Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start

DonDraper · 17.09.2013, 15:09

Es taucht bei mir ein Fehler auf, wenn ich Windows-Firewall mit Erweiterter Einstellung starten möchte, es erscheint dann folgende Nachricht :
' Das Snap-In ''Windows Firewall mit erweiterter Sicherheit konnte nicht geladen werden. Starten sie den Windows Firewall Dienst auf den von ihnen verwalteten Computer neu. Fehlercode :0x6D9. '
Desweiteren erscheint bei jedem Start des Computers die Meldung, dass ein Modul nicht gefunden werden konnte
' Problem beim Starten von
C:\Users\Samsung\AppData\Local\Temp\Adobe\AdobeMngPlug.dll '

defogger_disable

Code:

ATTFilter

 defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:44 on 17/09/2013 (Samsung)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Samsung (administrator) on SAMSUNG-PC on 17-09-2013 13:48:04
Running from C:\Users\Samsung\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2586504 2010-08-05] (ELAN Microelectronics Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKCU\...\Run: [Btmchk] - C:\Windows\system32\rundll32.exe C:\Users\Samsung\AppData\Local\Temp\Adobe\AdobeMngPlug.dll,Init <===== ATTENTION
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [DisableLockWorkstation] 1
HKCU\...\Policies\system: [DisableChangePassword] 1
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 1
HKCU\...\Policies\Explorer: [NoClose] 1
HKCU\...\Policies\Explorer: [NoLogOff] 1
MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {14b7bcee-f048-11e0-861f-001e101f8924} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {28159884-8dc0-11e0-a1be-4ceddeeafadb} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {28159912-8dc0-11e0-a1be-4ceddeeafadb} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {2b3f778b-ed13-11e0-a1fb-4ceddeeafadb} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273528 2011-10-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=1657062287
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1657062287&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1657062287&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=4A644AEDDEEAFADB
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1657062287&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=4A644AEDDEEAFADB
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default
FF user.js: detected! => C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\user.js
FF SearchEngineOrder.1: Ask Search
FF Homepage: https://www.google.co.uk/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DivXWebPlayer - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: trtv3 - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\Extensions\trtv3@trtv.com.xpi
FF Extension: No Name - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-13] ()
S3 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-12] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110704.050\IDSvia64.sys [488056 2011-06-03] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110704.050\IDSvia64.sys [488056 2011-06-03] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-01-17] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-01-17] (Windows (R) 2003 DDK 3790 provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 13:48 - 2013-09-17 13:48 - 00000000 ____D C:\FRST
2013-09-17 13:46 - 2013-09-17 13:46 - 01950524 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2013-09-17 13:44 - 2013-09-17 13:44 - 00000476 _____ C:\Users\Samsung\Desktop\defogger_disable.log
2013-09-17 13:44 - 2013-09-17 13:44 - 00000000 _____ C:\Users\Samsung\defogger_reenable
2013-09-17 13:40 - 2013-09-17 13:40 - 00050477 _____ C:\Users\Samsung\Desktop\Defogger.exe
2013-09-16 19:56 - 2013-09-16 19:56 - 00000055 _____ C:\Users\Samsung\Desktop\setting.txt
2013-09-16 18:35 - 2013-09-16 18:35 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Opera
2013-09-16 18:25 - 2013-09-16 18:25 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-09-16 18:20 - 2013-09-16 18:20 - 00003250 _____ C:\Windows\System32\Tasks\{BA555178-ADB2-4B2F-B8E5-83CCDB03B4E7}
2013-09-02 18:58 - 2013-09-02 18:58 - 00000000 ____D C:\ProgramData\APN
2013-09-02 18:57 - 2013-09-03 18:34 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-09-02 18:57 - 2013-09-02 18:57 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-20 12:46 - 2013-08-20 12:47 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\7 Sticky Notes
2013-08-20 12:46 - 2012-10-13 22:20 - 00805376 _____ C:\Windows\SysWOW64\EditCtlsU.ocx
2013-08-20 12:46 - 2011-08-13 21:06 - 01031168 _____ C:\Windows\SysWOW64\ExLVwU.ocx
2013-08-20 12:46 - 2011-05-21 00:02 - 00604672 _____ C:\Windows\SysWOW64\ExTVwU.ocx
2013-08-20 12:46 - 2009-06-07 09:27 - 01071088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-08-20 12:46 - 2008-01-19 11:34 - 00554008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dao360.dll
2013-08-20 12:46 - 2005-04-15 15:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2013-08-20 12:46 - 2004-03-09 14:45 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2013-08-20 12:46 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-08-20 12:46 - 2000-05-22 12:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2013-08-20 12:46 - 1998-06-24 01:00 - 00198456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCI32.OCX
2013-08-20 12:45 - 2013-08-20 12:45 - 06154467 _____ (Fabio Martin                                                ) C:\Users\Samsung\Downloads\Setup7StickyNotesv19.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00392032 _____ (Softonic                                        ) C:\Users\Samsung\Downloads\SoftonicDownloader_fuer_sticky-notes.exe

==================== One Month Modified Files and Folders =======

2013-09-17 13:48 - 2013-09-17 13:48 - 00000000 ____D C:\FRST
2013-09-17 13:46 - 2013-09-17 13:46 - 01950524 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2013-09-17 13:45 - 2011-05-07 23:51 - 00068784 _____ C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 13:44 - 2013-09-17 13:44 - 00000476 _____ C:\Users\Samsung\Desktop\defogger_disable.log
2013-09-17 13:44 - 2013-09-17 13:44 - 00000000 _____ C:\Users\Samsung\defogger_reenable
2013-09-17 13:44 - 2011-05-05 17:10 - 00000000 ____D C:\Users\Samsung
2013-09-17 13:40 - 2013-09-17 13:40 - 00050477 _____ C:\Users\Samsung\Desktop\Defogger.exe
2013-09-17 13:38 - 2011-05-08 00:25 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Skype
2013-09-17 13:37 - 2011-08-18 10:16 - 00000000 ____D C:\Users\Samsung\AppData\Local\CrashDumps
2013-09-17 13:32 - 2011-09-20 13:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-17 13:30 - 2011-05-06 15:17 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Adobe
2013-09-17 13:30 - 2011-05-05 23:58 - 00000000 ___RD C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-17 13:28 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 13:28 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 13:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 13:12 - 2012-07-20 09:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 13:11 - 2013-04-28 18:45 - 00000000 ____D C:\Users\Samsung\Desktop\pictures from the phone
2013-09-17 13:02 - 2011-08-11 11:29 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
2013-09-17 12:52 - 2012-07-12 14:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-17 12:51 - 2009-07-14 05:45 - 04926048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 22:56 - 2011-06-06 12:44 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\SoftGrid Client
2013-09-16 19:56 - 2013-09-16 19:56 - 00000055 _____ C:\Users\Samsung\Desktop\setting.txt
2013-09-16 18:35 - 2013-09-16 18:35 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Opera
2013-09-16 18:35 - 2011-05-05 17:11 - 00000000 ____D C:\Users\Samsung\AppData\Local\Adobe
2013-09-16 18:35 - 2009-07-14 03:34 - 00000403 _____ C:\Windows\win.ini
2013-09-16 18:25 - 2013-09-16 18:25 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-09-16 18:24 - 2011-05-05 17:11 - 00000000 ____D C:\ProgramData\Adobe
2013-09-16 18:20 - 2013-09-16 18:20 - 00003250 _____ C:\Windows\System32\Tasks\{BA555178-ADB2-4B2F-B8E5-83CCDB03B4E7}
2013-09-13 23:12 - 2012-07-20 09:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 23:12 - 2012-07-20 09:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 23:12 - 2011-05-13 11:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-03 18:34 - 2013-09-02 18:57 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-09-02 18:58 - 2013-09-02 18:58 - 00000000 ____D C:\ProgramData\APN
2013-09-02 18:57 - 2013-09-02 18:57 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-20 12:47 - 2013-08-20 12:46 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\7 Sticky Notes
2013-08-20 12:45 - 2013-08-20 12:45 - 06154467 _____ (Fabio Martin                                                ) C:\Users\Samsung\Downloads\Setup7StickyNotesv19.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00392032 _____ (Softonic                                        ) C:\Users\Samsung\Downloads\SoftonicDownloader_fuer_sticky-notes.exe
2013-08-19 09:15 - 2012-07-12 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

ZeroAccess:
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\@
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\U\00000001.@
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\U\80000000.@

ZeroAccess:
C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\@
C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\U\00000001.@

Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
C:\ProgramData\s144ETd.dat
C:\Windows\Tasks\At1.job


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-09-13 22:25

==================== End Of Log ============================

Additions

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by Samsung at 2013-09-17 13:48:54
Running from C:\Users\Samsung\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912)
„Windows Live Mail“ (x32 Version: 16.4.3505.0912)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Client Installation Program (x32 Version: 9.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
BatteryLifeExtender (x32 Version: 1.0.6)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
bl (x32 Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Build-a-lot (x32 Version: 2.2.0.82)
CCleaner (Version: 3.13)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
CyberLink PowerDirector 11 (Version: 11.0.0.2812)
CyberLink PowerDirector 11 (x32 Version: 11.0.0.2812)
CyberLink PowerDirector 11 Content Pack Essential (x32 Version: 11)
CyberLink PowerDirector 11 Content Pack Premium (x32 Version: 11)
CyberLink WaveEditor 2 (x32 Version: 2.0.3206)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Easy Display Manager (x32 Version: 3.2)
Easy Network Manager (x32 Version: 4.4.1)
Easy SpeedUp Manager (x32 Version: 2.1.0.15)
EasyBatteryManager (x32 Version: 4.0.0.4)
ETDWare PS/2-X64 8.0.7.0_WHQL (Version: 8.0.7.0)
Farm Frenzy (x32 Version: 2.2.0.82)
FSX Flight Weather Report (x32 Version: 1.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
John Deere Drive Green (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Marvell Miniport Driver (x32 Version: 11.24.27.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Newblue Art Effects for PowerDirector (Version: 2.0)
Norton Internet Security (x32 Version: 18.7.2.3)
Norton Online Backup (x32 Version: 2.1.17869)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PDF24 Creator 5.2.0 (x32)
Peggle (x32 Version: 2.2.0.82)
Penguins! (x32 Version: 2.2.0.82)
ph (x32 Version: 1.0.0)
Photo Common (x32 Version: 16.4.3505.0912)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912)
Polar Golfer (x32 Version: 2.2.0.82)
Pošta Windows Live (x32 Version: 16.4.3505.0912)
PowerDirector (Version: 11.0)
QuickTime (x32 Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6176)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Samsung AnyWeb Print (x32 Version: 1.0)
Samsung Recovery Solution 5 (x32 Version: 5.0.0.6)
Samsung Support Center (x32 Version: 1.1.18)
Samsung Update Plus (x32 Version: 3.0.0.17)
Screensaver for POS (x32 Version: 1.0.0)
Skype™ 5.6 (x32 Version: 5.6.110)
SmartSound Common Data (x32 Version: 1.1.0)
SmartSound Quicktracks 5 (x32 Version: 5.1.8)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
User Guide (x32 Version: 1.0)
VLC media player 1.1.11 (x32 Version: 1.1.11)
WildTangent ORB Game Console (x32)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live Pošta (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Live 메일 (x32 Version: 16.4.3505.0912)
Windows Live 필수 패키지 (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
Windows Live 软件包 (x32 Version: 16.4.3505.0912)
Windows Liven peruspaketti (x32 Version: 16.4.3505.0912)
Windows Liven sähköposti (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
Zuma Deluxe (x32 Version: 2.2.0.95)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)
Почта Windows Live (x32 Version: 16.4.3505.0912)
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912)
بريد Windows Live (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03D415B3-99B7-4A7F-A7DD-D05EB34F6483} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0A64F01F-F98D-44CD-B825-20A0A77C65A4} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {25ED618C-EE95-4805-89C1-F3A370021757} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {39CB2F8D-7BE5-4267-9A81-F212BEA72B89} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-07-30] (SAMSUNG Electronics)
Task: {3DE935EF-B18A-4BC7-A93E-8D5738751E84} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4BEB217C-4B31-45DB-8A78-B590DA57BACA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {5ADE2454-1416-4628-94AB-F878EA120291} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {73FBA767-B86F-4CB5-82C6-5BB840709C6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {96BE2859-7847-463C-90C4-459C61FF356E} - System32\Tasks\RealCreateProcessScheduledTask1354463S-1-5-21-2052373595-2782729040-2076756327-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-10-04] (RealNetworks, Inc.)
Task: {AABAF32C-B185-4ECF-BEC8-D38CFE733C85} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {AE99A560-2675-4680-BB04-0DA3D961FF9F} - System32\Tasks\{1DFBBE26-64B1-4961-92A2-E0CDFA7B8E59} => Firefox.exe 
Task: {B086FAD1-FC18-4439-8919-8C4C4F7BED55} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052373595-2782729040-2076756327-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {B5E2AA61-B7F0-4C1A-9E1A-0F8716FC6248} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-07-27] (SEC)
Task: {CFE6987B-A424-4F30-9669-FA8695FF5F43} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {D7ABC134-846D-4DF5-9EFF-3FC92A3CF2B0} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2052373595-2782729040-2076756327-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {E6000662-EB05-43E7-A949-A7190C9778E6} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File
Task: {ED063042-5CB2-4849-A734-1E7905FAA0AF} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSA.exe
Task: {F5F4CEEF-FE06-439F-9981-AFE47515AC71} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {F97AB2E9-80DA-49D3-9AD8-63CC116B3522} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {FAAC8EEB-A3D2-4477-9C23-E3AF5984C89B} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {FE07C2C5-9A0D-435A-B557-DBBF55CEA300} - System32\Tasks\{118F5B69-229B-4208-AB21-95742DDAF63A} => Firefox.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => ?

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Samsung\Lokale Einstellungen:GZ7hXoIlIqfIEKNUboK4
AlternateDataStreams: C:\Users\Samsung\AppData\Local:GZ7hXoIlIqfIEKNUboK4
AlternateDataStreams: C:\Users\Samsung\AppData\Local\Anwendungsdaten:GZ7hXoIlIqfIEKNUboK4
AlternateDataStreams: C:\Users\Samsung\AppData\Local\Temp:OfTtWjXi1rTWlTJ6x8k


==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2013 01:42:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/17/2013 01:42:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/17/2013 01:30:54 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/17/2013 01:25:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 3.0.0.17, Zeitstempel: 0x4c770af1
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 3.0.0.17, Zeitstempel: 0x4c770af1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f8b8
ID des fehlerhaften Prozesses: 0x5b4
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/17/2013 01:20:55 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (09/17/2013 01:02:22 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/17/2013 00:56:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 3.0.0.17, Zeitstempel: 0x4c770af1
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 3.0.0.17, Zeitstempel: 0x4c770af1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f8b8
ID des fehlerhaften Prozesses: 0x13ac
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/17/2013 00:52:15 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (09/16/2013 06:19:48 PM) (Source: MsiInstaller) (User: Samsung-PC)
Description: Product: Adobe Setup -- Please install Adobe Setup using Setup.exe

Error: (09/16/2013 06:16:56 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (08/31/2013 00:44:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/31/2013 00:44:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Internet Security erreicht.

Error: (08/25/2013 00:42:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht.

Error: (08/16/2013 05:40:48 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (08/13/2013 08:10:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (08/13/2013 08:10:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Application Virtualization Client" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/13/2013 08:10:15 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Client erreicht.

Error: (08/03/2013 01:42:50 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht.

Error: (07/04/2013 08:43:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/04/2013 08:43:52 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht.


Microsoft Office Sessions:
=========================
Error: (09/17/2013 01:42:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Samsung\Downloads\SoftonicDownloader_fuer_whitesmoke-writer.exe

Error: (09/17/2013 01:42:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Samsung\Downloads\SoftonicDownloader_fuer_sticky-notes.exe

Error: (09/17/2013 01:30:54 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/17/2013 01:25:46 PM) (Source: Application Error)(User: )
Description: SUPBackground.exe3.0.0.174c770af1SUPBackground.exe3.0.0.174c770af1c00000050000f8b85b401ceb3a102ea1460C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exeC:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe46e4843a-1f94-11e3-bf7c-e8113213e620

Error: (09/17/2013 01:20:55 PM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (09/17/2013 01:02:22 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/17/2013 00:56:59 PM) (Source: Application Error)(User: )
Description: SUPBackground.exe3.0.0.174c770af1SUPBackground.exe3.0.0.174c770af1c00000050000f8b813ac01ceb39d01775152C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exeC:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe41455092-1f90-11e3-a0c9-e8113213e620

Error: (09/17/2013 00:52:15 PM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (09/16/2013 06:19:48 PM) (Source: MsiInstaller)(User: Samsung-PC)
Description: Product: Adobe Setup -- Please install Adobe Setup using Setup.exe(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/16/2013 06:16:56 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3032.61 MB
Available physical RAM: 1364.04 MB
Total Pagefile: 6063.42 MB
Available Pagefile: 4424.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:112 GB) (Free:46.46 GB) NTFS
Drive d: () (Fixed) (Total:166.88 GB) (Free:166.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: BCF3B704)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=167 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19 GB) - (Type=27)

==================== End Of Log ============================

cosinus · 17.09.2013, 15:22

Hallo und

Zitat:

ZeroAccess:
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\@
C:\Windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\U\00000001.@

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

DonDraper · 17.09.2013, 15:41

Sehr geehrter cosinus,

vielen Dank für die schnelle Antwort.

Die Infizierung ist schlimmer als erwartet, deswegen würde ich gerne mit einer Bereinigung fortfahren, auch wenn es möglicherweise mit einer Neuinstallation endet.
Glücklicherweise habe ich bis jetzt noch kein Onlinebanking von diesem Computer aus betrieben. Soweit mit bekannt ist habe ich keine sensiblen Daten auf dem Computer, könnte jedoch eine Gefahr bestehen, bezüglich Onlineplatformen wie ebay oder paypal?

Mfg
DonDraper

cosinus · 17.09.2013, 16:06

Zitat:

Die Infizierung ist schlimmer als erwartet, deswegen würde ich gerne mit einer Bereinigung fortfahren,

Wenn die viel schlimmer als erwartet ist würde man eher damit eine Neuinstallation begründen ,aber gut

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

DonDraper · 17.09.2013, 18:06

C:\Combifix.txt

Code:

ATTFilter

ComboFix 13-09-17.01 - Samsung 17/09/2013  17:03:29.1.2 - x64
Running from: c:\users\Samsung\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\QuickTime\QTTask.exe
c:\programdata\75d32cb352bfe22cc32d809c50937f83_c
c:\programdata\go_0molg.pad
c:\programdata\WmiModules
c:\users\Samsung\AppData\Roaming\7 9
c:\users\Samsung\AppData\Roaming\7 9\_ctypes.pyd
c:\users\Samsung\AppData\Roaming\7 9\_hashlib.pyd
c:\users\Samsung\AppData\Roaming\7 9\_socket.pyd
c:\users\Samsung\AppData\Roaming\7 9\_ssl.pyd
c:\users\Samsung\AppData\Roaming\7 9\bz2.pyd
c:\users\Samsung\AppData\Roaming\7 9\library.zip
c:\users\Samsung\AppData\Roaming\7 9\numpy.core._dotblas.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.core._sort.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.core.multiarray.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.core.scalarmath.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.core.umath.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.fft.fftpack_lite.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.lib._compiled_base.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.linalg.lapack_lite.pyd
c:\users\Samsung\AppData\Roaming\7 9\numpy.random.mtrand.pyd
c:\users\Samsung\AppData\Roaming\7 9\pyopencl._cl.pyd
c:\users\Samsung\AppData\Roaming\7 9\select.pyd
c:\users\Samsung\AppData\Roaming\7 9\unicodedata.pyd
c:\users\Samsung\AppData\Roaming\Afzi
c:\users\Samsung\AppData\Roaming\Afzi\exoki.uco
c:\users\Samsung\AppData\Roaming\Avok
c:\users\Samsung\AppData\Roaming\Avok\muxi.kei
c:\users\Samsung\AppData\Roaming\Byfiow
c:\users\Samsung\AppData\Roaming\Byfiow\avew.tya
c:\users\Samsung\AppData\Roaming\Deor
c:\users\Samsung\AppData\Roaming\Deor\ohnu.acc
c:\users\Samsung\AppData\Roaming\Ebqui
c:\users\Samsung\AppData\Roaming\Ebqui\sekom.izy
c:\users\Samsung\AppData\Roaming\Ewfi
c:\users\Samsung\AppData\Roaming\Ewfi\hiqos.veo
c:\users\Samsung\AppData\Roaming\Huahit
c:\users\Samsung\AppData\Roaming\Huahit\acro.ohb
c:\users\Samsung\AppData\Roaming\Ibmim
c:\users\Samsung\AppData\Roaming\Ibmim\icak.yku
c:\users\Samsung\AppData\Roaming\Idmuxa
c:\users\Samsung\AppData\Roaming\Idmuxa\abhu.tax
c:\users\Samsung\AppData\Roaming\Inwoux
c:\users\Samsung\AppData\Roaming\Inwoux\celou.avu
c:\users\Samsung\AppData\Roaming\Kaly
c:\users\Samsung\AppData\Roaming\Kaly\foegq.foa
c:\users\Samsung\AppData\Roaming\Kooxa
c:\users\Samsung\AppData\Roaming\Kooxa\imaf.ocu
c:\users\Samsung\AppData\Roaming\Meduo
c:\users\Samsung\AppData\Roaming\Meduo\ytqaa.ech
c:\users\Samsung\AppData\Roaming\Oqfena
c:\users\Samsung\AppData\Roaming\Oqfena\ardy.awu
c:\users\Samsung\AppData\Roaming\Piyhy
c:\users\Samsung\AppData\Roaming\Piyhy\xefuo.icv
c:\users\Samsung\AppData\Roaming\Rayp
c:\users\Samsung\AppData\Roaming\Rayp\ikheo.uby
c:\users\Samsung\AppData\Roaming\Tirihy
c:\users\Samsung\AppData\Roaming\Tirihy\merep.dov
c:\users\Samsung\AppData\Roaming\Tuifeg
c:\users\Samsung\AppData\Roaming\Tuifeg\suoru.lut
c:\users\Samsung\AppData\Roaming\Ufid
c:\users\Samsung\AppData\Roaming\Ufid\deyx.ufb
c:\users\Samsung\AppData\Roaming\Vydo
c:\users\Samsung\AppData\Roaming\Vydo\utlyf.ani
c:\users\Samsung\AppData\Roaming\Xatei
c:\users\Samsung\AppData\Roaming\Xatei\gebo.yhg
c:\users\Samsung\AppData\Roaming\Yhtyyk
c:\users\Samsung\AppData\Roaming\Yhtyyk\buyk.pyn
c:\users\Samsung\AppData\Roaming\Ysli
c:\users\Samsung\AppData\Roaming\Ysli\ixduf.xeb
c:\users\Samsung\AppData\Roaming\Zoyp
c:\users\Samsung\AppData\Roaming\Zoyp\suip.cue
c:\users\Samsung\AppData\Roaming\Zyobub
c:\users\Samsung\AppData\Roaming\Zyobub\avuhu.iky
c:\users\Samsung\AppData\Roaming\Zyyrh
c:\users\Samsung\AppData\Roaming\Zyyrh\lood.ybe
c:\windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
c:\windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\@
c:\windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\U\00000001.@
c:\windows\Installer\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}\U\80000000.@
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-17 12:48 . 2013-09-17 12:48	--------	d-----w-	C:\FRST
2013-09-02 17:58 . 2013-09-02 17:58	--------	d-----w-	c:\programdata\APN
2013-09-02 17:57 . 2013-09-03 17:34	--------	d-----w-	c:\program files (x86)\TornTV.com
2013-08-20 11:46 . 2013-08-20 11:47	--------	d-----w-	c:\users\Samsung\AppData\Roaming\7 Sticky Notes
2013-08-20 11:46 . 2012-10-13 21:20	805376	----a-w-	c:\windows\SysWow64\EditCtlsU.ocx
2013-08-20 11:46 . 2011-08-13 20:06	1031168	----a-w-	c:\windows\SysWow64\ExLVwU.ocx
2013-08-20 11:46 . 2011-05-20 23:02	604672	----a-w-	c:\windows\SysWow64\ExTVwU.ocx
2013-08-20 11:46 . 2000-05-22 11:58	140488	----a-w-	c:\windows\SysWow64\comdlg32.ocx
2013-08-20 11:46 . 1998-06-24 00:00	198456	----a-w-	c:\windows\SysWow64\MCI32.OCX
2013-08-20 11:46 . 2009-06-07 08:27	1071088	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-08-20 11:46 . 2005-04-15 14:58	1351392	----a-w-	c:\windows\SysWow64\comctl32.ocx
2013-08-20 11:46 . 2004-03-09 13:45	212240	----a-w-	c:\windows\SysWow64\richtx32.ocx
2013-08-20 11:46 . 2004-03-08 23:00	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2013-08-20 11:46 . 2008-01-19 10:34	554008	----a-w-	c:\windows\SysWow64\dao360.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 22:12 . 2012-07-20 08:50	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 22:12 . 2011-05-13 10:14	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 19:13 . 2013-08-12 19:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-12 19:13 . 2012-08-30 12:35	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-08-12 19:13 . 2011-08-22 14:18	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-27 22:30 . 2013-04-02 17:34	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:30 . 2012-07-12 13:03	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:30 . 2012-07-12 13:02	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-04 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110704.050\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110704.050\IDSvia64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=1657062287
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 4a641f810000000000004aeddeeafadb
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15864
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.515:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119556
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Game Console - WildGames - c:\program files (x86)\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-Screensaver for POS - c:\programdata\{E2E6B1BB-DCEE-44AA-9297-620F57526D15}\Storecast Screensaver POS.exe
AddRemove-WildTangentGameProvider-wildgames-main - c:\program files (x86)\WildGames\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT085559 - c:\program files (x86)\WildGames\Diner Dash 2 Restaurant Rescue\Uninstall.exe
AddRemove-WT085567 - c:\program files (x86)\WildGames\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT085580 - c:\program files (x86)\WildGames\John Deere Drive Green\Uninstall.exe
AddRemove-WT085581 - c:\program files (x86)\WildGames\Penguins!\Uninstall.exe
AddRemove-WT085583 - c:\program files (x86)\WildGames\Polar Golfer\Uninstall.exe
AddRemove-WT085587 - c:\program files (x86)\WildGames\Agatha Christie - Death on the Nile\Uninstall.exe
AddRemove-WT085597 - c:\program files (x86)\WildGames\Build-a-lot\Uninstall.exe
AddRemove-WT085618 - c:\program files (x86)\WildGames\Farm Frenzy\Uninstall.exe
AddRemove-WT085622 - c:\program files (x86)\WildGames\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT085663 - c:\program files (x86)\WildGames\Peggle\Uninstall.exe
AddRemove-WT085669 - c:\program files (x86)\WildGames\Plants vs. Zombies\Uninstall.exe
AddRemove-WT089285 - c:\program files (x86)\WildGames\Zuma Deluxe\Uninstall.exe
AddRemove-WT089286 - c:\program files (x86)\WildGames\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-{2B5DDACD-15FA-4E2D-96B9-F6F844A4D433} - c:\programdata\{E2E6B1BB-DCEE-44AA-9297-620F57526D15}\Storecast Screensaver POS.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_Ì\00\00Ì\00\00\00\00\03\00JKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Ì\00\00Ì\00\00\00\00n\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052373595-2782729040-2076756327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2052373595-2782729040-2076756327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2013-09-17  18:29:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-17 17:29
.
Pre-Run: 9 Verzeichnis(se), 48,454,914,048 Bytes frei
Post-Run: 13 Verzeichnis(se), 48,142,708,736 Bytes frei
.
- - End Of File - - 9955EB3B429AB8C4F0EA4B3836DAA28E
2E5DEBB2116B3417023E0D6562D7ED07

cosinus · 17.09.2013, 21:42

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

DonDraper · 17.09.2013, 22:31

mbar-log-2013-09-17 (21-54-25)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Samsung :: SAMSUNG-PC [administrator]

17/09/2013 21:54:25
mbar-log-2013-09-17 (21-54-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 224484
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKLM\SOFTWARE\CLASSES\INTERFACE\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{DA6305B9-0869-4235-8C1D-533A65E639E5} (Adware.ClickPotato) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} (Adware.ShopperReports) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{E6961C59-CFCE-4CCD-B794-BC78DB98413A} (Adware.ShopperReports) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mbar-log-2013-09-17 (22-12-44)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Samsung :: SAMSUNG-PC [administrator]

17/09/2013 22:12:44
mbar-log-2013-09-17 (22-12-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 224320
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 18.09.2013, 09:43

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

DonDraper · 18.09.2013, 12:20

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.004 - Bericht erstellt am 18/09/2013 um 11:21:10
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Samsung - SAMSUNG-PC
# Gestartet von : C:\Users\Samsung\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\TornTV.com
Ordner Gelöscht : C:\Users\Samsung\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Samsung\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\jetpack
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\\invalidprefs.js
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5f57d8ddb56ae440
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_divx-plus-web-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_divx-plus-web-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-flight-simulator-x_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_microsoft-flight-simulator-x_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sticky-notes_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sticky-notes_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_whitesmoke-writer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_whitesmoke-writer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\HappyLyrics
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "8");
Zeile gelöscht : user_pref("extensions.delta.cntry", "GB");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "F3F4F533596F4EC86F9A24AC5F6A8B6B");
Zeile gelöscht : user_pref("extensions.delta.id", "4a641f810000000000004aeddeeafadb");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15864");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.515:54:33");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.515:54:33");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119556");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "1401");
Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Zeile gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1370703264412 - onFlagInfoReceived - Saving server mapping version\n1370703264412 - onFlagInfoReceived - No user current mapping version specified, set to '0'\[...]
Zeile gelöscht : user_pref("extensions.wajam.unique_id", "059D2179BB1DFDCAC899B03561185301");
Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
Zeile gelöscht : user_pref("id_chatzum_softonic.firstlaunch", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.guid", "%7B9251184A-224D-5DEB-72B3-93536B6DE7DB%7D");
Zeile gelöscht : user_pref("id_chatzum_softonic.hiddenvisual", 0);
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar10", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar2", "%12%15%16%14%13%15%11%11%1B%14");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar3", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar4", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar5", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar6", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar7", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar8", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar9", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var1", "62");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var10", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var2", "1657062287");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var3", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var4", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var5", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var6", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var7", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var8", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var9", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic_installed_version", "1.0.20");

*************************

AdwCleaner[R0].txt - [16457 octets] - [18/09/2013 11:20:08]
AdwCleaner[S0].txt - [15789 octets] - [18/09/2013 11:21:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15850 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Samsung on 18/09/2013 at 11:30:47.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2052373595-2782729040-2076756327-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\chatzum_softonic_yahoo_62_v5_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\chatzum_softonic_yahoo_62_v5_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\chatzum_softonic_yahoo_62_v5_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\chatzum_softonic_yahoo_62_v5_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{00191CB6-695D-44CB-AE18-A6F0E2CE65E9}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0032CC15-D961-4374-83F5-35F7180F9938}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{017F0F59-3F27-4FC4-8B72-B2D9A9533F5A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{02047EB3-EE40-41B9-9120-0AB5B902B230}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{021C4945-3C13-4EC3-A091-826D02B438F2}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0257F906-78B5-4EA3-85C9-E316E86BAABA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{02B1574B-FF52-4460-9040-940F66F92413}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0310612F-243A-44C0-B077-A95D8FC3BFA4}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{04245AF1-D146-4141-B04D-42A2F524367A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{04475976-6E43-4F96-9756-E9F333939AAE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{044D8AF5-FDD7-4C1A-BF67-1908380FA4FD}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{051A6A1C-BCD6-4D04-BB63-45F0EBD025FD}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{060C586E-86A0-4380-A6D2-E2AEBC91FC5D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{064930CC-58AA-45C3-8667-758ECCF71764}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{078F4CFF-A5BA-4DE9-9FA6-5CDD94B8E8A1}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0894FAC2-528E-4C87-8AD0-74F7DB3EF6E1}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{08C643C7-E286-4A56-A076-CE035B1287EF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0904E055-0140-44DE-AB1D-0612664F97AB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{09F68155-C976-4511-B2E5-CDF92BC8841A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0A7F22FC-C9B6-45BB-9713-13C489504E68}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0BE417B7-6058-4468-8CDD-25B668005971}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0CA2118B-6D6C-430E-8EDE-94FDAFDEA942}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0DE6379F-97EC-4918-B040-1475E4A9D59E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0F65C4FA-A37B-4436-8583-405C2CD0C05F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{0F9E0B6D-D270-4E9B-B383-D20C00E2F4AB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{128F5132-0566-402F-86D5-DF69425CDAAA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{1346B291-824F-45F1-A52D-FAD85059A666}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{13DA19DA-7C31-4FB1-B2E5-C3D38080CFEE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{17BB75BA-A01E-4283-8306-98710E951D50}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{196518F6-A81B-4789-8AC4-DCE43C638A7A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{1B8EC9A1-604D-499C-B244-05E1F7E3753A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{1D1BB69F-5869-496D-AEF2-AB0D40B03849}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{1E984EFA-207D-4C4A-9FE0-8B2294C7B800}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2176A029-9436-4427-A130-1004933624EB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{23A58268-3DA0-442A-8E17-9D97F73774CC}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2463262D-1CE5-4F94-A2B0-6723A8EF055C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{24B1BDB9-8C1F-4337-A341-73E04C8546E4}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{253D1090-27BC-41C1-9277-05DD65BDB590}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{26A64AC3-E83E-4F0F-AACB-8C2DABB9DF90}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2803FA8B-6006-43D4-B8AF-C776E5C3F48A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{28681490-B954-4C35-ACE6-5D009CA4B0EE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{297BC331-7B8E-4F88-A83B-1B53600D8D8E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2ADADFCB-54AD-4D05-827C-FF6F5E1CDAD4}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2AE08745-F22F-494E-8E2A-B06C02908DB9}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2CA741F3-3924-4B16-B3E8-94CF6A57741D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2D480690-5E47-43B2-8D77-6689A79B8ACB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{2FF40E25-3DE6-4C5F-97E0-8131E0C91141}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{307C4DA5-5DF2-4DDD-8EDE-15FD58CD231F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{30E64295-3ACE-4C99-BEBD-27A4890295BF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{318DA822-DCA7-4301-8ED0-E3C6A0A466A8}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{32A783B1-7650-4D07-A4AC-DD5F8C3A2C7F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{33D304E9-0131-499F-A8F3-354943BACC63}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{33DFE52B-DC33-4CF8-8633-F99465F529D3}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3470F213-1216-4183-8A26-C18EDD8D53BB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{353DA07F-8AB0-4DAD-BA01-00C56D4B3F1C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{360965AE-02BF-4CF6-83E4-43616577A082}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3667520C-782B-4424-98F5-40CD599ABDA6}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3A31FA37-50D4-4570-AA24-3B685752B79E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3DEB2867-D224-4616-88AC-682FB405E27B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3EA6186C-0894-45FC-BE3A-04342A76743B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{41D132F2-E0E8-4BBE-8B8B-F44DDE6400FF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{4221831A-5A8A-4045-92F5-D8E3E2F3311B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{43A14B23-50CC-4441-A8B1-30EBADC7F94D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{45186DED-FA4A-4ED9-BE37-8FC92707B178}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{456B416C-27A3-4021-96BA-ABAD68E8725C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{46CE6477-CBA3-453F-AB25-5C30A64E456E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{478FB685-93B1-4324-84BF-020F47A90A34}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{47D368F7-6128-4678-B0CF-3F4F492852C5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{4850050D-C577-4BA0-9E0C-224E5DFB0B65}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{4B53B217-FA40-42C1-8B1A-1363CB896763}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{4CEC6EF9-BA19-473D-97CE-F066D251F990}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{4DFCA2A8-EF3F-473A-B71A-AE459FF4D82C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{509DE78B-A44C-48D5-A05B-73098BC9563E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{50FD931C-86B3-42CD-B219-0680F757A2B9}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{526EA994-7C0C-42D1-9DEF-BDF32F218792}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{543A58C1-E17D-4A1D-892A-C3442747A607}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{553327BF-0882-4F7D-87F1-DADD84C31B62}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{565BBAD2-9408-43AF-AC8E-C550B772B1B2}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{56E430BD-4D36-4F13-B894-B51603E0254E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{57381588-32B2-4060-BD42-2345A87DF075}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{57F645F1-A3A6-4475-97A8-A1165BB15A8E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{595B1EF0-E444-4D03-BEB6-7CB5BE8C8322}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{5A8A0CEE-4D12-4E14-860C-EC02FEA1B84C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{60268F04-D7F4-4E7E-9F78-28BF8FD7AE78}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{607C815E-5FBC-4F28-8DCB-39ED88E3C814}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{62D71C65-D7D8-45E9-BEA0-9D954E5B03EA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{63A46C44-FB27-4D4A-98F1-D60E343B5F21}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{63A4F4E6-FF47-4B17-BE18-F01391D5570B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{63F1E484-84DF-40CA-A842-D02C2D8DEA55}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{654B1DCE-881E-433C-8001-A708A9071FFC}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{65A96FF2-FC60-4549-AC9C-1321BCE89F3A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{664A7945-1F17-4218-9D86-9DA6E55C2A2D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{666C8FD0-E020-4E79-86EE-9BFDDFD74E11}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{67232EF0-077D-4C62-8AB6-EABA6127F3E1}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6A275AFA-0471-474C-878C-058EA363FE7F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6B056FBA-D6A6-4ABD-8562-81AB145D58A1}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6B2AF054-20B4-47D5-8A33-6DE94463CC2D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6BFA0ADB-2472-464F-ABD8-82B4DF4465E7}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6E4FB388-BF13-4F6C-A0E9-B8B7756EF6FA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6E7AAC51-066A-4645-AF8B-D2B0092F1144}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6EC10F11-ED89-433F-8DA7-4092E5D09C66}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6F1EACF5-B378-41D4-95BB-B8DA02DB2F28}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{6FA69456-5DB6-46CB-B9CB-A37F1E6F70F5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{700B182D-FDFC-49DD-A104-E45EA54FE12D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7029BF04-08DF-4083-9DCD-5F44A45A1A63}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7063C71B-B83C-4252-9718-D0046980A62B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{723E798E-C8C8-4DC2-92F2-233544584279}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{76024F0A-4FD4-45D2-9498-53B132703210}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{77106294-08E3-4E5B-8CE9-88D63081B08D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{784C9550-CAAD-4A51-8A73-81C753F6454D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{78B7881C-7DB0-4E29-A654-A4B5DF8F34CA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7B09649A-8CD7-434E-BFE4-AC59134C637E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7B0EB3D8-2743-4514-AE51-CBE3BDB24986}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7B22CBC6-34B6-4AAD-8DA4-8A6641BC12C3}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7D741D1E-D502-4A97-BF8D-5DB6B077DEC2}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{7E1A41AB-27FF-4596-8613-5C45A32BD3F3}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8151B467-56D4-4714-BD1D-5296620842A5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8260E53A-160A-4C11-9BB9-18F778FB13E5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{842E637D-5FF3-4083-99D4-B56DE5879113}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{864D0E10-0F74-40DE-85D2-E047D2170BCE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{87F5EB28-0946-40B2-B137-0D56A8E765CA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8824EB65-F6B3-4AC2-8A78-40F69356D3D2}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8843362E-99CC-4002-A21E-5677A632E943}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{89120179-F8BE-4C22-8A38-E9B7525075B6}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8947F005-5F06-4BF2-84F8-AE787D7986A5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{89601C1F-4EFC-415E-A598-B7A1311883B8}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8ACD902E-8980-4FAD-A865-B2074BE6EC93}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8BD4DA7B-09F5-454B-809A-4A34416B2DE8}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8D391818-4B97-4CCD-8685-F37118947B9F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8E01D55E-0175-41F9-82AD-138BECC541B7}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{8FAD49FE-6503-465C-A942-2640F67F39A6}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{9100C2EB-DA7C-487D-BEC1-96DD643D2126}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{91AD847F-7251-4AA6-A6D9-34D4AD677ACB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{92161DBA-2484-491B-A379-7E732C74D800}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{92B5DBA3-6B5A-4322-94C1-287A03798BD6}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{931B317D-F9F3-4B10-BF58-935F9DBB856F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{98CB9F2C-4AF4-4DCA-8AAF-09447F3DAC66}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{990564E4-B8D4-4532-8A25-6E00395131C0}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{99FB0CA7-B899-4537-AA7C-58CCB5EA4568}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{9AE6BCE2-7017-4F60-8B25-235CA8F2E9E6}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{9B4B9FB5-CA7E-49FB-B386-A23580C7ABDE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{9B804A9B-CDC5-4A16-99FD-ED5EE9E8F323}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{9D6A6426-4A8E-4F96-A123-B60185EBE37A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{A182CCDF-7367-4E45-A08E-D97D6A2118F0}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{A2330A7D-57B1-48E1-BE78-3EA441D666FC}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{A4FBE0DE-067F-4644-9A1A-5E4788E4454A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{A6CBBD22-77AE-4848-ACEE-974616CE8CEE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{A919F30D-7FA5-4764-BF85-928BD2D68813}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{AA021C6C-62E8-49CB-A40B-3EB7C1DEAA9C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{ACB099E8-6EA9-4F2B-B8AD-1E0850BB3071}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{AEFABB81-6056-4AFE-93C0-FF9AC77468EB}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{AF94E97D-DB53-491F-BD7C-F6A9C2BA682D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{AFAD126E-B103-45C7-AC24-0258A149A166}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{AFDFC864-561F-440E-91CB-701F18A242F4}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B0A49D0D-2E9B-4FF0-BC84-F65A6F5FA87E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B1D03553-83FA-45B2-9A62-CC9E679B4DA3}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B267E7D0-ECD0-4536-A089-65535097CA0F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B2ACE754-3CBF-4060-8C5F-B7AFE2771059}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B2DE9251-BE63-4709-A738-6F5EB818A2CC}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B4D780C2-8CC0-4137-8F06-042D2A2077EC}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{B756148C-6BA6-4FD6-933D-0486EFF219B6}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BAB7CB34-7E81-4C39-BB2D-AE3865C9A0AA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BBD24999-5024-4291-932F-BA0D3672C7F5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BC84231E-2585-4713-98B9-E49C3BA44935}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BCB2DE21-EEF3-4DFA-A623-9EC6DCC2ED34}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BCF9F8C0-C4B9-4E4F-8A60-81F7C762FAFA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BDE4E08C-65E3-47AC-9D4A-C2068F7C0889}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{BF00A660-0E77-49FA-B892-F399730014AE}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C0683B70-61D5-49EF-939B-4BF2A2AB3468}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C1440283-C1F1-4CDB-ADDD-5ADE75C0A4D9}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C20B5188-C091-4EF8-949E-C7E2FB552EBF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C3095A39-791C-4039-99D2-CDA9B9CFB75D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C3D1AD7A-DDBE-440B-8114-C770A1EEDBE5}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C3D8A191-3857-4D1A-8A21-1507E6BCD3D7}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C4176E39-3E65-463F-8A8F-561EFAB0E62D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C455365E-0716-42D5-8E19-270EFA8F29FD}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C4856520-4320-4CDE-8988-DDA28E77BF9F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C603E344-BE6D-49CD-9FF0-616B5738771B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C728921F-D9E8-4DEB-9522-BE08119B7B8B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{C93D5C69-642F-4170-BEC1-EA5A02FB4BBA}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{CA404C51-79B9-42C2-B3D2-DC81D56885E2}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{CC4F4AFD-0C63-45F7-8F37-B8C20B04B57E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{CF7DBB8F-0568-43A1-93E8-24DB0A7FD221}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{CFEA746E-C04B-4839-93AA-A68495ABBB3A}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{D1A44F67-261F-4A66-930A-F28EEF23824B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{D288A026-4D57-4756-A816-D27A546E7B3C}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{D38B2713-D4F2-496F-BA48-7CE4D0F34239}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{D64383C6-2D2A-4A61-AA71-88F17FD581A2}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{D773EABC-02A2-4241-948E-7B50DD8320F3}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{D8D215C7-1015-4F84-BD69-A27865A846C9}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{DACCF05A-41BC-4B43-ADED-1BBC7818CCE0}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{DB4BA1EF-6E70-4083-9EB9-7A970D193EE4}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{DCEE0494-4672-4C7B-9336-A772167DD9D1}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{DD3607A5-1FAB-4068-BB09-A472D6CBB26D}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{DF30B691-9A12-4027-8D83-1901A9552AFF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E0E6E184-1C0D-454C-8C8D-23BC857BB2B7}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E124EA4B-0820-4EC8-98D9-C0FB3916FADF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E2229573-C048-423D-958C-3B9D806A1D1B}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E25F0025-9D47-46C1-98DC-BD46765A03B8}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E2823CE3-06C0-453A-A2B0-FD9482999856}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E63A3E14-2034-4849-84A0-B608A75C8990}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E7C12B37-D9DE-4486-BC5C-F6A37DEC2D07}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E92496DB-EAFE-4174-A704-D507AB5A7B45}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{E996A9AD-CA1C-46C8-A785-F61A575DFC6F}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{EB3F9C98-CD5E-4D3E-B595-71EFCD5EC782}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{F0496777-FE39-440C-AE03-4E52EEDE8A25}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{F102A0B8-C592-4229-A79B-CF6F1CE91C63}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{F14A29E1-51F9-4877-8CAE-3810505B312E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{F4853D93-CCCA-4182-8A90-13D057126034}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{F52DF561-49BA-49F4-9733-3487DC61DD52}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{F7C9DB3E-A39D-49C4-A426-A4EF29DD5F92}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{FD4BB1FE-497D-43A4-AF18-C807908B4770}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{FDF92031-6837-49AA-9AA9-6D14B1346CBD}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{FFB3673D-D896-4F30-8D53-C06FA3772F37}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{FFC5DCB7-3B6B-4520-9B71-24070406FAB6}



~~~ FireFox

Successfully deleted: [File] C:\Users\Samsung\AppData\Roaming\mozilla\firefox\profiles\epgkek8r.default\extensions\trtv3@trtv.com.xpi
Successfully deleted the following from C:\Users\Samsung\AppData\Roaming\mozilla\firefox\profiles\epgkek8r.default\prefs.js

user_pref("extensions.questscan.init", true);
Emptied folder: C:\Users\Samsung\AppData\Roaming\mozilla\firefox\profiles\epgkek8r.default\minidumps [227 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/09/2013 at 11:44:06.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 18.09.2013, 12:48

SInd die FRST-Logs zu groß?

DonDraper · 18.09.2013, 12:50

Sie sind zu groß, ich bin über dem Limit für Wortzeichen.

cosinus · 18.09.2013, 13:09

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
C:\ProgramData\s144ETd.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

DonDraper · 18.09.2013, 13:19

Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by Samsung at 2013-09-18 13:18:01 Run:1
Running from C:\Users\Samsung\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b}
C:\ProgramData\s144ETd.dat
         
*****************

C:\Users\Samsung\AppData\Local\{e5c35188-5e83-fdaa-7b9a-12f3189b327b} => Moved successfully.
C:\ProgramData\s144ETd.dat => Moved successfully.

==== End of Fixlog ====

cosinus · 18.09.2013, 13:27

Ok, ein neues FRST Log bitte.

DonDraper · 18.09.2013, 13:30

Neues FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Samsung (administrator) on SAMSUNG-PC on 18-09-2013 13:28:16
Running from C:\Users\Samsung\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2586504 2010-08-05] (ELAN Microelectronics Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Policies\system: [DisableLockWorkstation] 1
HKCU\...\Policies\system: [DisableChangePassword] 1
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 1
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273528 2011-10-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: https://www.google.co.uk/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DivXWebPlayer - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: No Name - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\epgkek8r.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-13] ()
S3 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-12] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110704.050\IDSvia64.sys [488056 2011-06-03] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110704.050\IDSvia64.sys [488056 2011-06-03] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110705.002\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-01-17] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-01-17] (Windows (R) 2003 DDK 3790 provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 12:24 - 2013-09-18 12:24 - 00000000 ____D C:\Users\Samsung\Desktop\marketing
2013-09-18 12:22 - 2013-09-18 12:23 - 00000000 ____D C:\Users\Samsung\Desktop\oli
2013-09-18 12:19 - 2013-09-18 12:19 - 00010893 _____ C:\Users\Samsung\Desktop\FRST.7z
2013-09-18 12:18 - 2013-09-18 12:18 - 00005192 _____ C:\Users\Samsung\Desktop\Addition.7z
2013-09-18 12:14 - 2013-09-18 12:14 - 00017576 _____ C:\Users\Samsung\Desktop\Addition.txt
2013-09-18 12:08 - 2013-09-18 12:08 - 01950524 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2013-09-18 11:44 - 2013-09-18 11:44 - 00025665 _____ C:\Users\Samsung\Desktop\JRT.txt
2013-09-18 11:30 - 2013-09-18 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-09-18 11:29 - 2013-09-18 11:29 - 01029675 _____ (Thisisu) C:\Users\Samsung\Desktop\JRT.exe
2013-09-18 11:25 - 2013-09-18 11:26 - 00000000 ____D C:\Users\Samsung\Desktop\1st run
2013-09-18 11:24 - 2013-09-18 11:24 - 00015931 _____ C:\Users\Samsung\Desktop\AdwCleaner[S0].txt
2013-09-18 11:20 - 2013-09-18 11:21 - 00000000 ____D C:\AdwCleaner
2013-09-18 11:17 - 2013-09-18 11:17 - 01039554 _____ C:\Users\Samsung\Desktop\adwcleaner.exe
2013-09-18 01:13 - 2013-09-18 01:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-18 01:02 - 2012-07-26 05:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-18 01:02 - 2012-07-26 05:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-18 01:02 - 2012-07-26 03:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-18 01:02 - 2012-06-02 15:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-18 00:53 - 2013-09-18 00:53 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-18 00:53 - 2013-09-18 00:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-18 00:53 - 2013-09-18 00:53 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-18 00:53 - 2013-09-18 00:53 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-18 00:53 - 2013-09-18 00:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-18 00:53 - 2013-09-18 00:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-18 00:53 - 2013-09-18 00:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-18 00:53 - 2013-09-18 00:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-18 00:53 - 2013-09-18 00:53 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-18 00:53 - 2013-09-18 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-18 00:53 - 2013-09-18 00:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-18 00:51 - 2013-09-18 00:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-18 00:48 - 2013-09-18 01:00 - 00013161 _____ C:\Windows\IE10_main.log
2013-09-18 00:18 - 2012-12-16 18:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-18 00:18 - 2012-12-16 15:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-18 00:18 - 2012-12-16 15:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-09-18 00:18 - 2012-12-16 15:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-18 00:17 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-18 00:17 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-18 00:17 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-18 00:17 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-18 00:17 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-18 00:17 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-18 00:17 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-18 00:17 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-18 00:07 - 2013-09-18 00:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-18 00:07 - 2013-09-18 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-17 22:38 - 2013-09-17 22:38 - 00003324 _____ C:\Windows\System32\Tasks\SamsungSupportCenter
2013-09-17 22:37 - 2013-09-18 00:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-17 21:52 - 2013-09-17 22:27 - 00000000 ____D C:\Users\Samsung\Desktop\mbar
2013-09-17 21:50 - 2013-09-17 21:50 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Samsung\Desktop\mbar-1.07.0.1005.exe
2013-09-17 21:49 - 2013-09-17 21:49 - 00008918 _____ C:\Users\Samsung\Desktop\Mappe1.xlsx
2013-09-17 19:12 - 2013-04-10 07:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-17 19:12 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-17 19:12 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-17 19:11 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-17 19:11 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-17 19:11 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-17 19:11 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-17 19:11 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-17 19:11 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-17 19:11 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-17 19:11 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-17 19:11 - 2013-02-15 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-17 19:11 - 2013-02-15 07:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-17 19:11 - 2013-02-15 07:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-17 19:11 - 2013-02-15 05:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-17 19:11 - 2013-02-15 05:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-17 19:11 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-17 19:11 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-09-17 19:11 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-17 19:11 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-09-17 19:11 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-09-17 19:10 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-17 19:10 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-17 19:10 - 2013-04-12 15:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-17 19:10 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-17 19:10 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-17 19:10 - 2013-02-27 07:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-17 19:10 - 2013-02-27 06:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-17 19:10 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-17 19:10 - 2013-02-27 05:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-17 19:09 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-17 19:09 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-17 19:09 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-17 19:09 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-17 19:09 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-17 19:09 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-17 19:09 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-17 19:09 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-17 19:09 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-17 19:09 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-17 19:09 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-17 19:09 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-17 19:09 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-17 19:09 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-17 19:09 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-17 19:09 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-17 19:09 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-17 19:09 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-17 19:09 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-17 19:09 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-17 19:09 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-17 19:09 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-17 19:09 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-17 19:09 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-17 19:09 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-17 19:09 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-17 19:09 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-17 19:09 - 2012-06-02 06:50 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-17 19:09 - 2012-06-02 06:48 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-17 19:09 - 2012-06-02 06:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-09-17 19:09 - 2012-06-02 06:45 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-17 19:09 - 2012-06-02 05:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-17 19:09 - 2012-06-02 05:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-17 19:09 - 2012-06-02 05:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-17 19:08 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-17 19:08 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-17 19:08 - 2012-11-01 06:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-17 19:08 - 2012-11-01 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-17 19:08 - 2012-11-01 05:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-09-17 19:08 - 2012-11-01 05:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-09-17 19:08 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-17 19:08 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-09-17 19:08 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-17 19:08 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-17 19:08 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-09-17 19:08 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-17 19:08 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-09-17 19:08 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-09-17 19:08 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-09-17 19:08 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-17 19:08 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-09-17 19:08 - 2010-06-26 04:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-09-17 19:08 - 2010-06-26 04:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-09-17 19:07 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-17 19:07 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-17 19:07 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-17 19:07 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-09-17 19:07 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-17 19:07 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-09-17 19:07 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-09-17 19:07 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-09-17 19:07 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-09-17 19:07 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-09-17 19:07 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-09-17 19:07 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-09-17 19:07 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-09-17 19:07 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-09-17 19:07 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-09-17 19:07 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-09-17 19:07 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-17 19:07 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-09-17 19:07 - 2012-11-20 06:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-17 19:07 - 2012-11-20 05:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-09-17 19:07 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-17 19:07 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-09-17 19:07 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-09-17 19:06 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-17 19:05 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-09-17 19:05 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-09-17 19:05 - 2012-08-11 01:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-17 19:05 - 2012-08-11 00:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-09-17 19:04 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-17 19:04 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-17 19:04 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-17 19:04 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-17 19:04 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-17 19:04 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-09-17 19:04 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-09-17 19:04 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-17 19:03 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-17 19:03 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-17 19:03 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-17 19:03 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-09-17 19:03 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-09-17 19:03 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-17 19:03 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-09-17 19:03 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-17 19:03 - 2013-01-03 07:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-17 19:03 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-17 19:03 - 2012-08-22 19:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-17 19:03 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-09-17 19:03 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-09-17 19:03 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-09-17 19:03 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-09-17 19:03 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-09-17 19:03 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-09-17 19:03 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-09-17 19:02 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-09-17 19:02 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-09-17 19:02 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-17 19:01 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-09-17 19:01 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-17 19:01 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-09-17 19:01 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-09-17 18:29 - 2013-09-17 18:29 - 00026002 _____ C:\ComboFix.txt
2013-09-17 17:30 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-17 17:30 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-17 17:30 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-17 17:30 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-17 17:30 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-17 17:30 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-17 17:30 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-17 17:29 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-17 17:29 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-17 17:19 - 2013-09-18 11:30 - 02015210 _____ C:\Windows\WindowsUpdate.log
2013-09-17 17:15 - 2013-09-17 17:15 - 00001236 _____ C:\Windows\PFRO.log
2013-09-17 17:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 17:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 17:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 17:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 17:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 17:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 17:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 17:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 16:56 - 2013-09-17 18:29 - 00000000 ____D C:\Qoobox
2013-09-17 16:56 - 2013-09-17 17:22 - 00000000 ____D C:\Windows\erdnt
2013-09-17 16:52 - 2013-09-17 16:53 - 05128653 ____R (Swearware) C:\Users\Samsung\Desktop\ComboFix.exe
2013-09-17 15:14 - 2013-09-18 13:05 - 00000392 _____ C:\Windows\setupact.log
2013-09-17 15:14 - 2013-09-17 15:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 14:57 - 2013-09-17 14:57 - 00010543 _____ C:\Users\Samsung\Desktop\Gmer.txt.7z
2013-09-17 14:56 - 2013-09-17 14:56 - 00000000 ____D C:\Users\Samsung\Desktop\7-Zip
2013-09-17 14:53 - 2013-09-17 14:53 - 01110476 _____ C:\Users\Samsung\Desktop\7z920.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00377856 _____ C:\Users\Samsung\Desktop\gmer_2.1.19163.exe
2013-09-17 13:48 - 2013-09-17 13:48 - 00000000 ____D C:\FRST
2013-09-17 13:46 - 2013-09-17 13:46 - 01950524 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2013-09-17 13:44 - 2013-09-17 13:44 - 00000000 _____ C:\Users\Samsung\defogger_reenable
2013-09-17 13:40 - 2013-09-17 13:40 - 00050477 _____ C:\Users\Samsung\Desktop\Defogger.exe
2013-09-16 19:56 - 2013-09-16 19:56 - 00000055 _____ C:\Users\Samsung\Desktop\setting.txt
2013-09-16 18:35 - 2013-09-16 18:35 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Opera
2013-09-16 18:25 - 2013-09-16 18:25 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-09-16 18:20 - 2013-09-16 18:20 - 00003250 _____ C:\Windows\System32\Tasks\{BA555178-ADB2-4B2F-B8E5-83CCDB03B4E7}
2013-08-20 12:46 - 2013-08-20 12:47 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\7 Sticky Notes
2013-08-20 12:46 - 2012-10-13 22:20 - 00805376 _____ C:\Windows\SysWOW64\EditCtlsU.ocx
2013-08-20 12:46 - 2011-08-13 21:06 - 01031168 _____ C:\Windows\SysWOW64\ExLVwU.ocx
2013-08-20 12:46 - 2011-05-21 00:02 - 00604672 _____ C:\Windows\SysWOW64\ExTVwU.ocx
2013-08-20 12:46 - 2009-06-07 09:27 - 01071088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-08-20 12:46 - 2008-01-19 11:34 - 00554008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dao360.dll
2013-08-20 12:46 - 2005-04-15 15:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2013-08-20 12:46 - 2004-03-09 14:45 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2013-08-20 12:46 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-08-20 12:46 - 2000-05-22 12:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2013-08-20 12:46 - 1998-06-24 01:00 - 00198456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCI32.OCX
2013-08-20 12:45 - 2013-08-20 12:45 - 06154467 _____ (Fabio Martin                                                ) C:\Users\Samsung\Downloads\Setup7StickyNotesv19.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00392032 _____ (Softonic                                        ) C:\Users\Samsung\Downloads\SoftonicDownloader_fuer_sticky-notes.exe

==================== One Month Modified Files and Folders =======

2013-09-18 13:12 - 2012-07-20 09:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 13:05 - 2013-09-17 15:14 - 00000392 _____ C:\Windows\setupact.log
2013-09-18 12:53 - 2013-09-17 17:19 - 02015210 _____ C:\Windows\WindowsUpdate.log
2013-09-18 12:24 - 2013-09-18 12:24 - 00000000 ____D C:\Users\Samsung\Desktop\marketing
2013-09-18 12:24 - 2010-11-12 23:29 - 00659314 _____ C:\Windows\system32\perfh007.dat
2013-09-18 12:24 - 2010-11-12 23:29 - 00134704 _____ C:\Windows\system32\perfc007.dat
2013-09-18 12:24 - 2009-07-14 06:13 - 01500120 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 12:23 - 2013-09-18 12:22 - 00000000 ____D C:\Users\Samsung\Desktop\oli
2013-09-18 12:19 - 2013-09-18 12:19 - 00010893 _____ C:\Users\Samsung\Desktop\FRST.7z
2013-09-18 12:18 - 2013-09-18 12:18 - 00005192 _____ C:\Users\Samsung\Desktop\Addition.7z
2013-09-18 12:14 - 2013-09-18 12:14 - 00017576 _____ C:\Users\Samsung\Desktop\Addition.txt
2013-09-18 12:08 - 2013-09-18 12:08 - 01950524 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2013-09-18 11:44 - 2013-09-18 11:44 - 00025665 _____ C:\Users\Samsung\Desktop\JRT.txt
2013-09-18 11:33 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 11:33 - 2009-07-14 05:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 11:30 - 2013-09-18 11:30 - 00000000 ____D C:\Windows\ERUNT
2013-09-18 11:29 - 2013-09-18 11:29 - 01029675 _____ (Thisisu) C:\Users\Samsung\Desktop\JRT.exe
2013-09-18 11:26 - 2013-09-18 11:25 - 00000000 ____D C:\Users\Samsung\Desktop\1st run
2013-09-18 11:24 - 2013-09-18 11:24 - 00015931 _____ C:\Users\Samsung\Desktop\AdwCleaner[S0].txt
2013-09-18 11:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 11:21 - 2013-09-18 11:20 - 00000000 ____D C:\AdwCleaner
2013-09-18 11:17 - 2013-09-18 11:17 - 01039554 _____ C:\Users\Samsung\Desktop\adwcleaner.exe
2013-09-18 11:12 - 2011-05-05 23:58 - 00000000 ___RD C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 11:12 - 2011-05-05 23:58 - 00000000 ___RD C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 11:11 - 2011-05-05 23:58 - 00001425 _____ C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-18 11:09 - 2009-08-02 03:27 - 00000000 ____D C:\Windows\Panther
2013-09-18 11:08 - 2009-07-14 05:45 - 04926016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 11:05 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-18 11:05 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-18 11:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-18 11:04 - 2010-11-12 23:22 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-18 11:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-09-18 11:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-09-18 11:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-18 11:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-18 01:25 - 2011-06-06 12:43 - 01516942 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-18 01:25 - 2011-06-06 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-18 01:15 - 2013-09-18 01:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-18 01:00 - 2013-09-18 00:48 - 00013161 _____ C:\Windows\IE10_main.log
2013-09-18 00:53 - 2013-09-18 00:53 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-18 00:53 - 2013-09-18 00:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-18 00:53 - 2013-09-18 00:53 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-18 00:53 - 2013-09-18 00:53 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-18 00:53 - 2013-09-18 00:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-18 00:53 - 2013-09-18 00:53 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-18 00:53 - 2013-09-18 00:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-18 00:53 - 2013-09-18 00:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-18 00:53 - 2013-09-18 00:53 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-18 00:53 - 2013-09-18 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-18 00:53 - 2013-09-18 00:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-18 00:53 - 2013-09-18 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-18 00:51 - 2013-09-18 00:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-18 00:51 - 2013-09-18 00:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-18 00:09 - 2013-09-17 22:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-18 00:09 - 2011-05-05 17:10 - 00000000 ____D C:\ProgramData\Skype
2013-09-18 00:07 - 2013-09-18 00:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-18 00:07 - 2013-09-18 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-17 22:38 - 2013-09-17 22:38 - 00003324 _____ C:\Windows\System32\Tasks\SamsungSupportCenter
2013-09-17 22:38 - 2010-11-12 06:03 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-09-17 22:37 - 2011-05-08 00:25 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Skype
2013-09-17 22:27 - 2013-09-17 21:52 - 00000000 ____D C:\Users\Samsung\Desktop\mbar
2013-09-17 22:07 - 2011-06-06 12:44 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\SoftGrid Client
2013-09-17 21:50 - 2013-09-17 21:50 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Samsung\Desktop\mbar-1.07.0.1005.exe
2013-09-17 21:49 - 2013-09-17 21:49 - 00008918 _____ C:\Users\Samsung\Desktop\Mappe1.xlsx
2013-09-17 18:30 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-17 18:29 - 2013-09-17 18:29 - 00026002 _____ C:\ComboFix.txt
2013-09-17 18:29 - 2013-09-17 16:56 - 00000000 ____D C:\Qoobox
2013-09-17 18:29 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-09-17 17:22 - 2013-09-17 16:56 - 00000000 ____D C:\Windows\erdnt
2013-09-17 17:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-09-17 17:15 - 2013-09-17 17:15 - 00001236 _____ C:\Windows\PFRO.log
2013-09-17 17:12 - 2013-05-02 09:55 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-17 16:53 - 2013-09-17 16:52 - 05128653 ____R (Swearware) C:\Users\Samsung\Desktop\ComboFix.exe
2013-09-17 15:14 - 2013-09-17 15:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 14:57 - 2013-09-17 14:57 - 00010543 _____ C:\Users\Samsung\Desktop\Gmer.txt.7z
2013-09-17 14:56 - 2013-09-17 14:56 - 00000000 ____D C:\Users\Samsung\Desktop\7-Zip
2013-09-17 14:54 - 2012-06-28 11:51 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-17 14:53 - 2013-09-17 14:53 - 01110476 _____ C:\Users\Samsung\Desktop\7z920.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00377856 _____ C:\Users\Samsung\Desktop\gmer_2.1.19163.exe
2013-09-17 13:48 - 2013-09-17 13:48 - 00000000 ____D C:\FRST
2013-09-17 13:46 - 2013-09-17 13:46 - 01950524 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2013-09-17 13:45 - 2011-05-07 23:51 - 00068784 _____ C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 13:44 - 2013-09-17 13:44 - 00000000 _____ C:\Users\Samsung\defogger_reenable
2013-09-17 13:44 - 2011-05-05 17:10 - 00000000 ____D C:\Users\Samsung
2013-09-17 13:40 - 2013-09-17 13:40 - 00050477 _____ C:\Users\Samsung\Desktop\Defogger.exe
2013-09-17 13:37 - 2011-08-18 10:16 - 00000000 ____D C:\Users\Samsung\AppData\Local\CrashDumps
2013-09-17 13:32 - 2011-09-20 13:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-17 13:30 - 2011-05-06 15:17 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Adobe
2013-09-17 13:11 - 2013-04-28 18:45 - 00000000 ____D C:\Users\Samsung\Desktop\pictures from the phone
2013-09-17 13:02 - 2011-08-11 11:29 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
2013-09-17 12:52 - 2012-07-12 14:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-16 19:56 - 2013-09-16 19:56 - 00000055 _____ C:\Users\Samsung\Desktop\setting.txt
2013-09-16 18:35 - 2013-09-16 18:35 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\Opera
2013-09-16 18:35 - 2011-05-05 17:11 - 00000000 ____D C:\Users\Samsung\AppData\Local\Adobe
2013-09-16 18:35 - 2009-07-14 03:34 - 00000403 _____ C:\Windows\win.ini
2013-09-16 18:25 - 2013-09-16 18:25 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-09-16 18:24 - 2011-05-05 17:11 - 00000000 ____D C:\ProgramData\Adobe
2013-09-16 18:20 - 2013-09-16 18:20 - 00003250 _____ C:\Windows\System32\Tasks\{BA555178-ADB2-4B2F-B8E5-83CCDB03B4E7}
2013-09-13 23:12 - 2012-07-20 09:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 23:12 - 2012-07-20 09:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 23:12 - 2011-05-13 11:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-01 17:08 - 2011-12-12 12:56 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-20 12:47 - 2013-08-20 12:46 - 00000000 ____D C:\Users\Samsung\AppData\Roaming\7 Sticky Notes
2013-08-20 12:45 - 2013-08-20 12:45 - 06154467 _____ (Fabio Martin                                                ) C:\Users\Samsung\Downloads\Setup7StickyNotesv19.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00392032 _____ (Softonic                                        ) C:\Users\Samsung\Downloads\SoftonicDownloader_fuer_sticky-notes.exe
2013-08-19 09:15 - 2012-07-12 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-09-13 22:25

==================== End Of Log ============================

--- --- ---

--- --- ---

18.09.2013, 12:48	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start SInd die FRST-Logs zu groß? __________________ Logfiles bitte immer in CODE-Tags posten

18.09.2013, 13:27	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start Ok, ein neues FRST Log bitte. __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start

Log-Analyse und Auswertung: Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start