| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.03.2014, 11:48
| #1 |
 |  Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, seit einiger Zeit braucht mein laptop EEEEEEWIG sich zu booten, seit kurzem hab ich ständig Fehlermeldungen bei t-online-email und Aufhänger. Seit ein paar Tagen öffnen sich willkürlich pop-up-Fenster und das laptop hängt sich auf....auch ohne pop ups. Hier mal die Vorarbeit und schon mal VIELEN DANK für die Hilfe. LG Mundi defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:56 on 03/03/2014 (Raimund)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Raimund (administrator) on RAIMUND-PC on 03-03-2014 10:57:37
Running from C:\Users\Raimund\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Deutsche Telekom AG) C:\Users\Raimund\AppData\Local\DTAG\Dtor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-08] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-13] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-13] (Memeo Inc.)
HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-02] ()
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [DTAGSSDVDReport] - C:\Users\Raimund\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\MountPoints2: {e634a84b-2703-11df-b15a-806e6f6e6963} - G:\Menu.exe
Startup: C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL =
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
SearchScopes: HKCU - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1
SearchScopes: HKCU - {5119FB30-9FFF-47B4-8A80-19A544DEC875} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {68B6BBB4-2B92-42B8-9071-45F275E0AF04} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
SearchScopes: HKCU - {7956413B-17A5-4099-912A-FA61DDCBE3C3} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {DD1D79C2-C6C2-4E82-8BD6-C2A07E973047} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0}
SearchScopes: HKCU - {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files\XingHaoLyrics\lrcspal.dll No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - FileConverter 1.3 B2 Toolbar - {99A9C3BA-07F6-4699-BC81-65CAB16E204B} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Internet Shortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\System32\ieframe.dll [9739264 2014-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
========================== Services (Whitelisted) =================
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-13] (Memeo)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] ()
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-02] (Memeo)
R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
==================== Drivers (Whitelisted) ====================
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation)
S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation)
S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-13] (Symantec Corporation)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [18992 2008-10-31] (Microsoft Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140228.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVENG.SYS [93272 2013-12-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVEX15.SYS [1612376 2013-12-13] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation)
S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [27184 2008-10-31] ()
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 PCASp50; System32\Drivers\PCASp50.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-03 10:57 - 2014-03-03 10:59 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt
2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST
2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log
2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable
2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe
2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe
2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe
2014-03-02 00:39 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio
2014-02-20 11:08 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio
2014-02-20 11:08 - 2014-02-20 11:20 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-02-15 15:26 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 15:26 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 15:26 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 15:26 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 15:26 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 15:26 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 15:26 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 15:26 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 15:26 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 15:26 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 15:26 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 15:26 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-15 15:26 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 15:07 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
==================== One Month Modified Files and Folders =======
2014-03-03 10:59 - 2014-03-03 10:57 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt
2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST
2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log
2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable
2014-03-03 10:56 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund
2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe
2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe
2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe
2014-03-03 10:33 - 2008-09-18 01:46 - 02009085 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 10:30 - 2009-11-03 22:40 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-03 10:29 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.dat
2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.001
2014-03-03 10:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 00:09 - 2008-07-09 07:09 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-03 00:09 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-03 00:03 - 2012-12-12 16:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 00:41 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio
2014-03-02 00:41 - 2014-02-20 11:08 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio
2014-02-27 14:05 - 2006-11-02 11:33 - 01619710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 23:54 - 2010-06-08 20:30 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Skype
2014-02-20 22:03 - 2012-12-12 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 22:03 - 2012-12-12 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 11:20 - 2014-02-20 11:08 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-02-20 11:16 - 2006-11-02 13:52 - 00108264 _____ () C:\Windows\setupact.log
2014-02-20 11:07 - 2008-07-08 15:23 - 00000000 ____D () C:\Program Files\Samsung
2014-02-17 14:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-15 15:40 - 2013-08-15 14:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 15:34 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-05 09:58 - 2014-02-15 15:26 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-15 15:26 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-15 15:26 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-15 15:26 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-15 15:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-15 15:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-15 15:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-15 15:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-15 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-15 15:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-15 15:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-15 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-15 15:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-03 19:51 - 2008-01-21 03:47 - 01245526 _____ () C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\Raimund\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Raimund\AppData\Local\Temp\ose00000.exe
C:\Users\Raimund\AppData\Local\Temp\_is2FA7.exe
C:\Users\Raimund\AppData\Local\Temp\_is3EE3.exe
C:\Users\Raimund\AppData\Local\Temp\_is3F9.exe
C:\Users\Raimund\AppData\Local\Temp\_is74B2.exe
C:\Users\Raimund\AppData\Local\Temp\_isA9B.exe
C:\Users\Raimund\AppData\Local\Temp\_isAA62.exe
C:\Users\Raimund\AppData\Local\Temp\_isAFE1.exe
C:\Users\Raimund\AppData\Local\Temp\_isB46.exe
C:\Users\Raimund\AppData\Local\Temp\_isBB05.exe
C:\Users\Raimund\AppData\Local\Temp\_isBE8D.exe
C:\Users\Raimund\AppData\Local\Temp\_isCD7B.exe
C:\Users\Raimund\AppData\Local\Temp\_isE733.exe
C:\Users\Raimund\AppData\Local\Temp\_isF4AB.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-03 10:35
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014
Ran by Raimund at 2014-03-03 10:59:21
Running from C:\Users\Raimund\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
C4700 (Version: 130.0.373.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die ersten 10 Jahre (HKLM\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.12.0.11 - FileConverter 1.3 B2)
FILEminimizer Pictures (HKLM\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LyricsPal (HKLM\...\lrcspal@xinghao.net) (Version: - XingHao Software) <==== ATTENTION
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{25F60491-F5AB-4985-9354-37C146783F35}) (Version: 2.0.0.0000 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA System Update (HKLM\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA System Update (Version: 3.00 - NVIDIA Corporation) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)
PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Reclams Kreuzworträtsellexikon (HKLM\...\Reclams Kreuzworträtsellexikon) (Version: - )
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Shockwave (HKLM\...\Shockwave) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Telefonauskunft und Rückwärtssuche auf CD-ROM (HKLM\...\{42F81BE4-63FC-455C-8F80-2158612EDA9E}) (Version: 1.00.0000 - telegate MEDIA AG)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB FLYING STICK (HKLM\...\FT7195) (Version: - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Works Suite-Betriebssystem-Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works-Synchronisierung (Version: 1.0.0.0000 - Firmenname) Hidden
==================== Restore Points =========================
14-09-2013 12:58:04 Windows Update
16-10-2013 12:14:51 Windows Update
14-11-2013 14:14:59 Windows Update
14-12-2013 14:31:52 Windows Update
16-01-2014 08:54:29 Windows Update
29-01-2014 13:32:04 Windows Update
15-02-2014 14:20:27 Windows Update
27-02-2014 12:58:14 Windows Update
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {1C1403F7-AA79-4AEB-B025-B6645E4819B1} - System32\Tasks\{5DE02A4D-873C-479A-83A9-AEEDE6DE5690} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {206E3C38-F33B-415D-9450-1CD60B8135E8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION
Task: {3048F55A-A266-40E3-8960-C82CC5E9F0A2} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3DFD267D-6C28-4D9F-9B75-BDF1CC00D3CC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION
Task: {3E21E1AC-D61F-4D06-85AE-7BA3CE25479D} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {46A2672D-D19D-4A06-92B0-76E399E1AFAE} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {492B8F7F-EE8B-4BD2-96F0-3CD390189FA9} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\Windows\System32\mcbuilder.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {557A9153-8060-4500-85DA-841BFEE856A2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] () <==== ATTENTION
Task: {56FC5C7B-173D-4CF6-8A5E-EACC301EBB6F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {601584B6-D7D9-4A55-AB93-0E04245E4CF8} - System32\Tasks\{D59EAB00-DDF4-401D-A6F0-FD1318A8749C} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {6FA7AB56-F5FB-4F1B-85A9-EF399DDC1807} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) <==== ATTENTION
Task: {77DFA1C0-895B-437F-ADEA-FA41F08AA14D} - System32\Tasks\{DF54DA06-F274-4D0E-9C61-9805C7A90D51} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {7B50DB5F-DB88-4F32-93EF-7D1870D6D1DC} - System32\Tasks\{07FD2472-DFFD-4A34-9BEB-67BC0F5F1AE5} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {8EBE5DF9-0174-4C6E-9167-772BB0717C65} - System32\Tasks\Microsoft\Windows\RestartManager\{3054AEBE-DDE9-49f7-94D3-B64A2AD72371} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {B018E776-CC9A-4984-BA5D-7C8A743A6DBE} - System32\Tasks\User_Feed_Synchronization-{F96F0F53-13D2-475D-B150-9A388DCD819E} => C:\Windows\system32\msfeedssync.exe [2012-07-01] (Microsoft Corporation) <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: {C7A04EA0-1AFF-4F27-BE45-EA5FEA5CBA37} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Raimund => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {CB742042-B33B-4C37-8B78-850310DE2EDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated) <==== ATTENTION
Task: {CBD7E95B-A075-44E2-BBE3-E5FCD4C7688A} - System32\Tasks\{1A0563EE-C4EE-4504-82C5-85208CF9817E} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.) <==== ATTENTION
Task: {CE3C7B64-1AB7-4FA9-83BD-864EC211E4D1} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => Sc.exe config upnphost start= auto <==== ATTENTION
Task: {F6C840F6-CE8D-462C-8D55-120313D3D39D} - System32\Tasks\{336BC3DC-756E-41D4-86F0-869C4B6BF4E0} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION
Task: {F8015734-01C2-441E-B19B-54B7A1112A9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.) <==== ATTENTION
Task: {F887B50F-E636-4A82-A80A-3D80F59A5956} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-03-03 22:28 - 2009-08-20 01:19 - 00074984 _____ () C:\Program Files\FILEminimizer Pictures\FILEMShell.dll
2008-07-08 15:32 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2007-07-12 05:55 - 2007-07-12 05:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 05:59 - 2007-08-14 05:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 05:55 - 2007-07-12 05:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-06-02 00:06 - 2011-06-02 00:06 - 00108296 _____ () C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-02 00:11 - 2011-06-02 00:11 - 00030984 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-06-02 00:10 - 2011-06-02 00:10 - 00011016 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll
2008-07-08 15:26 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-05-13 00:44 - 2011-05-13 00:44 - 00325344 _____ () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2011-05-13 00:45 - 2011-05-13 00:45 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-05-13 00:45 - 2011-05-13 00:45 - 00027360 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2011-05-13 00:45 - 2011-05-13 00:45 - 00028672 _____ () C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
2010-03-22 23:59 - 2010-03-22 23:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll
2011-06-01 17:16 - 2011-06-01 17:16 - 00241664 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 17:16 - 2011-06-01 17:16 - 00971776 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/03/2014 10:30:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2014 10:29:41 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/02/2014 08:14:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2014 08:14:39 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/02/2014 06:13:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2014 06:13:37 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (03/01/2014 04:16:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2014 04:15:41 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (02/28/2014 02:14:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/28/2014 02:14:17 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
System errors:
=============
Error: (03/03/2014 10:33:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: )
Description: PCASp50 NDIS Protocol Driver%%2
Error: (03/02/2014 08:17:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: )
Description: PCASp50 NDIS Protocol Driver%%2
Error: (03/02/2014 06:16:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: )
Description: PCASp50 NDIS Protocol Driver%%2
Error: (03/01/2014 04:18:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-10 19:36:27.988
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:36:26.970
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:36:26.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:36:26.335
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:09.428
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:08.434
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:08.068
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-10 19:33:07.636
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-01 19:52:04.922
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-01 19:52:04.615
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3065.88 MB
Available physical RAM: 1817.85 MB
Total Pagefile: 6352.15 MB
Available Pagefile: 5103.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144.09 GB) (Free:30.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:143.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B6394A61)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-03 11:35:55
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Raimund\AppData\Local\Temp\pxliqfoc.sys
---- System - GMER 2.1 ----
SSDT 8782D038 ZwAlertResumeThread
SSDT 8782D0D0 ZwAlertThread
SSDT 8751FCE8 ZwAllocateVirtualMemory
SSDT 871CFB18 ZwAlpcConnectPort
SSDT 873C2EA0 ZwAssignProcessToJobObject
SSDT 872DFE30 ZwCreateMutant
SSDT 873C2C98 ZwCreateSymbolicLinkObject
SSDT 87621A78 ZwCreateThread
SSDT 873C2F38 ZwDebugActiveProcess
SSDT 872DF090 ZwDuplicateObject
SSDT 876A2CB8 ZwFreeVirtualMemory
SSDT 872DFED8 ZwImpersonateAnonymousToken
SSDT 872DFF70 ZwImpersonateThread
SSDT 8709E330 ZwLoadDriver
SSDT 8741C490 ZwMapViewOfSection
SSDT 872DFD98 ZwOpenEvent
SSDT 873C20C0 ZwOpenProcess
SSDT 8751FD70 ZwOpenProcessToken
SSDT 872DFC68 ZwOpenSection
SSDT 872DF118 ZwOpenThread
SSDT 873C2DF8 ZwProtectVirtualMemory
SSDT 8782D168 ZwResumeThread
SSDT 8782D330 ZwSetContextThread
SSDT 8741C350 ZwSetInformationProcess
SSDT 873C2FD0 ZwSetSystemInformation
SSDT 872DFD00 ZwSuspendProcess
SSDT 8782D200 ZwSuspendThread
SSDT 873B1C28 ZwTerminateProcess
SSDT 8782D298 ZwTerminateThread
SSDT 8741C3F8 ZwUnmapViewOfSection
SSDT 876A2D60 ZwWriteVirtualMemory
SSDT 873C2D40 ZwCreateThreadEx
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 30D 82081814 8 Bytes [38, D0, 82, 87, D0, D0, 82, ...]
.text ntoskrnl.exe!KeInsertQueue + 321 82081828 4 Bytes [E8, FC, 51, 87]
.text ntoskrnl.exe!KeInsertQueue + 32D 82081834 4 Bytes [18, FB, 1C, 87] {SBB BL, BH; SBB AL, 0x87}
.text ntoskrnl.exe!KeInsertQueue + 381 82081888 4 Bytes [A0, 2E, 3C, 87]
.text ntoskrnl.exe!KeInsertQueue + 3E5 820818EC 4 Bytes [30, FE, 2D, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9100C340, 0x3E9407, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr |
| bluescreen, booten, browser, browser.exe, device driver, error, excel, flash player, home, hängt, laptop hängt, monitor, object, performance, problem, realtek, registry, rundll, scan, security, software, stick, svchost.exe, symantec, system, vista, windows, wlan |
Baum-Darstellung