Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.03.2013, 19:19   #1
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Liebes trojaner-board-Team,

seit einigen Tagen fällt mir auf, dass bei meinem GMX-Account als "letzter Login" Zeiten registriert sind, zu denen ich nachweislich nicht online war (teilweise 2 oder 3 Uhr nachts).
Einen Zugriff von einer mir bekannten Person kann ich zu 100% ausschließen, da niemand mein Passwort oder Zugang zu meinem PC/Laptop hat.

Ich greife auf meinen GMX-Account von meinem Laptop täglich und 1-2x pro Woche auch von meinem PC aus zu (Outlook, Thunderbird oder auch Web). Auf beiden Computern habe ich Norton 360, das stets auf dem aktuellsten Stand gehalten wird. Auf dem Laptop und dem PC habe ich je mehrere Suchläufe mit Norton 360 und Super Anti Spyware laufen lassen.

Auf dem Laptop hat Norton nichts, und Super-Antispyware lediglich Tracking-Cookies (adfarm) gefunden. Auf dem PC hat Norton 1 Virus (Trojaner) und Tracking Cookies gefunden, Super-Spyware mehrere Trojaner und etliche Tracking-Cookies gefunden.

Nachdem ich die infizierten Dateien von mir nicht mehr gebraucht wurden, habe ich diese alle gelöscht (PC). Von da an änderte ich auf dem Laptop mehrmals das Passwort für GMX, leider traten die Zugriffe weiterhin (die letzten 2 Tage) auf. Der Zugriff erfolgte nur noch über den Laptop.

Ich würde gerne Laptop und PC durchchecken, wichtiger wäre mir zunächst der Laptop, da er neuer ist. Eigentlich wäre es verwunderlich, da ich ihn erst seit Januar habe, aber die unerklärlichen Zugriffe lassen fast keinen anderen Schluss zu.

Wie gesagt, ich würde gerne mit dem Laptop beginnen...

Viele Grüße

Stevie-1984

PS. Hier die OTL.txt, Extras.txt und die gmer.txt; bei GMER taucht eine Fehlermeldung (Anhang) auf, ein Log-File wird erstellt.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 14.03.2013 18:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 81,90% Memory free
9,14 Gb Paging File | 7,67 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,69 Gb Free Space | 88,92% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013.02.21 15:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.23 18:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.29 18:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.09.05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012.09.05 08:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012.09.05 08:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012.08.15 12:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012.07.18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.05 08:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012.09.05 08:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012.09.05 08:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012.09.05 08:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012.09.05 08:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012.06.08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012.06.08 03:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.29 02:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.04.20 06:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.03.12 20:00:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 20:44:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013.02.21 15:25:44 | 002,910,256 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.23 18:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.29 19:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.09.29 18:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012.09.05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012.08.16 12:08:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.11 00:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 02:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.29 00:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.28 19:42:43 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013.01.11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.23 18:35:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.29 18:43:26 | 000,575,128 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.09.29 18:43:24 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.09.29 18:43:22 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.09.29 18:43:22 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.09.29 18:43:20 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.09.29 18:43:20 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.09.29 18:43:20 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.09.29 18:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.19 00:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.09.06 19:05:06 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM)
DRV:64bit: - [2012.08.16 03:26:42 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.06 03:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.07.31 03:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.27 13:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.25 02:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.06.12 13:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.05.26 01:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -- (ccSet_NARA)
DRV - [2013.01.26 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130314.004\ex64.sys -- (NAVEX15)
DRV - [2013.01.26 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.01.26 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.01.26 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130314.004\eng64.sys -- (NAVENG)
DRV - [2013.01.24 16:29:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130312.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.01.16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0}
IE:64bit: - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0}
IE - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {29B1A520-C273-44ED-A82A-DB524E785CA0}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013.01.28 19:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013.03.14 17:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 20:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.14 19:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 20:44:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.02 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions
[2013.02.07 21:15:33 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions\sammelfreund@webmiles.de
[2013.02.14 19:40:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.02.12 19:48:20 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\tineye@ideeinc.com.xpi
[2013.02.07 21:15:33 | 000,128,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\toolbar-ff@payback.de.xpi
[2013.03.09 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 20:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.09 20:44:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.12 22:09:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 22:09:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.12 22:09:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.12 22:09:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.12 22:09:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.12 22:09:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAEB5F0-1A65-4275-B88E-A13B42C731CE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.14 18:27:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 17:37:34 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.03.13 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.12 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.12 19:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Spyware Scanner
[2013.03.12 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner
[2013.03.09 20:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.03.08 16:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.03.07 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.01 14:32:34 | 000,000,000 | ---D | C] -- C:\83653373651835b891237365
[2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV
[2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV
[2013.02.28 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.02.28 18:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.27 21:11:21 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2013.02.24 19:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop
[2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.02.15 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Studium
[2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.14 19:12:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Thunderbird
[2013.02.14 19:12:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Thunderbird
[2013.02.14 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 18:25:51 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.14 18:24:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.14 18:00:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.14 17:42:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job
[2013.03.14 17:41:00 | 002,176,475 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013.03.14 17:36:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.13 22:19:11 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.13 22:19:02 | 2324,926,463 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 20:36:28 | 000,002,928 | ---- | M] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9}
[2013.03.13 19:29:20 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2013.03.12 19:58:49 | 006,423,656 | ---- | M] () -- C:\Users\User\FreeSpywareScanner9.6.exe
[2013.03.12 19:35:39 | 000,002,928 | ---- | M] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7}
[2013.03.08 16:31:19 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.08 16:30:57 | 000,427,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.03.08 16:30:05 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013.03.01 19:36:01 | 000,002,928 | ---- | M] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72}
[2013.02.28 18:58:28 | 000,002,928 | ---- | M] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E}
[2013.02.22 19:36:10 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.22 19:36:10 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.22 19:36:10 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.22 19:36:10 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.22 19:36:10 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.21 16:59:08 | 002,063,240 | ---- | M] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2013.02.14 22:17:54 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 19:40:40 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.14 19:12:27 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2013.03.14 18:25:51 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.14 18:24:37 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.13 20:36:27 | 000,002,928 | ---- | C] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9}
[2013.03.13 19:29:19 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2013.03.12 19:58:34 | 006,423,656 | ---- | C] () -- C:\Users\User\FreeSpywareScanner9.6.exe
[2013.03.12 19:35:39 | 000,002,928 | ---- | C] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7}
[2013.03.01 19:36:00 | 000,002,928 | ---- | C] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72}
[2013.02.28 18:58:27 | 000,002,928 | ---- | C] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E}
[2013.02.28 18:14:56 | 003,547,239 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin
[2013.02.28 18:12:35 | 000,014,148 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013.02.27 21:11:21 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013.02.15 20:05:50 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.02.14 22:17:53 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 22:17:52 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.14 19:19:29 | 000,427,328 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.14 19:12:25 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.02.14 19:12:17 | 000,002,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.01.28 10:59:15 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012.08.16 03:27:12 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012.08.16 03:27:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.08.16 03:26:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.08.16 03:26:32 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.08.16 03:26:32 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012.04.20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.14 19:12:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:

Code:
ATTFilter
 OTL Extras logfile created on: 14.03.2013 18:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 81,90% Memory free
9,14 Gb Paging File | 7,67 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,69 Gb Free Space | 88,92% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0E22F-B40D-47E3-A964-CF8750555235}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1FC054FA-4BB8-4912-9296-DD5BB598864E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C46A72-6547-4F4A-B25E-D187E39EF5C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{338E5BE1-C7DE-4456-9DD5-D44C1398E204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E28B3FB-95F5-403D-BDE3-7CEC45164122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F321406-B2A5-4374-9F4D-91B35628892A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4768B628-0369-434A-B9A1-DC760EC11A0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48D386C3-82FB-489C-8DDB-7FF6D9E62063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E516A26-9160-401E-B1AF-EB47F14C6139}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5AF4E63F-10FF-4E31-8814-DF8FB618B100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{620A2EE9-10F9-4324-ADC2-00439E6600C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7C50FB0B-61F0-4674-BD20-055C52C564A4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{91B674A2-D43B-4DE5-BC2E-B9617B8CDB2D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{948D3014-4F4C-402B-92CE-34928DD626D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C122646-305B-4E8D-BE55-BA70CF4BDE78}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9DC9E6D5-9416-436B-B27A-4632C37A7A80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B3E99500-C0BC-4E05-9962-CD4D99B1F7E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFE77CDC-F02B-45DD-9B98-1DEDE6110B8A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C46C0C89-9B68-4D61-B7C4-8E176D6CC73B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C47EB13A-9628-4371-B542-91307CBEFE55}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D51958C0-A7FF-4F88-A331-ABA83698CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6524EE1-07D7-41DF-9080-FF306EA158A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F15D5A8C-44CB-4A03-918A-9A67F6B54B17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F71F5687-2B37-4309-8995-3253B0F5B5E3}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C7F723-B67F-4D2A-9EDC-FA2DEF522987}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{03947F51-900C-4711-88E3-1A6178D2E49F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{0A0EE794-A424-4BFC-9396-253C430BE12D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E7F0D49-6F94-4F22-858D-33BB1D52E00F}" = dir=out | name=adera | 
"{157E0455-EA79-46AD-9405-75AAB545F424}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{23EE1B42-1C0D-48E3-AD44-2918A4538C77}" = dir=out | name=family story | 
"{24B7411C-596B-45B7-9278-7E7408EE0C0A}" = dir=out | name=music hub | 
"{251A4228-798C-40A4-B599-510B291B9746}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2981EE46-466D-4011-9F08-8D13F839E0E1}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{29AB4D3E-6AE2-45B9-A4EB-1654F5916B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D7FE2F7-A448-45D2-8150-6CBC9B392FB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3463939C-02E9-4EFE-8D78-993F7C256F32}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{35DF66F2-B735-4510-9AF5-CCC22E67C67C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A765185-2BFC-4321-8470-2DD53BB6A10C}" = dir=out | name=s camera | 
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 | 
"{40407DBB-A9D9-4668-A7B8-39D73E5A11A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{40D1620A-C5F5-4234-9863-81495598FA1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{426EC8C6-7167-4C1B-9C6A-F06BF92858E3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{441E7D06-7C23-46CE-B773-16240F47863F}" = dir=out | name=merriam-webster dictionary | 
"{45266AA1-B184-4FA0-94CB-F0DCBA4E0866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4723CB53-FBE4-49D7-B122-4EB45F541DAC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{4BD51EF7-BE2F-4553-A055-209CE101CD99}" = dir=out | name=s gallery | 
"{51A982BE-53E5-47E1-BFA1-BBF93602D2CF}" = dir=in | name=music maker jam | 
"{5491807E-7D97-44A7-83F1-3D193077A3DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55C95C95-1EC3-46A1-826C-BBF8973BA6DE}" = dir=out | name=norton studio | 
"{57F97677-D36A-42F6-9120-2EC48512B159}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{64AB37F5-31EB-4660-9606-6F2AB2D7DA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E62161C-E7D4-481A-B4A5-09D17EC47281}" = dir=in | name=evernote | 
"{6F4F6184-AF3F-40E9-AD8F-BAF53F7A1F45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{779BB8C4-A7F8-44B5-9820-6055E3BCFCF7}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{88AE6507-037F-446C-B7FF-F5C0F04B963E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{895D5A9B-37B6-4D3D-B43B-9AAC81B36300}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{907946DF-C38A-41A1-ABAF-052AA0663303}" = dir=out | name=music maker jam | 
"{96D6F905-B40C-45E4-B032-55C9B0AE0994}" = dir=out | name=jamie's recipes | 
"{99B5D7E3-D2F5-4152-9EE1-1A204CFE94FA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{9A735D89-D8EA-4304-B562-78935416D8A8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9D866BCA-0ADA-4860-80BC-E2E2E448E327}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{AC59D521-E864-4A16-B607-AB3E1958BF23}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B1621F46-F7F4-4900-A0E1-31AC6B8BFE79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA978257-6012-4E0B-AD64-FD1D34A01607}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{BBB6D5F7-1373-4F54-87B5-9B89259CF600}" = dir=out | name=evernote | 
"{BE0E349D-D3A0-42F2-8DFE-61E4056A4383}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BFA165C6-4CED-487B-9F14-4F9716675CC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0C6D77C-4A66-4E44-8260-BA15494B0CAA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{C52DF6BE-2A2F-4D58-A867-F9653688823E}" = dir=out | name=chaton | 
"{C760AEBD-6746-44B0-9B5E-D98CDC94E973}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{C808AE20-51B2-4B08-B0F1-009DA788BBF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1754342-686C-40C3-BB45-C9DC3DCDC975}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D24EBE1A-2F76-4A93-A788-EC80C9797660}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{D4EE6555-512E-42B1-91DA-24C990090D52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6AD9DC8-7719-4CE9-B3C1-2DB6B916F20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7147F10-36FF-43A0-86EB-DEEA51EE4B49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DAC6759A-12A5-4F35-B8BF-E704BF1CCB45}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DBE3A4A8-2691-4604-A011-7744D9512E07}" = protocol=6 | dir=out | app=system | 
"{DD031D44-15E8-44F8-AF12-C217195A94F4}" = dir=in | name=kindle | 
"{E0A75F32-EF15-4D06-87D4-2C199652C39C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{E38E967A-69BA-43D3-B971-01F0B204EC48}" = dir=out | name=kindle | 
"{E75F4DFF-B69E-4326-B098-9C75BA574FF1}" = dir=out | name=fresh paint | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB06B60A-A975-4BCF-924F-8128F3D69ABF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED420043-48F3-486E-AF3A-9859D8E6B54A}" = dir=out | name=photoeditor | 
"{F086076A-A823-4D43-A2B6-CADF8E2C77CC}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{F1612BB2-ABCE-4698-9532-6ABEED1ED499}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7847B06-EBEC-4D07-AB50-AC922102E697}" = dir=out | name=s player | 
"{FF18FCE0-593F-42EF-BD58-5BA190856238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9135430C-DA05-4391-BE81-E7754A4DB8CD}" = Support Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735)
"Elantech" = ETDWare PS/2-X64 11.7.2.1_WHQL
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039EA659-E421-45C6-8913-BED5D69B5536}" = User Guide
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6531175A-067C-42EA-B3BC-8FFDBB470377}" = SW Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7DAA5461-5442-4234-9F01-A6C4AEFFD891}" = Support Center FAQ
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NARA" = Norton Online Backup ARA
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live
"Xerox PhotoCafe" = Xerox PhotoCafe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 17:36:31 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1068  Startzeit der fehlerhaften Anwendung: 0x01ce178e01506f44  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 3f3d5a3d-8381-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 02.03.2013 17:51:32 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1bb8  Startzeit der fehlerhaften Anwendung: 0x01ce179019f8590f  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 57ea08d5-8383-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 02.03.2013 18:06:32 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0xd08  Startzeit der fehlerhaften Anwendung: 0x01ce179232a187c7  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 7097fc52-8385-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 02.03.2013 18:21:33 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x206c  Startzeit der fehlerhaften Anwendung: 0x01ce17944b492f20  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 893dace4-8387-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:00:11 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.4.0,
 Zeitstempel: 0x50f009cd  Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
 2.1.4.0, Zeitstempel: 0x50f009cd  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000222551
ID
 des fehlerhaften Prozesses: 0x27e8  Startzeit der fehlerhaften Anwendung: 0x01ce1838f08e094d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
 3095e4b9-842c-11e2-be95-20689dab7571  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 03.03.2013 14:00:40 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.2,
 Zeitstempel: 0x50cd5051  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505ab405  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000ea485
ID
 des fehlerhaften Prozesses: 0x1dc0  Startzeit der fehlerhaften Anwendung: 0x01ce1838f129045f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Samsung\Recovery\WCScheduler.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 41dd7b2d-842c-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 03.03.2013 14:11:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x2b0  Startzeit der fehlerhaften Anwendung: 0x01ce183a9431427e  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: d2509993-842d-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:26:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1d3c  Startzeit der fehlerhaften Anwendung: 0x01ce183cacd342e7  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: eae1905c-842f-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:41:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x16d0  Startzeit der fehlerhaften Anwendung: 0x01ce183ec57be84d  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 036850a1-8432-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 03.03.2013 14:56:52 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x28b8  Startzeit der fehlerhaften Anwendung: 0x01ce1840de245483  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 1c11bcab-8434-11e2-be95-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
[ System Events ]
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:17 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 13:53:16 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:57:27 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:09 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
 
< End of report >
         
Code:
ATTFilter
 GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 18:47:44
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003b ST500LM012_HN-M500MBB rev.2AR10002 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\pgdoypoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\windows\Explorer.EXE[4920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                         000007febdf0177a 4 bytes [F0, BD, FE, 07]
.text   C:\windows\Explorer.EXE[4920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                         000007febdf01782 4 bytes [F0, BD, FE, 07]
.text   C:\windows\Explorer.EXE[4920] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                       000007fea3471b32 4 bytes [47, A3, FE, 07]
.text   C:\windows\Explorer.EXE[4920] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                       000007fea3471b3a 4 bytes [47, A3, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007feb93a1532 4 bytes [3A, B9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007feb93a153a 4 bytes [3A, B9, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5156] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007feb93a165a 4 bytes [3A, B9, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1984:1992]                                  0000000000240060
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:2020]                                                                          0000000000f61c24
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:2196]                                                                          000000006949e54e
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:3240]                                                                          000000006777319b
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:4724]                                                                          00000000689c7019
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:3268]                                                                          000000006761eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:5308]                                                                          000000006761eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:4232]                                                                          000000006761eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [2016:4664]                                                                          00000000667f16dc
Thread  C:\windows\system32\csrss.exe [3984:5832]                                                                          fffff960008bf5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
         
Miniaturansicht angehängter Grafiken
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.-gmer-fehlermeldung.jpg  

Alt 15.03.2013, 23:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 16.03.2013, 10:50   #3
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Schon mal vielen Dank an dieser Stelle.

Hier die Logs:

MBAR:

Code:
ATTFilter
 Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.16.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
User :: SAMSUNG [administrator]

16.03.2013 10:33:44
mbar-log-2013-03-16 (10-33-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 8295
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR:

Code:
ATTFilter
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-16 10:37:43
-----------------------------
10:37:43.185    OS Version: Windows x64 6.2.9200 
10:37:43.185    Number of processors: 4 586 0x2A07
10:37:43.185    ComputerName: SAMSUNG  UserName: User
10:37:43.185    Initialze error 1 
10:40:14.306    AVAST engine defs: 13031501
10:40:20.050    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
10:40:20.050    Disk 0 Vendor: ST500LM012_HN-M500MBB 2AR10002 Size: 476940MB BusType: 11
10:40:20.096    Disk 0 MBR read successfully
10:40:20.096    Disk 0 MBR scan
10:40:20.096    Disk 0 unknown MBR code
10:40:20.096    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
10:40:20.096    Disk 0 scanning C:\windows\system32\drivers
10:40:20.112    Service scanning
10:40:20.737    Modules scanning
10:40:20.737    Disk 0 trace - called modules:
10:40:20.737    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
10:40:20.737    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092d6060]
10:40:20.753    3 CLASSPNP.SYS[fffff880018388aa] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa800799a060]
10:40:20.753    AVAST engine scan C:\windows
10:40:20.753    AVAST engine scan C:\windows\system32
10:40:20.753    AVAST engine scan C:\windows\system32\drivers
10:40:20.768    AVAST engine scan C:\Users\User
10:40:20.768    AVAST engine scan C:\ProgramData
10:40:20.768    Scan finished successfully
10:40:33.227    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
10:40:33.243    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
         
TDSS-Killer:

Code:
ATTFilter
 10:43:16.0961 4480  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:43:16.0961 4480  UEFI system
10:43:17.0242 4480  ============================================================
10:43:17.0242 4480  Current date / time: 2013/03/16 10:43:17.0242
10:43:17.0242 4480  SystemInfo:
10:43:17.0242 4480  
10:43:17.0242 4480  OS Version: 6.2.9200 ServicePack: 0.0
10:43:17.0242 4480  Product type: Workstation
10:43:17.0242 4480  ComputerName: SAMSUNG
10:43:17.0242 4480  UserName: User
10:43:17.0242 4480  Windows directory: C:\windows
10:43:17.0242 4480  System windows directory: C:\windows
10:43:17.0242 4480  Running under WOW64
10:43:17.0242 4480  Processor architecture: Intel x64
10:43:17.0242 4480  Number of processors: 4
10:43:17.0242 4480  Page size: 0x1000
10:43:17.0242 4480  Boot type: Normal boot
10:43:17.0242 4480  ============================================================
10:43:18.0695 4480  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:43:18.0695 4480  ============================================================
10:43:18.0695 4480  \Device\Harddisk0\DR0:
10:43:18.0695 4480  GPT partitions:
10:43:18.0695 4480  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {118EA028-1713-43C0-909C-37C4E9E17B62}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
10:43:18.0695 4480  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {14AC08E6-8D77-4270-80B7-27F9676D7685}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x96000
10:43:18.0695 4480  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {11BD816E-0D91-424D-AC43-6C9107922E53}, Name: Microsoft reserved partition, StartLBA 0x190800, BlocksNum 0x40000
10:43:18.0695 4480  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {15F4A025-5EF9-49D1-8C93-8EE5F0688354}, Name: Basic data partition, StartLBA 0x1D0800, BlocksNum 0x370FA801
10:43:18.0695 4480  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3F8CDA94-01D3-48DB-AD67-9852013F4EAC}, Name: Basic data partition, StartLBA 0x372CB001, BlocksNum 0x2EBB000
10:43:18.0695 4480  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F98CC789-F9B9-40F0-4173-636C65706975}, Name: Basic data partition, StartLBA 0x3A186001, BlocksNum 0x200000
10:43:18.0695 4480  MBR partitions:
10:43:18.0695 4480  ============================================================
10:43:18.0726 4480  C: <-> \Device\Harddisk0\DR0\Partition4
10:43:18.0726 4480  ============================================================
10:43:18.0726 4480  Initialize success
10:43:18.0726 4480  ============================================================
10:43:29.0604 1036  ============================================================
10:43:29.0604 1036  Scan started
10:43:29.0604 1036  Mode: Manual; SigCheck; TDLFS; 
10:43:29.0604 1036  ============================================================
10:43:30.0151 1036  ================ Scan system memory ========================
10:43:30.0151 1036  System memory - ok
10:43:30.0151 1036  ================ Scan services =============================
10:43:30.0292 1036  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
10:43:30.0385 1036  1394ohci - ok
10:43:30.0417 1036  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\windows\system32\drivers\3ware.sys
10:43:30.0464 1036  3ware - ok
10:43:30.0651 1036  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\windows\system32\drivers\ACPI.sys
10:43:30.0667 1036  ACPI - ok
10:43:30.0714 1036  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\windows\system32\Drivers\acpiex.sys
10:43:30.0714 1036  acpiex - ok
10:43:30.0760 1036  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
10:43:30.0870 1036  acpipagr - ok
10:43:30.0917 1036  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
10:43:30.0995 1036  AcpiPmi - ok
10:43:31.0020 1036  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\windows\System32\drivers\acpitime.sys
10:43:31.0093 1036  acpitime - ok
10:43:31.0280 1036  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:31.0280 1036  AdobeARMservice - ok
10:43:31.0921 1036  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:31.0921 1036  AdobeFlashPlayerUpdateSvc - ok
10:43:32.0046 1036  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
10:43:32.0062 1036  adp94xx - ok
10:43:32.0109 1036  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\windows\system32\drivers\adpahci.sys
10:43:32.0124 1036  adpahci - ok
10:43:32.0156 1036  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\windows\system32\drivers\adpu320.sys
10:43:32.0171 1036  adpu320 - ok
10:43:32.0207 1036  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
10:43:32.0301 1036  AeLookupSvc - ok
10:43:32.0394 1036  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\windows\system32\drivers\afd.sys
10:43:32.0488 1036  AFD - ok
10:43:32.0551 1036  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\windows\system32\drivers\agp440.sys
10:43:32.0551 1036  agp440 - ok
10:43:32.0597 1036  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\windows\System32\alg.exe
10:43:32.0676 1036  ALG - ok
10:43:32.0707 1036  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
10:43:32.0754 1036  AllUserInstallAgent - ok
10:43:32.0817 1036  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\windows\System32\drivers\amdk8.sys
10:43:32.0895 1036  AmdK8 - ok
10:43:32.0938 1036  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
10:43:33.0008 1036  AmdPPM - ok
10:43:33.0055 1036  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\windows\system32\drivers\amdsata.sys
10:43:33.0055 1036  amdsata - ok
10:43:33.0102 1036  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
10:43:33.0118 1036  amdsbs - ok
10:43:33.0149 1036  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\windows\system32\drivers\amdxata.sys
10:43:33.0149 1036  amdxata - ok
10:43:33.0216 1036  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\windows\system32\drivers\appid.sys
10:43:33.0247 1036  AppID - ok
10:43:33.0310 1036  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\windows\System32\appidsvc.dll
10:43:33.0357 1036  AppIDSvc - ok
10:43:33.0388 1036  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\windows\System32\appinfo.dll
10:43:33.0466 1036  Appinfo - ok
10:43:33.0529 1036  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\windows\system32\drivers\arc.sys
10:43:33.0544 1036  arc - ok
10:43:33.0575 1036  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\windows\system32\drivers\arcsas.sys
10:43:33.0591 1036  arcsas - ok
10:43:33.0638 1036  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
10:43:33.0700 1036  AsyncMac - ok
10:43:33.0716 1036  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\windows\system32\drivers\atapi.sys
10:43:33.0732 1036  atapi - ok
10:43:33.0794 1036  [ 51C6777AD7649F6C3ED389151CFD9DE6 ] AthBTPort       C:\windows\system32\DRIVERS\btath_flt.sys
10:43:33.0810 1036  AthBTPort - ok
10:43:33.0919 1036  [ 67EC05E67E1416A51C478A5DAA59302E ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:43:33.0935 1036  AtherosSvc - ok
10:43:34.0341 1036  [ 221F28472FB210E2D4A7B4488BC798F9 ] athr            C:\windows\system32\DRIVERS\athw8x.sys
10:43:34.0404 1036  athr - ok
10:43:34.0466 1036  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
10:43:34.0513 1036  AudioEndpointBuilder - ok
10:43:34.0638 1036  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\windows\System32\Audiosrv.dll
10:43:34.0674 1036  Audiosrv - ok
10:43:34.0736 1036  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\windows\System32\AxInstSV.dll
10:43:34.0846 1036  AxInstSV - ok
10:43:34.0940 1036  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
10:43:34.0955 1036  b06bdrv - ok
10:43:35.0023 1036  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
10:43:35.0081 1036  BasicDisplay - ok
10:43:35.0112 1036  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
10:43:35.0175 1036  BasicRender - ok
10:43:35.0222 1036  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\windows\System32\bdesvc.dll
10:43:35.0269 1036  BDESVC - ok
10:43:35.0331 1036  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\windows\system32\drivers\Beep.sys
10:43:35.0378 1036  Beep - ok
10:43:35.0534 1036  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\windows\System32\bfe.dll
10:43:35.0597 1036  BFE - ok
10:43:35.0847 1036  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
10:43:35.0863 1036  BHDrvx64 - ok
10:43:35.0925 1036  [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
10:43:35.0941 1036  BingDesktopUpdate - ok
10:43:35.0988 1036  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\windows\System32\qmgr.dll
10:43:36.0019 1036  BITS - ok
10:43:36.0034 1036  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\windows\system32\DRIVERS\bowser.sys
10:43:36.0113 1036  bowser - ok
10:43:36.0159 1036  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
10:43:36.0175 1036  BrokerInfrastructure - ok
10:43:36.0206 1036  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\windows\System32\browser.dll
10:43:36.0300 1036  Browser - ok
10:43:36.0316 1036  [ B600D86961C6DF87EEB637D4C4ABB663 ] BTATH_A2DP      C:\windows\system32\drivers\btath_a2dp.sys
10:43:36.0331 1036  BTATH_A2DP - ok
10:43:36.0347 1036  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\windows\system32\drivers\btath_avdt.sys
10:43:36.0347 1036  btath_avdt - ok
10:43:36.0378 1036  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\windows\System32\drivers\btath_bus.sys
10:43:36.0378 1036  BTATH_BUS - ok
10:43:36.0394 1036  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\windows\System32\drivers\btath_hcrp.sys
10:43:36.0394 1036  BTATH_HCRP - ok
10:43:36.0441 1036  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\windows\system32\DRIVERS\btath_lwflt.sys
10:43:36.0456 1036  BTATH_LWFLT - ok
10:43:36.0456 1036  [ 057DA8351AD21AE485A11A8237DC9263 ] BTATH_RCP       C:\windows\System32\drivers\btath_rcp.sys
10:43:36.0472 1036  BTATH_RCP - ok
10:43:36.0488 1036  [ 185C8FCF6FD4D263AB1AC5A32ADD86AD ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
10:43:36.0503 1036  BtFilter - ok
10:43:36.0519 1036  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
10:43:36.0566 1036  BthAvrcpTg - ok
10:43:36.0628 1036  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
10:43:36.0659 1036  BthEnum - ok
10:43:36.0691 1036  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
10:43:36.0722 1036  BthHFEnum - ok
10:43:36.0753 1036  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
10:43:36.0800 1036  bthhfhid - ok
10:43:36.0831 1036  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\windows\system32\DRIVERS\BthLEEnum.sys
10:43:36.0894 1036  BthLEEnum - ok
10:43:36.0925 1036  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
10:43:36.0956 1036  BTHMODEM - ok
10:43:36.0988 1036  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
10:43:37.0003 1036  BthPan - ok
10:43:37.0050 1036  [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
10:43:37.0081 1036  BTHPORT - ok
10:43:37.0097 1036  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\windows\system32\bthserv.dll
10:43:37.0113 1036  bthserv - ok
10:43:37.0144 1036  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
10:43:37.0175 1036  BTHUSB - ok
10:43:37.0222 1036  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360      C:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
10:43:37.0222 1036  ccSet_N360 - ok
10:43:37.0253 1036  [ E41F70406C34F1CB667B4B27D81AD162 ] ccSet_NARA      C:\windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys
10:43:37.0269 1036  ccSet_NARA - ok
10:43:37.0331 1036  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
10:43:37.0347 1036  cdfs - ok
10:43:37.0363 1036  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\windows\System32\drivers\cdrom.sys
10:43:37.0378 1036  cdrom - ok
10:43:37.0410 1036  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\windows\System32\certprop.dll
10:43:37.0441 1036  CertPropSvc - ok
10:43:37.0441 1036  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\windows\System32\drivers\circlass.sys
10:43:37.0472 1036  circlass - ok
10:43:37.0535 1036  [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
10:43:37.0535 1036  ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
10:43:37.0535 1036  ClassicShellService - detected UnsignedFile.Multi.Generic (1)
10:43:37.0597 1036  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\windows\system32\drivers\CLFS.sys
10:43:37.0613 1036  CLFS - ok
10:43:37.0660 1036  [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive  C:\windows\system32\DRIVERS\CLVirtualDrive.sys
10:43:37.0660 1036  CLVirtualDrive - ok
10:43:37.0675 1036  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
10:43:37.0691 1036  CmBatt - ok
10:43:37.0738 1036  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\windows\system32\Drivers\cng.sys
10:43:37.0753 1036  CNG - ok
10:43:37.0753 1036  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
10:43:37.0769 1036  CompositeBus - ok
10:43:37.0785 1036  COMSysApp - ok
10:43:37.0800 1036  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\windows\system32\drivers\condrv.sys
10:43:37.0831 1036  condrv - ok
10:43:37.0941 1036  [ C6D620A69098AB17EBD5C0CAADA1D7DC ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
10:43:37.0956 1036  cphs - ok
10:43:37.0988 1036  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\windows\system32\cryptsvc.dll
10:43:38.0019 1036  CryptSvc - ok
10:43:38.0066 1036  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\windows\system32\drivers\dam.sys
10:43:38.0081 1036  dam - ok
10:43:38.0113 1036  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\windows\system32\rpcss.dll
10:43:38.0144 1036  DcomLaunch - ok
10:43:38.0175 1036  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\windows\System32\defragsvc.dll
10:43:38.0253 1036  defragsvc - ok
10:43:38.0269 1036  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\windows\system32\das.dll
10:43:38.0300 1036  DeviceAssociationService - ok
10:43:38.0316 1036  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
10:43:38.0331 1036  DeviceInstall - ok
10:43:38.0347 1036  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
10:43:38.0363 1036  Dfsc - ok
10:43:38.0394 1036  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\windows\system32\dhcpcore.dll
10:43:38.0425 1036  Dhcp - ok
10:43:38.0441 1036  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\windows\system32\drivers\discache.sys
10:43:38.0456 1036  discache - ok
10:43:38.0519 1036  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\windows\system32\drivers\disk.sys
10:43:38.0519 1036  disk - ok
10:43:38.0535 1036  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
10:43:38.0550 1036  dmvsc - ok
10:43:38.0566 1036  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\windows\System32\dnsrslvr.dll
10:43:38.0597 1036  Dnscache - ok
10:43:38.0644 1036  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\windows\System32\dot3svc.dll
10:43:38.0675 1036  dot3svc - ok
10:43:38.0691 1036  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\windows\system32\dps.dll
10:43:38.0706 1036  DPS - ok
10:43:38.0738 1036  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
10:43:38.0753 1036  drmkaud - ok
10:43:38.0769 1036  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
10:43:38.0785 1036  DsmSvc - ok
10:43:38.0831 1036  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
10:43:38.0863 1036  DXGKrnl - ok
10:43:38.0914 1036  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\windows\System32\eapsvc.dll
10:43:38.0945 1036  Eaphost - ok
10:43:39.0039 1036  [ 843E8B2127D7283845E29E6176C15887 ] Easy Launcher   C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
10:43:39.0070 1036  Easy Launcher - ok
10:43:39.0164 1036  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\windows\system32\drivers\evbda.sys
10:43:39.0227 1036  ebdrv - ok
10:43:39.0289 1036  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:43:39.0305 1036  eeCtrl - ok
10:43:39.0336 1036  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\windows\System32\lsass.exe
10:43:39.0398 1036  EFS - ok
10:43:39.0430 1036  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
10:43:39.0430 1036  EhStorClass - ok
10:43:39.0461 1036  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
10:43:39.0461 1036  EhStorTcgDrv - ok
10:43:39.0492 1036  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:43:39.0508 1036  EraserUtilRebootDrv - ok
10:43:39.0508 1036  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\windows\System32\drivers\errdev.sys
10:43:39.0555 1036  ErrDev - ok
10:43:39.0586 1036  [ 6073E00157E6D99FC8D0D0CC8EF61DF9 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
10:43:39.0586 1036  ETD - ok
10:43:39.0648 1036  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\windows\system32\es.dll
10:43:39.0680 1036  EventSystem - ok
10:43:39.0727 1036  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\windows\system32\drivers\exfat.sys
10:43:39.0758 1036  exfat - ok
10:43:39.0773 1036  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\windows\system32\drivers\fastfat.sys
10:43:39.0789 1036  fastfat - ok
10:43:39.0820 1036  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\windows\system32\fxssvc.exe
10:43:39.0836 1036  Fax - ok
10:43:39.0836 1036  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\windows\System32\drivers\fdc.sys
10:43:39.0852 1036  fdc - ok
10:43:39.0867 1036  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\windows\system32\fdPHost.dll
10:43:39.0898 1036  fdPHost - ok
10:43:39.0930 1036  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\windows\system32\fdrespub.dll
10:43:39.0992 1036  FDResPub - ok
10:43:40.0023 1036  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\windows\system32\fhsvc.dll
10:43:40.0086 1036  fhsvc - ok
10:43:40.0102 1036  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
10:43:40.0117 1036  FileInfo - ok
10:43:40.0133 1036  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
10:43:40.0164 1036  Filetrace - ok
10:43:40.0195 1036  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
10:43:40.0258 1036  flpydisk - ok
10:43:40.0274 1036  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
10:43:40.0289 1036  FltMgr - ok
10:43:40.0320 1036  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\windows\system32\FntCache.dll
10:43:40.0352 1036  FontCache - ok
10:43:40.0477 1036  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:43:40.0477 1036  FontCache3.0.0.0 - ok
10:43:40.0492 1036  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
10:43:40.0508 1036  FsDepends - ok
10:43:40.0524 1036  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
10:43:40.0539 1036  Fs_Rec - ok
10:43:40.0602 1036  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
10:43:40.0617 1036  fvevol - ok
10:43:40.0648 1036  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
10:43:40.0680 1036  FxPPM - ok
10:43:40.0695 1036  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
10:43:40.0695 1036  gagp30kx - ok
10:43:40.0758 1036  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
10:43:40.0773 1036  gencounter - ok
10:43:40.0789 1036  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
10:43:40.0805 1036  GPIOClx0101 - ok
10:43:40.0840 1036  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\windows\System32\gpsvc.dll
10:43:40.0888 1036  gpsvc - ok
10:43:40.0920 1036  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:43:40.0920 1036  HdAudAddService - ok
10:43:40.0951 1036  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
10:43:41.0029 1036  HDAudBus - ok
10:43:41.0060 1036  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
10:43:41.0076 1036  HidBatt - ok
10:43:41.0076 1036  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\windows\System32\drivers\hidbth.sys
10:43:41.0107 1036  HidBth - ok
10:43:41.0123 1036  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
10:43:41.0185 1036  hidi2c - ok
10:43:41.0201 1036  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\windows\System32\drivers\hidir.sys
10:43:41.0232 1036  HidIr - ok
10:43:41.0263 1036  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\windows\system32\hidserv.dll
10:43:41.0295 1036  hidserv - ok
10:43:41.0342 1036  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\windows\System32\drivers\hidusb.sys
10:43:41.0420 1036  HidUsb - ok
10:43:41.0435 1036  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\windows\system32\kmsvc.dll
10:43:41.0467 1036  hkmsvc - ok
10:43:41.0529 1036  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:43:41.0560 1036  HomeGroupListener - ok
10:43:41.0592 1036  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:43:41.0607 1036  HomeGroupProvider - ok
10:43:41.0638 1036  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
10:43:41.0654 1036  HpSAMD - ok
10:43:41.0685 1036  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\windows\system32\drivers\HTTP.sys
10:43:41.0748 1036  HTTP - ok
10:43:41.0842 1036  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
10:43:41.0857 1036  hwpolicy - ok
10:43:41.0875 1036  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
10:43:41.0893 1036  hyperkbd - ok
10:43:41.0893 1036  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
10:43:41.0908 1036  HyperVideo - ok
10:43:41.0940 1036  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
10:43:41.0955 1036  i8042prt - ok
10:43:41.0987 1036  [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA         C:\windows\system32\drivers\iaStorA.sys
10:43:42.0002 1036  iaStorA - ok
10:43:42.0018 1036  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
10:43:42.0033 1036  iaStorV - ok
10:43:42.0268 1036  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130313.001\IDSvia64.sys
10:43:42.0283 1036  IDSVia64 - ok
10:43:42.0457 1036  [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
10:43:42.0567 1036  igfx - ok
10:43:42.0582 1036  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\windows\system32\drivers\iirsp.sys
10:43:42.0598 1036  iirsp - ok
10:43:42.0645 1036  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\windows\System32\ikeext.dll
10:43:42.0667 1036  IKEEXT - ok
10:43:42.0741 1036  [ 8524178B895E4BC04776B319DA3A70EC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
10:43:42.0803 1036  IntcAzAudAddService - ok
10:43:42.0834 1036  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
10:43:42.0850 1036  IntcDAud - ok
10:43:42.0931 1036  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:43:42.0947 1036  Intel(R) Capability Licensing Service Interface - ok
10:43:42.0994 1036  [ 30E9FAC23E2537D82F2836CB81AEE186 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
10:43:43.0009 1036  Intel(R) ME Service - ok
10:43:43.0025 1036  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\windows\system32\drivers\intelide.sys
10:43:43.0025 1036  intelide - ok
10:43:43.0056 1036  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\windows\System32\drivers\intelppm.sys
10:43:43.0087 1036  intelppm - ok
10:43:43.0134 1036  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
10:43:43.0165 1036  IpFilterDriver - ok
10:43:43.0212 1036  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
10:43:43.0245 1036  iphlpsvc - ok
10:43:43.0307 1036  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
10:43:43.0323 1036  IPMIDRV - ok
10:43:43.0338 1036  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
10:43:43.0354 1036  IPNAT - ok
10:43:43.0370 1036  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\windows\system32\drivers\irenum.sys
10:43:43.0386 1036  IRENUM - ok
10:43:43.0386 1036  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\windows\system32\drivers\isapnp.sys
10:43:43.0401 1036  isapnp - ok
10:43:43.0437 1036  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
10:43:43.0437 1036  iScsiPrt - ok
10:43:43.0531 1036  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:43:43.0531 1036  jhi_service - ok
10:43:43.0547 1036  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
10:43:43.0563 1036  kbdclass - ok
10:43:43.0578 1036  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
10:43:43.0594 1036  kbdhid - ok
10:43:43.0609 1036  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
10:43:43.0625 1036  kdnic - ok
10:43:43.0688 1036  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\windows\system32\lsass.exe
10:43:43.0688 1036  KeyIso - ok
10:43:43.0719 1036  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
10:43:43.0734 1036  KSecDD - ok
10:43:43.0750 1036  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
10:43:43.0766 1036  KSecPkg - ok
10:43:43.0781 1036  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
10:43:43.0797 1036  ksthunk - ok
10:43:43.0891 1036  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\windows\system32\msdtckrm.dll
10:43:43.0906 1036  KtmRm - ok
10:43:43.0953 1036  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\windows\system32\srvsvc.dll
10:43:43.0969 1036  LanmanServer - ok
10:43:44.0016 1036  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:43:44.0031 1036  LanmanWorkstation - ok
10:43:44.0049 1036  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
10:43:44.0067 1036  lltdio - ok
10:43:44.0145 1036  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\windows\System32\lltdsvc.dll
10:43:44.0161 1036  lltdsvc - ok
10:43:44.0176 1036  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\windows\System32\lmhsvc.dll
10:43:44.0208 1036  lmhosts - ok
10:43:44.0228 1036  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:43:44.0228 1036  LMS - ok
10:43:44.0259 1036  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
10:43:44.0275 1036  LSI_SAS - ok
10:43:44.0275 1036  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
10:43:44.0290 1036  LSI_SAS2 - ok
10:43:44.0290 1036  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
10:43:44.0306 1036  LSI_SCSI - ok
10:43:44.0306 1036  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
10:43:44.0321 1036  LSI_SSS - ok
10:43:44.0353 1036  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\windows\System32\lsm.dll
10:43:44.0384 1036  LSM - ok
10:43:44.0405 1036  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\windows\system32\drivers\luafv.sys
10:43:44.0435 1036  luafv - ok
10:43:44.0498 1036  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:43:44.0529 1036  MDM ( UnsignedFile.Multi.Generic ) - warning
10:43:44.0529 1036  MDM - detected UnsignedFile.Multi.Generic (1)
10:43:44.0591 1036  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\windows\system32\drivers\megasas.sys
10:43:44.0607 1036  megasas - ok
10:43:44.0607 1036  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
10:43:44.0623 1036  MegaSR - ok
10:43:44.0638 1036  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\windows\System32\drivers\HECIx64.sys
10:43:44.0654 1036  MEIx64 - ok
10:43:44.0685 1036  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\windows\system32\mmcss.dll
10:43:44.0701 1036  MMCSS - ok
10:43:44.0701 1036  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\windows\system32\drivers\modem.sys
10:43:44.0732 1036  Modem - ok
10:43:44.0748 1036  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
10:43:44.0810 1036  monitor - ok
10:43:44.0810 1036  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\windows\System32\drivers\mouclass.sys
10:43:44.0826 1036  mouclass - ok
10:43:44.0842 1036  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\windows\System32\drivers\mouhid.sys
10:43:44.0857 1036  mouhid - ok
10:43:44.0857 1036  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
10:43:44.0873 1036  mountmgr - ok
10:43:44.0904 1036  [ 7E164DE3EE617E3A7EAD9ADB471D6AAD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:43:44.0904 1036  MozillaMaintenance - ok
10:43:44.0935 1036  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
10:43:44.0967 1036  mpsdrv - ok
10:43:45.0013 1036  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\windows\system32\mpssvc.dll
10:43:45.0045 1036  MpsSvc - ok
10:43:45.0060 1036  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
10:43:45.0076 1036  MRxDAV - ok
10:43:45.0123 1036  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
10:43:45.0201 1036  mrxsmb - ok
10:43:45.0217 1036  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
10:43:45.0232 1036  mrxsmb10 - ok
10:43:45.0248 1036  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
10:43:45.0263 1036  mrxsmb20 - ok
10:43:45.0295 1036  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
10:43:45.0310 1036  MsBridge - ok
10:43:45.0357 1036  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\windows\System32\msdtc.exe
10:43:45.0388 1036  MSDTC - ok
10:43:45.0404 1036  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\windows\system32\drivers\Msfs.sys
10:43:45.0420 1036  Msfs - ok
10:43:45.0459 1036  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
10:43:45.0459 1036  msgpiowin32 - ok
10:43:45.0473 1036  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
10:43:45.0489 1036  mshidkmdf - ok
10:43:45.0504 1036  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
10:43:45.0536 1036  mshidumdf - ok
10:43:45.0551 1036  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
10:43:45.0551 1036  msisadrv - ok
10:43:45.0587 1036  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
10:43:45.0649 1036  MSiSCSI - ok
10:43:45.0649 1036  msiserver - ok
10:43:45.0681 1036  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
10:43:45.0712 1036  MSKSSRV - ok
10:43:45.0743 1036  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
10:43:45.0774 1036  MsLldp - ok
10:43:45.0774 1036  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
10:43:45.0790 1036  MSPCLOCK - ok
10:43:45.0806 1036  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
10:43:45.0821 1036  MSPQM - ok
10:43:45.0853 1036  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
10:43:45.0868 1036  MsRPC - ok
10:43:45.0915 1036  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
10:43:45.0915 1036  mssmbios - ok
10:43:45.0931 1036  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
10:43:45.0931 1036  MSTEE - ok
10:43:45.0946 1036  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
10:43:45.0962 1036  MTConfig - ok
10:43:45.0962 1036  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\windows\system32\Drivers\mup.sys
10:43:45.0978 1036  Mup - ok
10:43:45.0978 1036  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\windows\system32\drivers\mvumis.sys
10:43:45.0993 1036  mvumis - ok
10:43:46.0106 1036  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
10:43:46.0121 1036  N360 - ok
10:43:46.0153 1036  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\windows\system32\qagentRT.dll
10:43:46.0184 1036  napagent - ok
10:43:46.0246 1036  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
10:43:46.0262 1036  NativeWifiP - ok
10:43:46.0340 1036  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\ENG64.SYS
10:43:46.0356 1036  NAVENG - ok
10:43:46.0450 1036  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\EX64.SYS
10:43:46.0481 1036  NAVEX15 - ok
10:43:46.0512 1036  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\windows\System32\ncasvc.dll
10:43:46.0528 1036  NcaSvc - ok
10:43:46.0543 1036  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
10:43:46.0575 1036  NcdAutoSetup - ok
10:43:46.0610 1036  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\windows\system32\drivers\ndis.sys
10:43:46.0625 1036  NDIS - ok
10:43:46.0657 1036  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
10:43:46.0672 1036  NdisCap - ok
10:43:46.0735 1036  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
10:43:46.0751 1036  NdisImPlatform - ok
10:43:46.0782 1036  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
10:43:46.0829 1036  NdisTapi - ok
10:43:46.0844 1036  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
10:43:46.0860 1036  Ndisuio - ok
10:43:46.0922 1036  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
10:43:46.0954 1036  NdisWan - ok
10:43:46.0954 1036  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\windows\system32\DRIVERS\ndiswan.sys
10:43:46.0969 1036  NDISWANLEGACY - ok
10:43:46.0989 1036  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
10:43:47.0003 1036  NDProxy - ok
10:43:47.0003 1036  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\windows\system32\drivers\Ndu.sys
10:43:47.0035 1036  Ndu - ok
10:43:47.0097 1036  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
10:43:47.0128 1036  NetBIOS - ok
10:43:47.0144 1036  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
10:43:47.0175 1036  NetBT - ok
10:43:47.0191 1036  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\windows\system32\lsass.exe
10:43:47.0191 1036  Netlogon - ok
10:43:47.0238 1036  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\windows\System32\netman.dll
10:43:47.0316 1036  Netman - ok
10:43:47.0352 1036  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\windows\System32\netprofmsvc.dll
10:43:47.0383 1036  netprofm - ok
10:43:47.0508 1036  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:43:47.0508 1036  NetTcpPortSharing - ok
10:43:47.0555 1036  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
10:43:47.0555 1036  nfrd960 - ok
10:43:47.0586 1036  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\windows\System32\nlasvc.dll
10:43:47.0617 1036  NlaSvc - ok
10:43:47.0742 1036  [ EC6B98656770A0441C14BB86FEFC90AE ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:43:47.0805 1036  NOBU - ok
10:43:47.0828 1036  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\windows\system32\drivers\Npfs.sys
10:43:47.0840 1036  Npfs - ok
10:43:47.0840 1036  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
10:43:47.0872 1036  npsvctrig - ok
10:43:47.0887 1036  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\windows\system32\nsisvc.dll
10:43:47.0965 1036  nsi - ok
10:43:47.0965 1036  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
10:43:47.0981 1036  nsiproxy - ok
10:43:48.0048 1036  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
10:43:48.0095 1036  Ntfs - ok
10:43:48.0110 1036  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\windows\system32\drivers\Null.sys
10:43:48.0126 1036  Null - ok
10:43:48.0379 1036  [ 859DE855E2033DA779A8DF6A5D3F70EF ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
10:43:48.0535 1036  nvlddmkm - ok
10:43:48.0551 1036  [ F284328A608A5BAF53BDBEF39DFDF4F4 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
10:43:48.0567 1036  nvpciflt - ok
10:43:48.0598 1036  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\windows\system32\drivers\nvraid.sys
10:43:48.0598 1036  nvraid - ok
10:43:48.0614 1036  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\windows\system32\drivers\nvstor.sys
10:43:48.0614 1036  nvstor - ok
10:43:48.0707 1036  [ 51D0D2020A7A05D288DDDD4D7743BD69 ] nvsvc           C:\windows\system32\nvvsvc.exe
10:43:48.0723 1036  nvsvc - ok
10:43:48.0785 1036  [ 6821F2DF8E4BDCE734C036F90D60C771 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:43:48.0801 1036  nvUpdatusService - ok
10:43:48.0817 1036  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
10:43:48.0832 1036  nv_agp - ok
10:43:48.0910 1036  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:43:48.0926 1036  odserv - ok
10:43:48.0973 1036  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:48.0973 1036  ose - ok
10:43:49.0024 1036  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
10:43:49.0024 1036  p2pimsvc - ok
10:43:49.0040 1036  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\windows\system32\p2psvc.dll
10:43:49.0071 1036  p2psvc - ok
10:43:49.0102 1036  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\windows\System32\drivers\parport.sys
10:43:49.0118 1036  Parport - ok
10:43:49.0180 1036  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\windows\system32\drivers\partmgr.sys
10:43:49.0196 1036  partmgr - ok
10:43:49.0212 1036  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\windows\System32\pcasvc.dll
10:43:49.0227 1036  PcaSvc - ok
10:43:49.0243 1036  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\windows\system32\drivers\pci.sys
10:43:49.0259 1036  pci - ok
10:43:49.0259 1036  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\windows\system32\drivers\pciide.sys
10:43:49.0274 1036  pciide - ok
10:43:49.0274 1036  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
10:43:49.0290 1036  pcmcia - ok
10:43:49.0305 1036  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\windows\system32\drivers\pcw.sys
10:43:49.0321 1036  pcw - ok
10:43:49.0352 1036  [ AECC24430301DBC6A76916E3029B6B83 ] pdc             C:\windows\system32\drivers\pdc.sys
10:43:49.0352 1036  pdc - ok
10:43:49.0384 1036  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\windows\system32\drivers\peauth.sys
10:43:49.0399 1036  PEAUTH - ok
10:43:49.0462 1036  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\windows\SysWow64\perfhost.exe
10:43:49.0493 1036  PerfHost - ok
10:43:49.0587 1036  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\windows\system32\pla.dll
10:43:49.0634 1036  pla - ok
10:43:49.0665 1036  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
10:43:49.0680 1036  PlugPlay - ok
10:43:49.0727 1036  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
10:43:49.0759 1036  PNRPAutoReg - ok
10:43:49.0774 1036  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
10:43:49.0790 1036  PNRPsvc - ok
10:43:49.0821 1036  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
10:43:49.0852 1036  PolicyAgent - ok
10:43:49.0884 1036  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\windows\system32\umpo.dll
10:43:49.0899 1036  Power - ok
10:43:49.0915 1036  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
10:43:49.0946 1036  PptpMiniport - ok
10:43:50.0040 1036  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
10:43:50.0071 1036  PrintNotify - ok
10:43:50.0102 1036  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\windows\System32\drivers\processr.sys
10:43:50.0134 1036  Processor - ok
10:43:50.0196 1036  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\windows\system32\profsvc.dll
10:43:50.0227 1036  ProfSvc - ok
10:43:50.0243 1036  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\windows\system32\DRIVERS\pacer.sys
10:43:50.0274 1036  Psched - ok
10:43:50.0306 1036  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\windows\system32\qwave.dll
10:43:50.0306 1036  QWAVE - ok
10:43:50.0337 1036  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
10:43:50.0368 1036  QWAVEdrv - ok
10:43:50.0384 1036  [ 194ED3C117525613E701FF257882303E ] RadioHIDMini    C:\windows\System32\drivers\RadioHIDMini.sys
10:43:50.0384 1036  RadioHIDMini - ok
10:43:50.0446 1036  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
10:43:50.0477 1036  RasAcd - ok
10:43:50.0509 1036  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
10:43:50.0509 1036  RasAgileVpn - ok
10:43:50.0540 1036  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\windows\System32\rasauto.dll
10:43:50.0571 1036  RasAuto - ok
10:43:50.0634 1036  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
10:43:50.0665 1036  Rasl2tp - ok
10:43:50.0696 1036  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\windows\System32\rasmans.dll
10:43:50.0712 1036  RasMan - ok
10:43:50.0743 1036  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
10:43:50.0743 1036  RasPppoe - ok
10:43:50.0759 1036  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
10:43:50.0759 1036  RasSstp - ok
10:43:50.0806 1036  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
10:43:50.0837 1036  rdbss - ok
10:43:50.0837 1036  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
10:43:50.0852 1036  rdpbus - ok
10:43:50.0868 1036  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
10:43:50.0899 1036  RDPDR - ok
10:43:50.0931 1036  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:43:50.0947 1036  RdpVideoMiniport - ok
10:43:51.0009 1036  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
10:43:51.0041 1036  RDPWD - ok
10:43:51.0056 1036  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
10:43:51.0072 1036  rdyboost - ok
10:43:51.0087 1036  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\windows\System32\mprdim.dll
10:43:51.0119 1036  RemoteAccess - ok
10:43:51.0150 1036  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\windows\system32\regsvc.dll
10:43:51.0197 1036  RemoteRegistry - ok
10:43:51.0212 1036  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
10:43:51.0291 1036  RFCOMM - ok
10:43:51.0322 1036  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
10:43:51.0400 1036  RpcEptMapper - ok
10:43:51.0427 1036  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\windows\system32\locator.exe
10:43:51.0451 1036  RpcLocator - ok
10:43:51.0467 1036  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\windows\system32\rpcss.dll
10:43:51.0483 1036  RpcSs - ok
10:43:51.0514 1036  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
10:43:51.0545 1036  rspndr - ok
10:43:51.0608 1036  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\windows\system32\DRIVERS\Rt630x64.sys
10:43:51.0623 1036  RTL8168 - ok
10:43:51.0654 1036  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\windows\System32\drivers\vms3cap.sys
10:43:51.0670 1036  s3cap - ok
10:43:51.0686 1036  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\windows\system32\lsass.exe
10:43:51.0701 1036  SamSs - ok
10:43:51.0717 1036  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
10:43:51.0733 1036  sbp2port - ok
10:43:51.0748 1036  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\windows\System32\SCardSvr.dll
10:43:51.0779 1036  SCardSvr - ok
10:43:51.0795 1036  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
10:43:51.0873 1036  scfilter - ok
10:43:51.0906 1036  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\windows\system32\schedsvc.dll
10:43:51.0938 1036  Schedule - ok
10:43:51.0969 1036  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\windows\System32\certprop.dll
10:43:51.0984 1036  SCPolicySvc - ok
10:43:52.0063 1036  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\windows\System32\drivers\sdbus.sys
10:43:52.0063 1036  sdbus - ok
10:43:52.0094 1036  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\windows\System32\SDRSVC.dll
10:43:52.0125 1036  SDRSVC - ok
10:43:52.0156 1036  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\windows\System32\drivers\sdstor.sys
10:43:52.0156 1036  sdstor - ok
10:43:52.0234 1036  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
10:43:52.0250 1036  secdrv - ok
10:43:52.0266 1036  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\windows\system32\seclogon.dll
10:43:52.0281 1036  seclogon - ok
10:43:52.0297 1036  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\windows\System32\sens.dll
10:43:52.0328 1036  SENS - ok
10:43:52.0344 1036  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\windows\system32\sensrsvc.dll
10:43:52.0359 1036  SensrSvc - ok
10:43:52.0375 1036  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\windows\system32\drivers\SerCx.sys
10:43:52.0391 1036  SerCx - ok
10:43:52.0391 1036  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\windows\System32\drivers\serenum.sys
10:43:52.0406 1036  Serenum - ok
10:43:52.0406 1036  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\windows\System32\drivers\serial.sys
10:43:52.0438 1036  Serial - ok
10:43:52.0438 1036  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\windows\System32\drivers\sermouse.sys
10:43:52.0438 1036  sermouse - ok
10:43:52.0500 1036  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\windows\system32\sessenv.dll
10:43:52.0516 1036  SessionEnv - ok
10:43:52.0531 1036  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
10:43:52.0547 1036  sfloppy - ok
10:43:52.0594 1036  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\windows\System32\ipnathlp.dll
10:43:52.0625 1036  SharedAccess - ok
10:43:52.0656 1036  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:43:52.0688 1036  ShellHWDetection - ok
10:43:52.0703 1036  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
10:43:52.0719 1036  SiSRaid2 - ok
10:43:52.0719 1036  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
10:43:52.0734 1036  SiSRaid4 - ok
10:43:52.0750 1036  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
10:43:52.0766 1036  SNMPTRAP - ok
10:43:52.0781 1036  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\windows\system32\drivers\spaceport.sys
10:43:52.0797 1036  spaceport - ok
10:43:52.0813 1036  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
10:43:52.0828 1036  SpbCx - ok
10:43:52.0859 1036  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\windows\System32\spoolsv.exe
10:43:52.0891 1036  Spooler - ok
10:43:52.0984 1036  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\windows\system32\sppsvc.exe
10:43:53.0031 1036  sppsvc - ok
10:43:53.0125 1036  [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP           C:\windows\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
10:43:53.0125 1036  SRTSP - ok
10:43:53.0141 1036  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
10:43:53.0156 1036  SRTSPX - ok
10:43:53.0172 1036  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\windows\system32\DRIVERS\srv.sys
10:43:53.0188 1036  srv - ok
10:43:53.0234 1036  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
10:43:53.0250 1036  srv2 - ok
10:43:53.0281 1036  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
10:43:53.0297 1036  srvnet - ok
10:43:53.0328 1036  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
10:43:53.0344 1036  SSDPSRV - ok
10:43:53.0360 1036  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\windows\system32\sstpsvc.dll
10:43:53.0391 1036  SstpSvc - ok
10:43:53.0426 1036  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\windows\system32\drivers\stexstor.sys
10:43:53.0426 1036  stexstor - ok
10:43:53.0458 1036  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\windows\System32\wiaservc.dll
10:43:53.0473 1036  stisvc - ok
10:43:53.0473 1036  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\windows\system32\drivers\storahci.sys
10:43:53.0473 1036  storahci - ok
10:43:53.0505 1036  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
10:43:53.0505 1036  storflt - ok
10:43:53.0520 1036  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\windows\system32\storsvc.dll
10:43:53.0551 1036  StorSvc - ok
10:43:53.0567 1036  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\windows\system32\drivers\storvsc.sys
10:43:53.0583 1036  storvsc - ok
10:43:53.0583 1036  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\windows\system32\svsvc.dll
10:43:53.0630 1036  svsvc - ok
10:43:53.0630 1036  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\windows\System32\drivers\swenum.sys
10:43:53.0645 1036  swenum - ok
10:43:53.0661 1036  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\windows\System32\swprv.dll
10:43:53.0708 1036  swprv - ok
10:43:53.0755 1036  SWUpdateService - ok
10:43:53.0801 1036  [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS           C:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
10:43:53.0801 1036  SymDS - ok
10:43:53.0833 1036  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
10:43:53.0848 1036  SymEFA - ok
10:43:53.0880 1036  [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM         C:\windows\system32\drivers\N360x64\1403000.024\SymELAM.sys
10:43:53.0895 1036  SymELAM - ok
10:43:53.0927 1036  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
10:43:53.0927 1036  SymEvent - ok
10:43:53.0958 1036  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
10:43:53.0973 1036  SymIRON - ok
10:43:54.0005 1036  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
10:43:54.0020 1036  SymNetS - ok
10:43:54.0083 1036  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\windows\system32\sysmain.dll
10:43:54.0114 1036  SysMain - ok
10:43:54.0130 1036  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
10:43:54.0161 1036  SystemEventsBroker - ok
10:43:54.0177 1036  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\windows\System32\TabSvc.dll
10:43:54.0208 1036  TabletInputService - ok
10:43:54.0223 1036  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\windows\System32\tapisrv.dll
10:43:54.0239 1036  TapiSrv - ok
10:43:54.0353 1036  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip           C:\windows\system32\drivers\tcpip.sys
10:43:54.0400 1036  Tcpip - ok
10:43:54.0415 1036  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
10:43:54.0462 1036  TCPIP6 - ok
10:43:54.0493 1036  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
10:43:54.0509 1036  tcpipreg - ok
10:43:54.0509 1036  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
10:43:54.0540 1036  tdx - ok
10:43:54.0572 1036  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\windows\System32\drivers\terminpt.sys
10:43:54.0572 1036  terminpt - ok
10:43:54.0603 1036  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\windows\System32\termsrv.dll
10:43:54.0634 1036  TermService - ok
10:43:54.0650 1036  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\windows\system32\themeservice.dll
10:43:54.0665 1036  Themes - ok
10:43:54.0697 1036  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\windows\system32\mmcss.dll
10:43:54.0697 1036  THREADORDER - ok
10:43:54.0728 1036  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
10:43:54.0759 1036  TimeBroker - ok
10:43:54.0806 1036  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\windows\system32\drivers\tpm.sys
10:43:54.0822 1036  TPM - ok
10:43:54.0837 1036  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\windows\System32\trkwks.dll
10:43:54.0853 1036  TrkWks - ok
10:43:54.0900 1036  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:43:54.0915 1036  TrustedInstaller - ok
10:43:54.0947 1036  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
10:43:54.0962 1036  TsUsbFlt - ok
10:43:55.0025 1036  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
10:43:55.0072 1036  TsUsbGD - ok
10:43:55.0103 1036  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
10:43:55.0134 1036  tunnel - ok
10:43:55.0150 1036  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\windows\system32\drivers\uagp35.sys
10:43:55.0150 1036  uagp35 - ok
10:43:55.0150 1036  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
10:43:55.0165 1036  UASPStor - ok
10:43:55.0181 1036  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
10:43:55.0197 1036  UCX01000 - ok
10:43:55.0212 1036  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
10:43:55.0228 1036  udfs - ok
10:43:55.0259 1036  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\windows\system32\UI0Detect.exe
10:43:55.0275 1036  UI0Detect - ok
10:43:55.0275 1036  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
10:43:55.0275 1036  uliagpkx - ok
10:43:55.0306 1036  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\windows\System32\drivers\umbus.sys
10:43:55.0322 1036  umbus - ok
10:43:55.0322 1036  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\windows\System32\drivers\umpass.sys
10:43:55.0337 1036  UmPass - ok
10:43:55.0400 1036  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\windows\System32\umrdp.dll
10:43:55.0431 1036  UmRdpService - ok
10:43:55.0525 1036  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:43:55.0525 1036  UNS - ok
10:43:55.0556 1036  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\windows\System32\upnphost.dll
10:43:55.0587 1036  upnphost - ok
10:43:55.0619 1036  [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
10:43:55.0634 1036  usbaudio - ok
10:43:55.0665 1036  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
10:43:55.0681 1036  usbccgp - ok
10:43:55.0697 1036  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\windows\System32\drivers\usbcir.sys
10:43:55.0712 1036  usbcir - ok
10:43:55.0744 1036  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\windows\System32\drivers\usbehci.sys
10:43:55.0744 1036  usbehci - ok
10:43:55.0790 1036  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\windows\System32\drivers\usbhub.sys
10:43:55.0806 1036  usbhub - ok
10:43:55.0837 1036  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
10:43:55.0853 1036  USBHUB3 - ok
10:43:55.0869 1036  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\windows\System32\drivers\usbohci.sys
10:43:55.0900 1036  usbohci - ok
10:43:55.0931 1036  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\windows\System32\drivers\usbprint.sys
10:43:55.0931 1036  usbprint - ok
10:43:55.0947 1036  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
10:43:55.0947 1036  USBSTOR - ok
10:43:55.0962 1036  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
10:43:55.0994 1036  usbuhci - ok
10:43:56.0009 1036  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
10:43:56.0025 1036  usbvideo - ok
10:43:56.0040 1036  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
10:43:56.0056 1036  USBXHCI - ok
10:43:56.0072 1036  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\windows\system32\lsass.exe
10:43:56.0087 1036  VaultSvc - ok
10:43:56.0103 1036  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
10:43:56.0119 1036  vdrvroot - ok
10:43:56.0159 1036  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\windows\System32\vds.exe
10:43:56.0184 1036  vds - ok
10:43:56.0200 1036  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
10:43:56.0215 1036  VerifierExt - ok
10:43:56.0231 1036  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
10:43:56.0247 1036  vhdmp - ok
10:43:56.0247 1036  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\windows\system32\drivers\viaide.sys
10:43:56.0262 1036  viaide - ok
10:43:56.0262 1036  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\windows\system32\drivers\vmbus.sys
10:43:56.0278 1036  vmbus - ok
10:43:56.0278 1036  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
10:43:56.0294 1036  VMBusHID - ok
10:43:56.0325 1036  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\windows\System32\ICSvc.dll
10:43:56.0340 1036  vmicheartbeat - ok
10:43:56.0356 1036  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\windows\System32\ICSvc.dll
10:43:56.0356 1036  vmickvpexchange - ok
10:43:56.0372 1036  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\windows\System32\ICSvc.dll
10:43:56.0372 1036  vmicrdv - ok
10:43:56.0387 1036  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\windows\System32\ICSvc.dll
10:43:56.0403 1036  vmicshutdown - ok
10:43:56.0403 1036  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\windows\System32\ICSvc.dll
10:43:56.0419 1036  vmictimesync - ok
10:43:56.0419 1036  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\windows\System32\ICSvc.dll
10:43:56.0434 1036  vmicvss - ok
10:43:56.0450 1036  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\windows\system32\drivers\volmgr.sys
10:43:56.0450 1036  volmgr - ok
10:43:56.0465 1036  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
10:43:56.0481 1036  volmgrx - ok
10:43:56.0481 1036  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\windows\system32\drivers\volsnap.sys
10:43:56.0497 1036  volsnap - ok
10:43:56.0512 1036  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\windows\System32\drivers\vpci.sys
10:43:56.0512 1036  vpci - ok
10:43:56.0528 1036  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
10:43:56.0528 1036  vsmraid - ok
10:43:56.0590 1036  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\windows\system32\vssvc.exe
10:43:56.0637 1036  VSS - ok
10:43:56.0669 1036  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
10:43:56.0684 1036  VSTXRAID - ok
10:43:56.0684 1036  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
10:43:56.0700 1036  vwifibus - ok
10:43:56.0715 1036  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
10:43:56.0731 1036  vwififlt - ok
10:43:56.0747 1036  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
10:43:56.0762 1036  vwifimp - ok
10:43:56.0809 1036  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\windows\system32\w32time.dll
10:43:56.0840 1036  W32Time - ok
10:43:56.0840 1036  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\windows\System32\drivers\wacompen.sys
10:43:56.0872 1036  WacomPen - ok
10:43:56.0919 1036  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
10:43:56.0934 1036  Wanarp - ok
10:43:56.0950 1036  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
10:43:56.0950 1036  Wanarpv6 - ok
10:43:57.0012 1036  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\windows\system32\wbengine.exe
10:43:57.0044 1036  wbengine - ok
10:43:57.0075 1036  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
10:43:57.0090 1036  WbioSrvc - ok
10:43:57.0106 1036  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\windows\System32\wcmsvc.dll
10:43:57.0137 1036  Wcmsvc - ok
10:43:57.0153 1036  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\windows\System32\wcncsvc.dll
10:43:57.0184 1036  wcncsvc - ok
10:43:57.0200 1036  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:43:57.0215 1036  WcsPlugInService - ok
10:43:57.0247 1036  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\windows\system32\drivers\wd.sys
10:43:57.0247 1036  Wd - ok
10:43:57.0294 1036  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
10:43:57.0294 1036  WdBoot - ok
10:43:57.0329 1036  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
10:43:57.0345 1036  Wdf01000 - ok
10:43:57.0361 1036  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
10:43:57.0376 1036  WdFilter - ok
10:43:57.0392 1036  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\windows\system32\wdi.dll
10:43:57.0423 1036  WdiServiceHost - ok
10:43:57.0423 1036  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\windows\system32\wdi.dll
10:43:57.0439 1036  WdiSystemHost - ok
10:43:57.0470 1036  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\windows\System32\webclnt.dll
10:43:57.0485 1036  WebClient - ok
10:43:57.0501 1036  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\windows\system32\wecsvc.dll
10:43:57.0517 1036  Wecsvc - ok
10:43:57.0532 1036  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\windows\System32\wercplsupport.dll
10:43:57.0564 1036  wercplsupport - ok
10:43:57.0595 1036  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\windows\System32\WerSvc.dll
10:43:57.0642 1036  WerSvc - ok
10:43:57.0658 1036  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
10:43:57.0673 1036  WFPLWFS - ok
10:43:57.0689 1036  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\windows\System32\wiarpc.dll
10:43:57.0720 1036  WiaRpc - ok
10:43:57.0736 1036  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
10:43:57.0736 1036  WIMMount - ok
10:43:57.0767 1036  WinDefend - ok
10:43:57.0814 1036  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
10:43:57.0861 1036  WinHttpAutoProxySvc - ok
10:43:57.0908 1036  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
10:43:57.0939 1036  Winmgmt - ok
10:43:58.0001 1036  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\windows\system32\WsmSvc.dll
10:43:58.0048 1036  WinRM - ok
10:43:58.0095 1036  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\windows\System32\wlansvc.dll
10:43:58.0111 1036  WlanSvc - ok
10:43:58.0158 1036  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\windows\system32\wlidsvc.dll
10:43:58.0205 1036  wlidsvc - ok
10:43:58.0226 1036  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
10:43:58.0240 1036  WmiAcpi - ok
10:43:58.0272 1036  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
10:43:58.0287 1036  wmiApSrv - ok
10:43:58.0318 1036  WMPNetworkSvc - ok
10:43:58.0334 1036  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
10:43:58.0350 1036  wpcfltr - ok
10:43:58.0381 1036  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\windows\System32\wpcsvc.dll
10:43:58.0397 1036  WPCSvc - ok
10:43:58.0428 1036  [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
10:43:58.0475 1036  WPDBusEnum - ok
10:43:58.0506 1036  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
10:43:58.0522 1036  WpdUpFltr - ok
10:43:58.0553 1036  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
10:43:58.0569 1036  ws2ifsl - ok
10:43:58.0584 1036  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\windows\System32\wscsvc.dll
10:43:58.0610 1036  wscsvc - ok
10:43:58.0610 1036  WSearch - ok
10:43:58.0682 1036  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\windows\System32\WSService.dll
10:43:58.0729 1036  WSService - ok
10:43:58.0792 1036  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\windows\system32\wuaueng.dll
10:43:58.0823 1036  wuauserv - ok
10:43:58.0854 1036  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
10:43:58.0886 1036  WudfPf - ok
10:43:58.0901 1036  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
10:43:58.0932 1036  WUDFRd - ok
10:43:58.0964 1036  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
10:43:58.0979 1036  wudfsvc - ok
10:43:59.0011 1036  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\windows\System32\wwansvc.dll
10:43:59.0026 1036  WwanSvc - ok
10:43:59.0089 1036  [ 03CD249A16CF815FFFD347DC61EF9E6D ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
10:43:59.0104 1036  ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
10:43:59.0104 1036  ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
10:43:59.0104 1036  ================ Scan global ===============================
10:43:59.0151 1036  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\windows\system32\basesrv.dll
10:43:59.0182 1036  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\windows\system32\winsrv.dll
10:43:59.0214 1036  [ BD7C6949984D19AAA609896B675E7357 ] C:\windows\system32\sxssrv.dll
10:43:59.0245 1036  [ 8F226143046435C75C033B0C52E90FFE ] C:\windows\system32\services.exe
10:43:59.0245 1036  [Global] - ok
10:43:59.0245 1036  ================ Scan MBR ==================================
10:43:59.0245 1036  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:43:59.0339 1036  \Device\Harddisk0\DR0 - ok
10:43:59.0339 1036  ================ Scan VBR ==================================
10:43:59.0370 1036  [ 1FC715F2428BA6E96A6F124B92E56B6A ] \Device\Harddisk0\DR0\Partition1
10:43:59.0370 1036  \Device\Harddisk0\DR0\Partition1 - ok
10:43:59.0386 1036  [ 78A21C0515704A19C549D053105EDE5E ] \Device\Harddisk0\DR0\Partition2
10:43:59.0386 1036  \Device\Harddisk0\DR0\Partition2 - ok
10:43:59.0401 1036  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
10:43:59.0401 1036  \Device\Harddisk0\DR0\Partition3 - ok
10:43:59.0401 1036  [ BB8589C567F65DF46E5BFA6D7423EA1E ] \Device\Harddisk0\DR0\Partition4
10:43:59.0401 1036  \Device\Harddisk0\DR0\Partition4 - ok
10:43:59.0436 1036  [ E532332B129E69B1D410A7B867757292 ] \Device\Harddisk0\DR0\Partition5
10:43:59.0436 1036  \Device\Harddisk0\DR0\Partition5 - ok
10:43:59.0451 1036  [ 6FD382DA2E0481C968CBD903953448B1 ] \Device\Harddisk0\DR0\Partition6
10:43:59.0451 1036  \Device\Harddisk0\DR0\Partition6 - ok
10:43:59.0451 1036  ============================================================
10:43:59.0451 1036  Scan finished
10:43:59.0451 1036  ============================================================
10:43:59.0467 5148  Detected object count: 3
10:43:59.0467 5148  Actual detected object count: 3
10:44:27.0907 5148  ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:27.0907 5148  ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:27.0907 5148  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:27.0907 5148  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:27.0907 5148  ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:27.0907 5148  ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:40.0805 0864  Deinitialize success
         
__________________

Alt 16.03.2013, 19:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.03.2013, 21:33   #5
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Super, also nochmal danke für die schnellen Antworten...

Hier die Logs:

JRT:

Code:
ATTFilter
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 8 x64
Ran by User on 16.03.2013 at 20:54:14,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\softonic



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.03.2013 at 21:00:31,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 16/03/2013 um 21:02:56 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : User - SAMSUNG
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

*************************

AdwCleaner[S1].txt - [303 octets] - [16/03/2013 21:02:20]
AdwCleaner[S2].txt - [689 octets] - [16/03/2013 21:02:56]

########## EOF - C:\AdwCleaner[S2].txt - [748 octets] ##########
         

OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.03.2013 21:08:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 80,62% Memory free
8,89 Gb Paging File | 7,47 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,59 Gb Free Space | 88,90% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.)
PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Samsung Electronics CO., LTD.)
PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe ()
PRC - C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Samsung Electronics CO., LTD.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll ()
MOD - C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll ()
MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll ()
MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (SWUpdateService) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (Easy Launcher) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Samsung Electronics CO., LTD.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RadioHIDMini) -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (ccSet_NARA) -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130315.025\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130313.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{29B1A520-C273-44ED-A82A-DB524E785CA0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3777642976-2438380877-1723110391-1008\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013.01.28 19:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013.03.14 17:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 17:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.14 19:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 17:48:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.02 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions
[2013.02.07 21:15:33 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\eutr8eyq.default\extensions\sammelfreund@webmiles.de
[2013.02.14 19:40:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.02.12 19:48:20 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\tineye@ideeinc.com.xpi
[2013.02.07 21:15:33 | 000,128,629 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\eutr8eyq.default\extensions\toolbar-ff@payback.de.xpi
[2013.03.15 17:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.15 17:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.03.15 17:48:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.12 22:09:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 22:09:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.12 22:09:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.12 22:09:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.12 22:09:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.12 22:09:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAEB5F0-1A65-4275-B88E-A13B42C731CE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.16 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.03.16 21:05:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.03.16 20:54:09 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.03.16 20:54:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.16 20:53:35 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013.03.16 10:42:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\tdsskiller.exe
[2013.03.16 10:34:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\aswMBR.exe
[2013.03.16 10:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 10:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\mbar-1.01.0.1021
[2013.03.15 17:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.14 22:28:26 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 22:28:26 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.14 18:27:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 17:50:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.03.14 17:49:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.03.14 17:49:53 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013.03.14 17:49:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.03.14 17:49:51 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.03.14 17:49:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.03.14 17:49:50 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.03.14 17:49:50 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.03.14 17:49:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013.03.14 17:49:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.03.14 17:49:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.03.14 17:49:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013.03.14 17:48:03 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013.03.14 17:48:02 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013.03.14 17:48:00 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.03.14 17:48:00 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.03.14 17:48:00 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2013.03.14 17:47:59 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2013.03.14 17:45:14 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013.03.14 17:45:10 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013.03.14 17:45:09 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013.03.14 17:45:02 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013.03.14 17:45:00 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll
[2013.03.14 17:44:59 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll
[2013.03.14 17:44:55 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll
[2013.03.14 17:44:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2013.03.14 17:44:54 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll
[2013.03.14 17:44:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll
[2013.03.14 17:44:53 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013.03.14 17:44:52 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll
[2013.03.14 17:44:52 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll
[2013.03.14 17:44:52 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013.03.14 17:44:51 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2013.03.14 17:44:49 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013.03.14 17:44:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.14 17:44:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe
[2013.03.14 17:44:48 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll
[2013.03.14 17:44:48 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013.03.14 17:44:48 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll
[2013.03.14 17:44:47 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe
[2013.03.14 17:44:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013.03.14 17:44:45 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll
[2013.03.14 17:44:45 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013.03.14 17:44:44 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013.03.14 17:44:42 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe
[2013.03.14 17:44:41 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys
[2013.03.14 17:44:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll
[2013.03.14 17:44:39 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013.03.14 17:44:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe
[2013.03.14 17:44:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll
[2013.03.14 17:44:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll
[2013.03.14 17:43:53 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll
[2013.03.14 17:43:52 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll
[2013.03.14 17:43:50 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013.03.14 17:43:50 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013.03.13 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 20:54:12 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013.03.13 20:54:10 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013.03.13 20:53:10 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013.03.12 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.12 19:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Spyware Scanner
[2013.03.12 19:59:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX
[2013.03.12 19:59:11 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vbar332.dll
[2013.03.12 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner
[2013.03.08 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.03.08 16:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013.03.07 20:12:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.03.07 20:12:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.03.07 20:12:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.03.07 20:12:49 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.07 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.01 16:29:03 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll
[2013.03.01 16:29:03 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll
[2013.03.01 16:29:03 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll
[2013.03.01 14:32:34 | 000,000,000 | ---D | C] -- C:\83653373651835b891237365
[2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV
[2013.03.01 14:18:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV
[2013.02.28 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.02.28 18:14:56 | 006,206,312 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll
[2013.02.28 18:14:56 | 003,298,664 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll
[2013.02.28 18:14:56 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll
[2013.02.28 18:14:56 | 000,870,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nv3dappshext.dll
[2013.02.28 18:14:56 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll
[2013.02.28 18:14:56 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll
[2013.02.28 18:14:56 | 000,055,144 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nv3dappshextr.dll
[2013.02.28 18:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.28 18:12:45 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco64.dll
[2013.02.28 18:12:45 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll
[2013.02.28 18:12:43 | 014,997,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2013.02.28 18:12:42 | 012,563,048 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2013.02.28 18:12:41 | 019,911,528 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2013.02.28 18:12:40 | 000,975,472 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvumdshimx.dll
[2013.02.28 18:12:40 | 000,832,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll
[2013.02.28 18:12:37 | 026,335,592 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2013.02.28 18:12:36 | 007,454,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2013.02.28 18:12:36 | 006,158,968 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2013.02.28 18:12:36 | 000,244,184 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll
[2013.02.28 18:12:36 | 000,199,888 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll
[2013.02.28 18:12:36 | 000,030,056 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys
[2013.02.28 18:12:34 | 018,366,592 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2013.02.28 18:12:32 | 015,405,336 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll
[2013.02.28 18:12:32 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2013.02.28 18:12:32 | 002,441,632 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll
[2013.02.28 18:12:32 | 002,218,856 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2013.02.28 18:12:31 | 009,181,024 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2013.02.28 18:12:30 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2013.02.28 18:12:30 | 002,747,584 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll
[2013.02.28 18:12:29 | 007,750,824 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2013.02.28 18:12:29 | 002,575,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2013.02.28 18:12:28 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2013.02.28 18:12:28 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2013.02.27 21:11:21 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2013.02.24 19:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop
[2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.02.22 19:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.02.15 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Studium
[2013.02.15 20:06:02 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mmc.exe
[2013.02.15 20:06:02 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidsvc.dll
[2013.02.15 20:06:00 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe
[2013.02.15 20:05:58 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013.02.15 20:05:54 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupapi.dll
[2013.02.15 20:05:51 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll
[2013.02.15 20:05:51 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll
[2013.02.15 20:05:51 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpiowin32.sys
[2013.02.15 20:05:50 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013.02.15 20:05:50 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MP4SDECD.DLL
[2013.02.15 20:05:50 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013.02.15 20:05:50 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL
[2013.02.15 20:05:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013.02.15 20:05:50 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.02.15 20:05:50 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll
[2013.02.15 20:05:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll
[2013.02.15 20:05:50 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe
[2013.02.15 20:05:50 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013.02.15 20:05:50 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncbservice.dll
[2013.02.15 20:05:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll
[2013.02.15 20:05:50 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013.02.15 20:05:50 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxm.dll
[2013.02.15 20:05:50 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wiaacmgr.exe
[2013.02.15 20:05:50 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe
[2013.02.15 20:05:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhsvc.dll
[2013.02.15 20:05:50 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhapi.dll
[2013.02.15 20:05:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxp.dll
[2013.02.15 20:05:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\keepaliveprovider.dll
[2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.14 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.16 21:11:27 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.16 21:11:27 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.16 21:11:27 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.16 21:11:27 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.16 21:11:27 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.16 21:05:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.16 21:03:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.03.16 21:03:48 | 2324,926,463 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 21:03:04 | 000,000,101 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013.03.16 21:01:53 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.16 21:00:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.16 20:53:42 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013.03.16 20:42:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job
[2013.03.16 10:42:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\tdsskiller.exe
[2013.03.16 10:40:33 | 000,000,512 | ---- | M] () -- C:\Users\User\MBR.dat
[2013.03.16 10:35:39 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\aswMBR.exe
[2013.03.16 10:23:49 | 013,786,977 | ---- | M] () -- C:\Users\User\mbar-1.01.0.1021.zip
[2013.03.16 10:14:41 | 000,427,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.03.14 22:26:57 | 002,221,863 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013.03.14 18:49:57 | 000,022,258 | ---- | M] () -- C:\Users\User\gmer fehlermeldung.jpg
[2013.03.14 18:38:19 | 000,377,856 | ---- | M] () -- C:\Users\User\gmer_2.1.19155.exe
[2013.03.14 18:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 18:25:51 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.14 18:24:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Defogger.exe
[2013.03.13 20:36:28 | 000,002,928 | ---- | M] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9}
[2013.03.13 19:29:20 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2013.03.12 19:58:49 | 006,423,656 | ---- | M] () -- C:\Users\User\FreeSpywareScanner9.6.exe
[2013.03.12 19:35:39 | 000,002,928 | ---- | M] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7}
[2013.03.08 16:31:19 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.08 16:30:05 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013.03.07 20:12:43 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.07 20:12:42 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.03.07 20:12:42 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013.03.07 20:12:42 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.03.07 20:12:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.03.07 20:12:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.03.06 00:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.03.06 00:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.02 09:22:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013.03.02 03:44:30 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013.03.01 19:36:01 | 000,002,928 | ---- | M] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72}
[2013.02.28 18:58:28 | 000,002,928 | ---- | M] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E}
[2013.02.21 16:59:08 | 002,063,240 | ---- | M] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[2013.02.14 22:17:54 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.16 21:03:01 | 000,000,101 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013.03.16 21:01:47 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.03.16 10:40:33 | 000,000,512 | ---- | C] () -- C:\Users\User\MBR.dat
[2013.03.16 10:23:24 | 013,786,977 | ---- | C] () -- C:\Users\User\mbar-1.01.0.1021.zip
[2013.03.16 10:14:25 | 000,427,328 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.03.14 18:49:57 | 000,022,258 | ---- | C] () -- C:\Users\User\gmer fehlermeldung.jpg
[2013.03.14 18:38:15 | 000,377,856 | ---- | C] () -- C:\Users\User\gmer_2.1.19155.exe
[2013.03.14 18:25:51 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.14 18:24:37 | 000,050,477 | ---- | C] () -- C:\Users\User\Defogger.exe
[2013.03.13 20:36:27 | 000,002,928 | ---- | C] () -- C:\{5A919DBE-89D6-4450-A48C-589079856FF9}
[2013.03.13 19:29:19 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2013.03.12 19:58:34 | 006,423,656 | ---- | C] () -- C:\Users\User\FreeSpywareScanner9.6.exe
[2013.03.12 19:35:39 | 000,002,928 | ---- | C] () -- C:\{6C70FAF9-17DE-44DE-B423-2143865DE4B7}
[2013.03.01 19:36:00 | 000,002,928 | ---- | C] () -- C:\{24DF9324-E174-43C0-B7A8-2FB29B304A72}
[2013.02.28 18:58:27 | 000,002,928 | ---- | C] () -- C:\{E0D6CDEF-4133-417B-B2DA-F5B364304E6E}
[2013.02.28 18:14:56 | 003,547,239 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin
[2013.02.28 18:12:35 | 000,014,148 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2013.02.27 21:11:21 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013.02.15 20:05:50 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.02.14 22:17:53 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 22:17:52 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.28 10:59:15 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012.08.16 03:27:12 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012.08.16 03:27:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.08.16 03:26:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.08.16 03:26:32 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.08.16 03:26:32 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012.04.20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.03.2013 21:08:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 80,62% Memory free
8,89 Gb Paging File | 7,47 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,49 Gb Total Space | 391,59 Gb Free Space | 88,90% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3777642976-2438380877-1723110391-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0E22F-B40D-47E3-A964-CF8750555235}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1FC054FA-4BB8-4912-9296-DD5BB598864E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C46A72-6547-4F4A-B25E-D187E39EF5C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{338E5BE1-C7DE-4456-9DD5-D44C1398E204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E28B3FB-95F5-403D-BDE3-7CEC45164122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F321406-B2A5-4374-9F4D-91B35628892A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4768B628-0369-434A-B9A1-DC760EC11A0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48D386C3-82FB-489C-8DDB-7FF6D9E62063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E516A26-9160-401E-B1AF-EB47F14C6139}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5AF4E63F-10FF-4E31-8814-DF8FB618B100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{620A2EE9-10F9-4324-ADC2-00439E6600C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7C50FB0B-61F0-4674-BD20-055C52C564A4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{91B674A2-D43B-4DE5-BC2E-B9617B8CDB2D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{948D3014-4F4C-402B-92CE-34928DD626D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C122646-305B-4E8D-BE55-BA70CF4BDE78}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9DC9E6D5-9416-436B-B27A-4632C37A7A80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B3E99500-C0BC-4E05-9962-CD4D99B1F7E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFE77CDC-F02B-45DD-9B98-1DEDE6110B8A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C46C0C89-9B68-4D61-B7C4-8E176D6CC73B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C47EB13A-9628-4371-B542-91307CBEFE55}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D51958C0-A7FF-4F88-A331-ABA83698CA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6524EE1-07D7-41DF-9080-FF306EA158A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F15D5A8C-44CB-4A03-918A-9A67F6B54B17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F71F5687-2B37-4309-8995-3253B0F5B5E3}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C7F723-B67F-4D2A-9EDC-FA2DEF522987}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{03947F51-900C-4711-88E3-1A6178D2E49F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{0A0EE794-A424-4BFC-9396-253C430BE12D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E7F0D49-6F94-4F22-858D-33BB1D52E00F}" = dir=out | name=adera | 
"{157E0455-EA79-46AD-9405-75AAB545F424}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{23EE1B42-1C0D-48E3-AD44-2918A4538C77}" = dir=out | name=family story | 
"{24B7411C-596B-45B7-9278-7E7408EE0C0A}" = dir=out | name=music hub | 
"{251A4228-798C-40A4-B599-510B291B9746}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2981EE46-466D-4011-9F08-8D13F839E0E1}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{29AB4D3E-6AE2-45B9-A4EB-1654F5916B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D7FE2F7-A448-45D2-8150-6CBC9B392FB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3463939C-02E9-4EFE-8D78-993F7C256F32}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{35DF66F2-B735-4510-9AF5-CCC22E67C67C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A765185-2BFC-4321-8470-2DD53BB6A10C}" = dir=out | name=s camera | 
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 | 
"{40407DBB-A9D9-4668-A7B8-39D73E5A11A7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{40D1620A-C5F5-4234-9863-81495598FA1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{426EC8C6-7167-4C1B-9C6A-F06BF92858E3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{441E7D06-7C23-46CE-B773-16240F47863F}" = dir=out | name=merriam-webster dictionary | 
"{45266AA1-B184-4FA0-94CB-F0DCBA4E0866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4723CB53-FBE4-49D7-B122-4EB45F541DAC}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{4BD51EF7-BE2F-4553-A055-209CE101CD99}" = dir=out | name=s gallery | 
"{51A982BE-53E5-47E1-BFA1-BBF93602D2CF}" = dir=in | name=music maker jam | 
"{5491807E-7D97-44A7-83F1-3D193077A3DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55C95C95-1EC3-46A1-826C-BBF8973BA6DE}" = dir=out | name=norton studio | 
"{57F97677-D36A-42F6-9120-2EC48512B159}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{64AB37F5-31EB-4660-9606-6F2AB2D7DA56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E62161C-E7D4-481A-B4A5-09D17EC47281}" = dir=in | name=evernote | 
"{6F4F6184-AF3F-40E9-AD8F-BAF53F7A1F45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{779BB8C4-A7F8-44B5-9820-6055E3BCFCF7}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{88AE6507-037F-446C-B7FF-F5C0F04B963E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{895D5A9B-37B6-4D3D-B43B-9AAC81B36300}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{907946DF-C38A-41A1-ABAF-052AA0663303}" = dir=out | name=music maker jam | 
"{96D6F905-B40C-45E4-B032-55C9B0AE0994}" = dir=out | name=jamie's recipes | 
"{99B5D7E3-D2F5-4152-9EE1-1A204CFE94FA}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{9A735D89-D8EA-4304-B562-78935416D8A8}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9D866BCA-0ADA-4860-80BC-E2E2E448E327}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{AC59D521-E864-4A16-B607-AB3E1958BF23}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B1621F46-F7F4-4900-A0E1-31AC6B8BFE79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA978257-6012-4E0B-AD64-FD1D34A01607}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{BBB6D5F7-1373-4F54-87B5-9B89259CF600}" = dir=out | name=evernote | 
"{BE0E349D-D3A0-42F2-8DFE-61E4056A4383}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BFA165C6-4CED-487B-9F14-4F9716675CC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0C6D77C-4A66-4E44-8260-BA15494B0CAA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{C52DF6BE-2A2F-4D58-A867-F9653688823E}" = dir=out | name=chaton | 
"{C760AEBD-6746-44B0-9B5E-D98CDC94E973}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{C808AE20-51B2-4B08-B0F1-009DA788BBF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1754342-686C-40C3-BB45-C9DC3DCDC975}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D24EBE1A-2F76-4A93-A788-EC80C9797660}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{D4EE6555-512E-42B1-91DA-24C990090D52}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6AD9DC8-7719-4CE9-B3C1-2DB6B916F20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7147F10-36FF-43A0-86EB-DEEA51EE4B49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DAC6759A-12A5-4F35-B8BF-E704BF1CCB45}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{DBE3A4A8-2691-4604-A011-7744D9512E07}" = protocol=6 | dir=out | app=system | 
"{DD031D44-15E8-44F8-AF12-C217195A94F4}" = dir=in | name=kindle | 
"{E0A75F32-EF15-4D06-87D4-2C199652C39C}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{E38E967A-69BA-43D3-B971-01F0B204EC48}" = dir=out | name=kindle | 
"{E75F4DFF-B69E-4326-B098-9C75BA574FF1}" = dir=out | name=fresh paint | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB06B60A-A975-4BCF-924F-8128F3D69ABF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED420043-48F3-486E-AF3A-9859D8E6B54A}" = dir=out | name=photoeditor | 
"{F086076A-A823-4D43-A2B6-CADF8E2C77CC}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{F1612BB2-ABCE-4698-9532-6ABEED1ED499}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7847B06-EBEC-4D07-AB50-AC922102E697}" = dir=out | name=s player | 
"{FF18FCE0-593F-42EF-BD58-5BA190856238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9135430C-DA05-4391-BE81-E7754A4DB8CD}" = Support Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735)
"Elantech" = ETDWare PS/2-X64 11.7.2.1_WHQL
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039EA659-E421-45C6-8913-BED5D69B5536}" = User Guide
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6531175A-067C-42EA-B3BC-8FFDBB470377}" = SW Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7DAA5461-5442-4234-9F01-A6C4AEFFD891}" = Support Center FAQ
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NARA" = Norton Online Backup ARA
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite" = Windows Live
"Xerox PhotoCafe" = Xerox PhotoCafe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.03.2013 14:04:58 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x15dc  Startzeit der fehlerhaften Anwendung: 0x01ce1b5e475a7ff5  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 855a7f41-8751-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 14:19:58 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0xaa4  Startzeit der fehlerhaften Anwendung: 0x01ce1b605ffe133d  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 9dff3563-8753-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 14:34:58 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0xe5c  Startzeit der fehlerhaften Anwendung: 0x01ce1b6278a737f9  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: b693b6a9-8755-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 14:49:59 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1534  Startzeit der fehlerhaften Anwendung: 0x01ce1b64914ec9fc  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: cf3c4e58-8757-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 15:04:59 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x11a0  Startzeit der fehlerhaften Anwendung: 0x01ce1b66a9f71b8c  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: e7d3a907-8759-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 15:20:00 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x618  Startzeit der fehlerhaften Anwendung: 0x01ce1b68c29ea725  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 008d2bdc-875c-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 15:35:00 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x1210  Startzeit der fehlerhaften Anwendung: 0x01ce1b6adb47e618  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 1942a13a-875e-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 15:50:00 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0xcb4  Startzeit der fehlerhaften Anwendung: 0x01ce1b6cf3edfdca  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 31db49f8-8760-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 16:05:01 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0xefc  Startzeit der fehlerhaften Anwendung: 0x01ce1b6f0c9aec4e  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 4a8aa989-8762-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
Error - 07.03.2013 16:20:01 | Computer Name = Samsung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a90d6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
 Zeitstempel: 0x50988950  Ausnahmecode: 0x00000004  Fehleroffset: 0x00014b32  ID des fehlerhaften
 Prozesses: 0x984  Startzeit der fehlerhaften Anwendung: 0x01ce1b71253edc32  Pfad der
 fehlerhaften Anwendung: C:\windows\syswow64\wwahost.exe  Pfad des fehlerhaften Moduls:
 C:\windows\SYSTEM32\KERNELBASE.dll  Berichtskennung: 6330d37f-8764-11e2-be96-20689dab7571
Vollständiger
 Name des fehlerhaften Pakets: Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c  Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: App
 
[ System Events ]
Error - 14.02.2013 12:54:11 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 12:54:17 | Computer Name = Samsung | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 13:53:16 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:57:27 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:08 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 14.02.2013 13:58:09 | Computer Name = Samsung | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
 lautet: 10.
 
Error - 15.02.2013 16:55:52 | Computer Name = Samsung | Source = Service Control Manager | ID = 7034
Description = Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 20.02.2013 15:15:35 | Computer Name = Samsung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2013 um 22:01:35 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Alt 17.03.2013, 15:59   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.5.95
[2013.03.16 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.

Alt 17.03.2013, 16:23   #7
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Code:
ATTFilter
 All processes killed
========== OTL ==========
Prefs.js: toolbar-ff%40payback.de:1.1.5.95 removed from extensions.enabledAddons
Folder move failed. C:\ProgramData\boost_interprocess scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: EasySurvey
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 3944839 bytes
->Temporary Internet Files folder emptied: 1152164 bytes
->Java cache emptied: 3248071 bytes
->FireFox cache emptied: 166593035 bytes
->Flash cache emptied: 25394 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 167,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_161645

Files\Folders moved on Reboot...
C:\ProgramData\boost_interprocess folder moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 17.03.2013, 17:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.03.2013, 18:58   #9
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Kleine Zwischennachricht: Seit 2 Tagen finden nun keine Zugriffe mehr statt.
Allerdings gehe ich nur noch über den Laptop online, so dass evtl. der PC auch noch gecheckt werden müsste.

Nochmal vielen Dank, und hier gerne die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.17.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
User :: SAMSUNG [Administrator]

Schutz: Aktiviert

17.03.2013 17:19:40
mbam-log-2013-03-17 (17-19-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234463
Laufzeit: 2 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b7c58e10e049d448b45b40673eac37d7
# engine=13407
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-17 05:32:51
# local_time=2013-03-17 06:32:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=3592 16777213 100 91 77315 114204067 0 0
# compatibility_mode=5893 16776574 100 94 332074 4495613 0 0
# scanned=211069
# found=0
# cleaned=0
# scan_time=3441
         

Alt 17.03.2013, 19:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Mach für den anderen Rechner auch bitte einen neuen Strang auf

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.03.2013, 20:17   #11
Stevie-1984
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Das war's soweit auf dem Laptop, keine weiteren Befunde oder Probleme.
Für den anderen Rechner mache ich einen neuen Strang auf.

für deine wirklich tolle und schnelle Hilfe!!

Alt 17.03.2013, 20:53   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.12.2014, 17:20   #13
zante
 
GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Standard

Die Fritzbox



..ich hatte auch unerklärliche Logins auf GMX, bis ich das Problem gefunden habe, meine Fritzbox, die sendet mir ein Pushmail und dieses verursacht diese Meldung.......

Antwort

Themen zu GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.
adfarm, bho, computer, computern, down, error, excel, firefox, flash player, gebraucht, helper, iexplore.exe, install.exe, installation, logfile, mozilla, msvcrt, ntdll.dll, nvpciflt.sys, office 2007, realtek, registry, scan, security, software, spyware, super, svchost.exe, symantec, trojaner, unknown mbr, virus, warnung, windows



Ähnliche Themen: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc.


  1. Verdacht auf KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (14)
  2. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 28.05.2014 (5)
  3. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 03.03.2014 (9)
  4. AVG unerwartet beendet (verdacht auf Keylogger/Trojaner)
    Log-Analyse und Auswertung - 08.02.2013 (28)
  5. Verdacht auf keylogger
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (17)
  6. Verdacht auf Malware/Trojaner/Keylogger oder ähnliches
    Log-Analyse und Auswertung - 14.06.2012 (3)
  7. Verdacht auf Keylogger oder Trojaner - empfindliche Daten auspioniert
    Log-Analyse und Auswertung - 17.05.2012 (1)
  8. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 19.09.2011 (1)
  9. Verdacht auf Trojaner oder Keylogger
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (14)
  10. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 18.02.2011 (4)
  11. Verdacht auf KeyLogger
    Log-Analyse und Auswertung - 21.02.2010 (2)
  12. Verdacht auf Trojaner/Keylogger
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (0)
  13. Hab nen verdacht auf nen Keylogger
    Mülltonne - 04.09.2008 (0)
  14. Verdacht auf Keylogger
    Log-Analyse und Auswertung - 10.08.2008 (1)
  15. Verdacht auf keylogger!
    Log-Analyse und Auswertung - 01.11.2007 (11)
  16. verdacht auf keylogger!
    Log-Analyse und Auswertung - 23.10.2007 (7)
  17. Verdacht auf Trojaner oder Keylogger
    Mülltonne - 19.10.2007 (0)

Zum Thema GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. - Liebes trojaner-board-Team, seit einigen Tagen fällt mir auf, dass bei meinem GMX-Account als "letzter Login" Zeiten registriert sind, zu denen ich nachweislich nicht online war (teilweise 2 oder 3 Uhr - GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc....
Archiv
Du betrachtest: GMX-Fremdzugriff - Verdacht auf Keylogger, Trojaner etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.