C:\Users\Alexandra\Desktop\11-12.pdf [2013.05.23 07:48:52 | 003,311,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.21 19:21:07 | 000,447,819 | ---- | M] () -- C:\Users\Alexandra\Desktop\A380LH.pdf [2013.05.20 16:15:01 | 000,003,072 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage [2013.05.20 16:14:58 | 000,003,072 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\file__0.localstorage [2013.05.20 16:14:46 | 000,000,250 | ---- | M] () -- C:\Users\Public\Desktop\More Youda Games.url [2013.05.15 16:09:49 | 001,007,064 | ---- | M] () -- C:\Users\Alexandra\Desktop\Anl1_zu_FB1_ab2011.pdf [2013.05.15 16:09:00 | 001,250,503 | ---- | M] () -- C:\Users\Alexandra\Desktop\FB1_ab2011.pdf ========== Files Created - No Company Name ========== [2013.06.13 22:19:39 | 000,890,839 | ---- | C] () -- C:\Users\Alexandra\Desktop\SecurityCheck.exe [2013.06.13 12:16:41 | 000,000,101 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2013.06.13 08:21:55 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.12 14:11:58 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.12 14:11:54 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.08 07:55:32 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5300 series Online-Handbuch.lnk [2013.06.08 07:54:36 | 000,068,096 | ---- | C] () -- C:\windows\SysWow64\CNC1754D.TBL [2013.06.04 16:40:13 | 000,001,126 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 16:40:04 | 000,001,122 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 15:14:43 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.06.03 15:39:19 | 000,006,983 | ---- | C] () -- C:\Users\Alexandra\Desktop\customs_01.gif [2013.06.03 15:39:14 | 000,019,194 | ---- | C] () -- C:\Users\Alexandra\Desktop\einreise.gif [2013.06.03 13:39:10 | 000,374,344 | ---- | C] () -- C:\Users\Alexandra\Desktop\11-12.pdf [2013.05.22 17:50:33 | 003,311,280 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.21 19:21:06 | 000,447,819 | ---- | C] () -- C:\Users\Alexandra\Desktop\A380LH.pdf [2013.05.21 09:02:35 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.20 16:14:59 | 000,003,072 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\https_drm.youdagames.com_0.localstorage [2013.05.20 16:14:58 | 000,003,072 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\file__0.localstorage [2013.05.20 16:14:46 | 000,000,250 | ---- | C] () -- C:\Users\Public\Desktop\More Youda Games.url [2013.05.18 08:03:10 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.05.15 16:09:49 | 001,007,064 | ---- | C] () -- C:\Users\Alexandra\Desktop\Anl1_zu_FB1_ab2011.pdf [2013.05.15 16:09:00 | 001,250,503 | ---- | C] () -- C:\Users\Alexandra\Desktop\FB1_ab2011.pdf [2013.04.18 15:49:45 | 000,010,111 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\recently-used.xbel [2013.01.28 19:34:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2013.01.28 19:14:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2013.01.28 18:18:22 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.11.06 18:09:26 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.11.06 18:09:26 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.11.06 18:09:04 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.06 18:09:00 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.11.06 18:09:00 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 06:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.08 08:05:47 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon [2013.04.18 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\IGG [2013.04.11 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\OpenOffice.org [2013.06.04 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\ViquaSoft [2013.05.20 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Youdagames ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:708B64DC @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Users\Alexandra\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Alexandra\Documents\desktop.ini:gs5sys @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:74B502CB @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B1E64E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:BAC2F271 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DF0BC727 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:490BCC52 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:0D52F295 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8B51CAAE < End of report > |
|
14.06.2013, 06:51
| #8 |
| /// the machine /// TB-Ausbilder | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Adobe bitte updaten. wenn Du keine Probleme mehr hast sind wir fertig . Sag einfach Bescheid.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2013, 07:23
| #9 |
| | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Also über Nacht sind keine Mails dieser Art mehr angekommen....ich denke und hoffe das sich das Problem damit erledigt hat :-) Ich danke dir auf jeden Fall sehr für deine Hilfe!!! :-) |
|
14.06.2013, 11:58
| #10 |
| /// the machine /// TB-Ausbilder | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Ok, aufräumen Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 07:25
| #11 |
| | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Hallo Schrauber, habe alles erledigt und auch keine Probleme mehr damit! Ich danke dir nochmals für deine tolle Hilfe!!! :-) |
|
16.06.2013, 07:54
| #12 |
| /// the machine /// TB-Ausbilder | Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe Gern geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe |
| 7-zip, antivir, autorun, avira, bho, browser, canon, down, error, failed, firefox, flash player, homepage, iexplore.exe, install.exe, logfile, mail delivery, malware, mozilla, msvcrt, programm, realtek, registry, rundll, security, shark, software, spyware, svchost.exe, symantec, windowsapps |
Linear-Darstellung
