![]() |
|
Plagegeister aller Art und deren Bekämpfung: backdoor a b und zulangsamer PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() backdoor a b und zulangsamer PC Hallo ich bin neu und ihr wurdet mir empfolen von jemanden. also ich hab Norton drauf und da habe ich den Backdoor a & b gelesen. es läuft aber kontinuierlich weiter und sagt alles ok. kann doch nicht sein, oder? könnt ihr mir helfen? dazu hab ich nur nen Lappy und ich hab schon mal ein FRST gemacht. freu mich auf Rat..... ![]() Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014 Ran by Heidi (administrator) on HEIDI-PC on 13-07-2014 09:32:12 Running from C:\Users\Heidi\Desktop Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\sxoc4ks0.default FF Homepage: hxxp://www.facebook.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ReloadEvery - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\sxoc4ks0.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-07-10] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-07-08] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-07-13] Chrome: ======= CHR HomePage: CHR StartupUrls: "hxxp://www.google.com/" CHR Extension: (Google Docs) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07] CHR Extension: (Google Drive) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07] CHR Extension: (YouTube) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07] CHR Extension: (Google-Suche) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07] CHR Extension: (Norton Identity Protection) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-08] CHR Extension: (Google Wallet) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07] CHR Extension: (Google Mail) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-07-08] ==================== Services (Whitelisted) ================= R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-07] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140711.001\IDSvia64.sys [525016 2014-07-04] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140712.002\ENG64.SYS [126040 2014-07-09] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140712.002\EX64.SYS [2099288 2014-07-09] (Symantec Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R3 SRTSP; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-13 09:32 - 2014-07-13 09:32 - 00008183 _____ () C:\Users\Heidi\Desktop\FRST.txt 2014-07-13 09:27 - 2014-07-13 09:27 - 02084864 _____ (Farbar) C:\Users\Heidi\Desktop\FRST64.exe 2014-07-13 07:18 - 2014-07-13 07:18 - 00000056 _____ () C:\Windows\setupact.log 2014-07-13 07:18 - 2014-07-13 07:18 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-10 20:55 - 2014-07-10 20:55 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Macromedia 2014-07-10 20:36 - 2014-07-10 20:36 - 00000000 ____D () C:\Windows\ERUNT 2014-07-10 20:23 - 2014-07-10 20:25 - 00000000 ____D () C:\AdwCleaner 2014-07-10 20:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-10 20:20 - 2014-07-10 20:22 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Mozilla 2014-07-10 20:20 - 2014-07-10 20:22 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Mozilla 2014-07-10 20:20 - 2014-07-10 20:20 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-10 20:20 - 2014-07-10 20:20 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-10 20:20 - 2014-07-10 20:20 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-10 20:20 - 2014-07-10 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-10 20:20 - 2014-07-10 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-10 20:02 - 2014-07-10 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 19:49 - 2014-07-13 09:32 - 00000000 ____D () C:\FRST 2014-07-10 17:41 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-10 17:41 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 17:41 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-10 17:41 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-10 17:41 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-10 17:41 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-10 17:41 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-10 17:41 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-10 17:41 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-10 17:41 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-10 17:41 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-10 17:41 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-10 17:41 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-10 17:41 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-10 17:41 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-10 17:41 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-10 17:41 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-10 17:41 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-10 17:41 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-10 17:41 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-10 17:41 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 17:41 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-10 17:41 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-10 17:41 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-10 17:41 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-10 17:41 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-10 17:41 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-10 17:41 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-10 17:41 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-10 17:41 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-10 17:41 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-10 17:41 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-10 17:41 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 17:41 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-10 17:41 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-10 17:41 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-10 17:41 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-10 17:41 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-10 17:41 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-10 17:41 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 17:41 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-10 17:41 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-10 17:41 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 17:41 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-10 17:41 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 17:41 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-10 17:41 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-10 17:41 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 17:41 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-10 17:41 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 17:41 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-10 17:41 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-10 17:41 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-10 17:41 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-10 17:41 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-10 17:41 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-10 17:41 - 2014-06-05 16:44 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-10 17:41 - 2014-06-05 16:44 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-07-10 17:41 - 2014-06-05 16:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-10 17:41 - 2014-06-05 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-07-10 17:41 - 2014-06-05 16:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-10 17:41 - 2014-06-05 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-10 17:41 - 2014-06-05 16:15 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-09 21:27 - 2014-07-13 00:13 - 00150260 _____ () C:\Windows\WindowsUpdate.log 2014-07-09 05:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 05:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 05:28 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 05:28 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 05:28 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 05:28 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 05:28 - 2014-06-18 03:07 - 03161088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 05:28 - 2014-05-30 08:41 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-08 08:37 - 2014-07-08 08:37 - 00000000 ____D () C:\Users\Heidi\Documents\Symantec 2014-07-08 08:36 - 2014-07-08 08:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-08 08:33 - 2014-07-08 08:33 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-07-08 08:32 - 2014-07-08 08:42 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-07-08 08:32 - 2014-07-08 08:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-07-08 08:32 - 2014-07-08 08:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-07-08 08:32 - 2014-07-08 08:32 - 00002569 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-07-08 08:16 - 2014-07-08 08:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-07-08 08:16 - 2014-07-08 08:16 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-07-08 08:15 - 2014-07-08 08:22 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-08 08:15 - 2014-07-08 08:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-08 07:44 - 2014-07-08 08:36 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-07-08 07:44 - 2014-07-08 08:23 - 00001255 _____ () C:\Users\Heidi\Desktop\Norton-Installationsdateien.lnk 2014-07-08 07:44 - 2014-07-08 07:44 - 01021936 _____ (Symantec Corporation) C:\Users\Heidi\Downloads\NortonNISDownloader.exe 2014-07-08 07:44 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-07-08 07:17 - 2014-07-08 07:24 - 246598160 _____ () C:\Users\Heidi\Downloads\kis14.0.0.4651de-de.exe 2014-06-27 20:19 - 2014-06-27 20:19 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-27 20:19 - 2014-06-27 20:19 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-06-27 20:19 - 2014-06-27 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-27 20:19 - 2014-06-27 20:19 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-27 20:18 - 2014-06-27 20:18 - 03673664 _____ (Piriform Ltd) C:\Users\Heidi\ccsetup414_slim.exe ==================== One Month Modified Files and Folders ======= 2014-07-13 09:33 - 2014-07-13 09:32 - 00008183 _____ () C:\Users\Heidi\Desktop\FRST.txt 2014-07-13 09:32 - 2014-07-10 19:49 - 00000000 ____D () C:\FRST 2014-07-13 09:27 - 2014-07-13 09:27 - 02084864 _____ (Farbar) C:\Users\Heidi\Desktop\FRST64.exe 2014-07-13 09:23 - 2014-05-07 19:03 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-13 08:38 - 2014-05-07 19:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-13 07:26 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-13 07:26 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-13 07:23 - 2014-07-09 21:27 - 00150260 _____ () C:\Windows\WindowsUpdate.log 2014-07-13 07:19 - 2014-05-07 19:02 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-13 07:18 - 2014-07-13 07:18 - 00000056 _____ () C:\Windows\setupact.log 2014-07-13 07:18 - 2014-07-13 07:18 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-13 07:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-10 20:55 - 2014-07-10 20:55 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Macromedia 2014-07-10 20:54 - 2014-05-07 19:24 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-10 20:54 - 2014-05-07 19:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-10 20:54 - 2014-05-07 19:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-10 20:36 - 2014-07-10 20:36 - 00000000 ____D () C:\Windows\ERUNT 2014-07-10 20:25 - 2014-07-10 20:23 - 00000000 ____D () C:\AdwCleaner 2014-07-10 20:22 - 2014-07-10 20:20 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Mozilla 2014-07-10 20:22 - 2014-07-10 20:20 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Mozilla 2014-07-10 20:20 - 2014-07-10 20:20 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-10 20:20 - 2014-07-10 20:20 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-10 20:20 - 2014-07-10 20:20 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-10 20:20 - 2014-07-10 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-10 20:20 - 2014-07-10 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-10 20:02 - 2014-07-10 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 18:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-09 18:14 - 2009-07-14 06:45 - 00269648 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 18:13 - 2014-05-06 13:39 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 18:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 18:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 07:33 - 2014-05-06 13:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 07:30 - 2014-05-06 13:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 08:42 - 2014-07-08 08:32 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-07-08 08:37 - 2014-07-08 08:37 - 00000000 ____D () C:\Users\Heidi\Documents\Symantec 2014-07-08 08:36 - 2014-07-08 08:36 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-08 08:36 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-07-08 08:36 - 2014-05-06 20:47 - 00000000 ____D () C:\ProgramData\Norton 2014-07-08 08:33 - 2014-07-08 08:33 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-07-08 08:32 - 2014-07-08 08:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-07-08 08:32 - 2014-07-08 08:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-07-08 08:32 - 2014-07-08 08:32 - 00002569 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-07-08 08:23 - 2014-07-08 07:44 - 00001255 _____ () C:\Users\Heidi\Desktop\Norton-Installationsdateien.lnk 2014-07-08 08:23 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-08 08:22 - 2014-07-08 08:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-08 08:20 - 2014-05-06 12:44 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Adobe 2014-07-08 08:16 - 2014-07-08 08:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-07-08 08:16 - 2014-07-08 08:16 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-07-08 08:15 - 2014-07-08 08:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-08 07:44 - 2014-07-08 07:44 - 01021936 _____ (Symantec Corporation) C:\Users\Heidi\Downloads\NortonNISDownloader.exe 2014-07-08 07:44 - 2014-07-08 07:44 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-07-08 07:24 - 2014-07-08 07:17 - 246598160 _____ () C:\Users\Heidi\Downloads\kis14.0.0.4651de-de.exe 2014-07-04 17:19 - 2014-05-06 15:33 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Microsoft Games 2014-06-30 04:09 - 2014-07-09 05:28 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-09 05:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-27 20:27 - 2014-06-08 22:18 - 00000000 ____D () C:\Users\Heidi\AppData\Local\CrashDumps 2014-06-27 20:27 - 2014-05-06 13:16 - 00000000 ____D () C:\Windows\Panther 2014-06-27 20:22 - 2014-05-06 12:27 - 00000000 ____D () C:\Users\Heidi 2014-06-27 20:19 - 2014-06-27 20:19 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-27 20:19 - 2014-06-27 20:19 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-06-27 20:19 - 2014-06-27 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-06-27 20:19 - 2014-06-27 20:19 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-27 20:18 - 2014-06-27 20:18 - 03673664 _____ (Piriform Ltd) C:\Users\Heidi\ccsetup414_slim.exe 2014-06-20 22:14 - 2014-07-10 17:41 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 21:39 - 2014-07-10 17:41 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-19 03:39 - 2014-07-10 17:41 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 03:06 - 2014-07-10 17:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 03:06 - 2014-07-10 17:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 02:48 - 2014-07-10 17:41 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 02:42 - 2014-07-10 17:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 02:42 - 2014-07-10 17:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 02:41 - 2014-07-10 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 02:41 - 2014-07-10 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 02:32 - 2014-07-10 17:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 02:31 - 2014-07-10 17:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 02:26 - 2014-07-10 17:41 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 02:24 - 2014-07-10 17:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 02:24 - 2014-07-10 17:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 02:23 - 2014-07-10 17:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 02:16 - 2014-07-10 17:41 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-19 02:14 - 2014-07-10 17:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 02:09 - 2014-07-10 17:41 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:59 - 2014-07-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:56 - 2014-07-10 17:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-19 01:53 - 2014-07-10 17:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 01:51 - 2014-07-10 17:41 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-10 17:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-10 17:41 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 01:39 - 2014-07-10 17:41 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 01:38 - 2014-07-10 17:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-19 01:37 - 2014-07-10 17:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-19 01:36 - 2014-07-10 17:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-10 17:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-19 01:33 - 2014-07-10 17:41 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-10 17:41 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-19 01:28 - 2014-07-10 17:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-19 01:28 - 2014-07-10 17:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-19 01:27 - 2014-07-10 17:41 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 01:27 - 2014-07-10 17:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 01:25 - 2014-07-10 17:41 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-19 01:23 - 2014-07-10 17:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-19 01:22 - 2014-07-10 17:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-19 01:12 - 2014-07-10 17:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-19 01:06 - 2014-07-10 17:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-10 17:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-19 00:59 - 2014-07-10 17:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-10 17:41 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:58 - 2014-07-10 17:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-19 00:52 - 2014-07-10 17:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-10 17:41 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-10 17:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-19 00:46 - 2014-07-10 17:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-10 17:41 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-10 17:41 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-10 17:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-10 17:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-10 17:41 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-10 17:41 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-10 17:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 22:18 - 2014-05-07 19:03 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-18 22:18 - 2014-05-07 19:03 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-18 04:18 - 2014-07-09 05:28 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 03:51 - 2014-07-09 05:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-06-18 03:07 - 2014-07-09 05:28 - 03161088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-16 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache Files to move or delete: ==================== C:\Users\Heidi\ccsetup414_slim.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 10:17 ==================== End Of Log ============================ |
Themen zu backdoor a b und zulangsamer PC |
administrator, adobe, adobe flash player, backdoor, browser, ccsetup, download, explorer, flash player, home, homepage, kis, microsoft, mozilla, neu, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, windows, winlogon.exe |