| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Iminent hat mein Internet verseuchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.11.2013, 22:22
| #1 |
 |  Iminent hat mein Internet verseucht Die Startseite war erst irgendeine Suchmaschine, die ich nicht mehr erinnere. Jetzt ist es ASK, nachdem ich irgendeine andere Software runterlud und irrtuemlich auch ASK akzeptierte. Und ich kann die Startseite nicht dauerhaft ändern. Sie springt immer wieder zurueck auf ASK. Dann öffnen sich immer noch andere Webseiten (in einem neuen Fenster), ohne dass ich dies wuensche oder gar angeklickt habe. Insgesamt ist alles viel langsamer. Hier kommen die Files: defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:22 on 13/11/2013 (SantaClara) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013 01
Ran by SantaClara (administrator) on MELO on 13-11-2013 21:29:16
Running from C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\windows\system32\EscSvc64.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
() C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Farbar) C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe [214360 2011-01-21] (NewSoft Technology Corporation)
HKCU\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31012720 2013-11-03] (iMesh, Inc)
MountPoints2: {1ed749e8-69f2-11e2-be68-806e6f6e6963} - "D:\InstallNavi.exe"
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-10-29] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-29] (Iminent)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll [23616 2013-10-10] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll [20032 2013-10-10] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [486464 2013-10-10] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [659008 2013-10-10] () <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms}
BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost64.dll (SpeedAnalysis.com)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: coontiinueTosoave - {1DCE63B7-6C05-D920-EC87-68F8A715C19E} - C:\ProgramData\coontiinueTosoave\51a0b97656bd7.dll No File
BHO-x32: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO-x32: EbOoKBrowsoe - {C2AD2A3F-CECC-7692-CE9E-218B032C6887} - C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent)
Toolbar: HKLM-x32 - Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR Extension: (EbOoKBrowsoe) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1
CHR Extension: (Iminent) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.43.4.1_0
CHR Extension: () - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5
CHR Extension: (coontiinueTosoave) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1
CHR Extension: (Iminent Chrome Toolbar) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3423808 2013-10-10] (iMesh Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2886464 2013-10-29] (Iminent)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)
==================== Drivers (Whitelisted) ====================
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-11] (Emsisoft GmbH)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-11] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131112.002\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131113.001\ENG64.SYS [126040 2013-11-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131113.001\EX64.SYS [2099288 2013-11-08] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [x]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-13 21:27 - 2013-11-13 21:28 - 00000000 ____D C:\Users\SantaClara\Desktop\Trojaner-Hilfe
2013-11-13 21:22 - 2013-11-13 21:22 - 00000482 _____ C:\Users\SantaClara\Desktop\defogger_disable.log
2013-11-13 21:22 - 2013-11-13 21:22 - 00000000 _____ C:\Users\SantaClara\defogger_reenable
2013-11-13 08:03 - 2013-11-13 08:03 - 00002573 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-13 07:55 - 2013-11-13 07:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-13 01:28 - 2013-11-13 01:28 - 00000000 ____D C:\ProgramData\A3C7
2013-11-13 01:27 - 2013-11-13 01:27 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 01:27 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-13 01:27 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-12 23:31 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-12 23:31 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-12 23:31 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-12 23:31 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-12 23:31 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-11-12 23:31 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-11-12 23:31 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-11-12 23:31 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-11-12 23:31 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-12 23:31 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-11-12 23:31 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-11-12 23:31 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-11-12 23:31 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-11-12 23:31 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-11-12 23:31 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-11-12 23:31 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-11-12 23:31 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-12 23:31 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-11-12 23:31 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-11-12 23:31 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-11-12 23:30 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-12 23:30 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-12 23:30 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-12 23:30 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-12 23:30 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-12 23:30 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-12 23:30 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-12 23:30 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-12 23:30 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-12 23:30 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-12 23:30 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-12 23:30 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-12 23:29 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-12 23:29 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-12 23:29 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-12 23:29 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-12 23:29 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-12 23:29 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-12 23:29 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-12 23:29 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-12 23:29 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-12 23:29 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\Browser Manager
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-11 01:49 - 2013-11-11 01:49 - 00000000 ____D C:\FRST
2013-11-11 01:43 - 2013-11-11 01:43 - 00001188 _____ C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00001184 _____ C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\Documents\My Received Files
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\MusicNet
2013-11-11 01:26 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Local\iMesh
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\ProgramData\Wincert
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-11 01:25 - 2013-11-13 21:29 - 00000000 ____D C:\ProgramData\Datamngr
2013-11-11 01:25 - 2013-11-11 01:25 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-11-11 01:07 - 2013-11-11 01:07 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Sun
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Oracle
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-11 00:08 - 2013-11-11 00:08 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-11-11 00:07 - 2013-11-11 00:08 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis
2013-11-11 00:07 - 2013-11-11 00:08 - 00000000 ____D C:\Program Files (x86)\Speed Test Analysis
2013-11-11 00:07 - 2013-11-11 00:07 - 00001272 _____ C:\Users\SantaClara\Desktop\SpeedTestAnalysis.lnk
2013-11-11 00:07 - 2013-11-11 00:07 - 00000635 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\ProgramData\Iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\IminentToolbar
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\IN-MEDIAKG
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\HomepageFIX2013
2013-11-10 13:42 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2013-11-10 13:42 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-11-10 13:42 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2013-11-10 13:42 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-11-10 13:42 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2013-11-10 13:42 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2013-11-10 13:41 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2013-11-10 13:41 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2013-11-10 13:41 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2013-11-10 13:41 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2013-11-10 13:41 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2013-11-10 13:41 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2013-11-10 13:41 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2013-11-10 13:41 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2013-11-10 13:41 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-11-10 13:41 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2013-11-10 13:41 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-11-10 13:41 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-11-10 13:41 - 2013-07-31 00:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml
2013-11-10 13:41 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2013-11-10 13:41 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2013-11-08 08:16 - 2013-11-08 08:16 - 00001938 _____ C:\Users\SantaClara\Desktop\Memory Cleaner.lnk
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\KoshyJohn.com
2013-10-22 23:03 - 2013-10-22 23:03 - 00001946 _____ C:\Users\Public\Desktop\SW Update.lnk
2013-10-20 14:10 - 2013-10-20 14:12 - 00010307 _____ C:\Users\SantaClara\Documents\Kontakte ausland.odt
2013-10-14 00:12 - 2013-10-30 08:33 - 00000000 ____D C:\Users\SantaClara\AppData\Local\Thunderbird
2013-10-14 00:12 - 2013-10-14 00:12 - 00002086 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-10-14 00:12 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Thunderbird
2013-10-14 00:11 - 2013-11-09 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-14 00:11 - 2013-11-02 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-14 00:11 - 2013-10-14 00:11 - 00000000 ____D C:\ProgramData\Mozilla
==================== One Month Modified Files and Folders =======
2013-11-13 21:29 - 2013-11-11 01:25 - 00000000 ____D C:\ProgramData\Datamngr
2013-11-13 21:28 - 2013-11-13 21:27 - 00000000 ____D C:\Users\SantaClara\Desktop\Trojaner-Hilfe
2013-11-13 21:22 - 2013-11-13 21:22 - 00000482 _____ C:\Users\SantaClara\Desktop\defogger_disable.log
2013-11-13 21:22 - 2013-11-13 21:22 - 00000000 _____ C:\Users\SantaClara\defogger_reenable
2013-11-13 21:22 - 2013-04-27 18:48 - 00000000 ____D C:\Users\SantaClara
2013-11-13 21:19 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-13 21:17 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-11-13 08:04 - 2013-01-28 18:21 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-13 08:04 - 2013-01-28 18:21 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-13 08:04 - 2013-01-28 18:20 - 00000000 ____D C:\ProgramData\Norton
2013-11-13 08:03 - 2013-11-13 08:03 - 00002573 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-13 08:01 - 2013-01-28 18:20 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2013-11-13 08:01 - 2013-01-28 18:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-13 07:55 - 2013-11-13 07:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-13 01:34 - 2013-02-03 03:58 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-11-13 01:34 - 2013-02-03 03:58 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-11-13 01:34 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-13 01:29 - 2013-01-28 18:22 - 00000000 ____D C:\ProgramData\WinClon
2013-11-13 01:28 - 2013-11-13 01:28 - 00000000 ____D C:\ProgramData\A3C7
2013-11-13 01:27 - 2013-11-13 01:27 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 01:26 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-13 01:21 - 2013-01-28 17:15 - 01470106 _____ C:\windows\WindowsUpdate.log
2013-11-13 01:21 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-13 01:21 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2013-11-13 01:13 - 2013-08-27 06:13 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 01:09 - 2013-06-04 05:58 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 23:27 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-11-11 02:13 - 2013-04-27 18:52 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-11 02:13 - 2013-04-27 18:52 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-11 02:12 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\Browser Manager
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-11 01:49 - 2013-11-11 01:49 - 00000000 ____D C:\FRST
2013-11-11 01:43 - 2013-11-11 01:43 - 00001188 _____ C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00001184 _____ C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\Documents\My Received Files
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\MusicNet
2013-11-11 01:43 - 2013-11-11 01:26 - 00000000 ____D C:\Users\SantaClara\AppData\Local\iMesh
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\ProgramData\Wincert
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-11 01:25 - 2013-11-11 01:25 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-11-11 01:07 - 2013-11-11 01:07 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Sun
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Oracle
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-11 00:08 - 2013-11-11 00:08 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-11-11 00:08 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis
2013-11-11 00:08 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Speed Test Analysis
2013-11-11 00:08 - 2013-04-27 18:50 - 00000000 ____D C:\Users\SantaClara\AppData\Local\VirtualStore
2013-11-11 00:07 - 2013-11-11 00:07 - 00001272 _____ C:\Users\SantaClara\Desktop\SpeedTestAnalysis.lnk
2013-11-11 00:07 - 2013-11-11 00:07 - 00000635 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\ProgramData\Iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\IminentToolbar
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\IN-MEDIAKG
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\HomepageFIX2013
2013-11-09 19:41 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-11-09 19:38 - 2013-10-14 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-09 19:38 - 2012-08-05 22:07 - 00030208 _____ C:\windows\PFRO.log
2013-11-09 19:05 - 2013-02-17 17:21 - 00000000 ____D C:\windows\Minidump
2013-11-09 11:43 - 2013-09-14 20:11 - 00000000 ___RD C:\Users\SantaClara\Dropbox
2013-11-09 11:43 - 2013-09-14 20:05 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Dropbox
2013-11-09 11:24 - 2013-08-27 22:45 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\.oit
2013-11-09 11:14 - 2013-06-16 16:33 - 00000000 ____D C:\Users\SantaClara\AppData\Local\CrashDumps
2013-11-08 08:16 - 2013-11-08 08:16 - 00001938 _____ C:\Users\SantaClara\Desktop\Memory Cleaner.lnk
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\KoshyJohn.com
2013-11-05 23:58 - 2013-11-13 01:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-13 01:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 22:51 - 2013-05-14 18:27 - 00000000 ____D C:\Users\SantaClara\Documents\Photomuseum
2013-11-02 17:44 - 2013-10-14 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-31 23:08 - 2013-07-14 19:22 - 00014199 _____ C:\Users\SantaClara\Documents\pswd.odt
2013-10-31 07:05 - 2013-07-07 22:21 - 00000000 ____D C:\Users\SantaClara\Documents\Verwaltung - eigene
2013-10-30 08:33 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Local\Thunderbird
2013-10-22 23:03 - 2013-10-22 23:03 - 00001946 _____ C:\Users\Public\Desktop\SW Update.lnk
2013-10-22 23:03 - 2013-01-28 18:25 - 00000000 ____D C:\ProgramData\Samsung
2013-10-21 07:05 - 2013-04-27 18:58 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-182115508-3913688524-3247281400-1001
2013-10-20 14:12 - 2013-10-20 14:10 - 00010307 _____ C:\Users\SantaClara\Documents\Kontakte ausland.odt
2013-10-20 13:16 - 2013-07-07 10:16 - 00000000 ____D C:\Users\SantaClara\Documents\Beruf - Recht - BWL
2013-10-18 22:00 - 2013-05-17 19:01 - 00000000 ____D C:\Users\SantaClara\Documents\yo
2013-10-14 00:12 - 2013-10-14 00:12 - 00002086 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-10-14 00:12 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Thunderbird
2013-10-14 00:12 - 2013-05-22 19:47 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Mozilla
2013-10-14 00:11 - 2013-10-14 00:11 - 00000000 ____D C:\ProgramData\Mozilla
Files to move or delete:
====================
C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Some content of TEMP:
====================
C:\Users\SantaClara\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\SantaClara\AppData\Local\Temp\Delta.exe
C:\Users\SantaClara\AppData\Local\Temp\DeltaTB.exe
C:\Users\SantaClara\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\SantaClara\AppData\Local\Temp\MybabylonTB.exe
C:\Users\SantaClara\AppData\Local\Temp\propsys.dll
C:\Users\SantaClara\AppData\Local\Temp\SpeedTestSetup.exe
C:\Users\SantaClara\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-08 07:36
==================== End Of Log ============================
Additional Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2013 01 Ran by SantaClara at 2013-11-13 21:30:29 Running from C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89 Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Adobe Photoshop Elements 11 (x32 Version: 11.0) Adobe Reader X (10.1.3) MUI (x32 Version: 10.1.3) AllSharePlayLink (x32 Version: 1.0.0) Anleitung für Epson Connect (x32) Bitcasa version 0.9.20.4135 (Version: 0.9.20.4135) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Dropbox (HKCU Version: 2.0.26) Easy File Share (x32 Version: 1.3.6) EbOoKBrowsoe (x32 Version: ) Elements 11 Organizer (x32 Version: 11.0) E-POP (x32 Version: 1.0.1) Epson Benutzerhandbuch WF-3520 Series (x32) Epson Event Manager (x32 Version: 3.01.0005) Epson FAX Utility (x32 Version: 1.30.00) Epson Netzwerkhandbuch WF-3520 Series (x32) Epson PC-FAX Driver (x32) EPSON Scan (x32) EPSON WF-3520 Series Printer Uninstall EpsonNet Print (x32 Version: 2.6.0) ETDWare X64 11.7.5.5_WHQL (Version: 11.7.5.5) Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Help Desk (Version: 1.0.9) HomepageFIX 2013 (x32 Version: Aktuelle Version) iMesh (HKCU Version: 12.5.0.134165) Iminent (x32 Version: 6.44.21.0) Iminent Toolbar on IE and Chrome (x32 Version: 1.8.26.8) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2963) Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Maintenance Service (x32 Version: 24.1.0) Mozilla Thunderbird 24.1.0 (x86 de) (x32 Version: 24.1.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Music Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (x32 Version: 1.6.2.0) Norton Internet Security (x32 Version: 20.4.0.40) Norton Online Backup (x32 Version: 2.2.3.51) Norton Online Backup ARA (x32 Version: 4.1.0.14) Nvu 1.0 (x32 Version: 1.0) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) PDF24 Creator 5.6.0 (x32) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) Plants vs. Zombies (x32) Presto! PageManager 9.03 SE (x32 Version: 9.03.06) PSE11 STI Installer (x32 Version: 11.0) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.4.907.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6818) Recovery (x32 Version: 6.0.9.6) S Agent (Version: 1.1.45) Settings (x32 Version: 2.0.1) Speed Test Analysis (x32 Version: 1.0.0.5) Support Center (Version: 2.1.100) Support Center FAQ (x32 Version: 1.0.9) SW Update (x32 Version: 2.1.21) User Guide (x32 Version: 1.2.00) Winamp (x32 Version: 5.64 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) ==================== Restore Points ========================= 29-10-2013 06:01:11 Geplanter Prüfpunkt 06-11-2013 02:44:06 Geplanter Prüfpunkt 10-11-2013 12:47:10 Windows Update ==================== Hosts content: ========================== 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0168A4EE-AC81-4967-AAED-CD003A4C6947} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation) Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {62FB137C-D70D-49A6-92A8-B7B89BFE0326} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation) Task: {877A8539-1C1D-46E7-BDBD-81A53099C9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC) Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {F7AD3C9F-972C-4709-98DD-F4CF63BED337} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation) Task: {FE78C4F4-BA55-4FB6-BA74-F0ABA4D1ED45} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) ==================== Loaded Modules (whitelisted) ============= 2013-11-11 01:25 - 2013-10-10 12:55 - 00659008 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll 2013-01-03 01:50 - 2012-11-01 06:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-31 12:57 - 2012-10-31 12:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-10-31 12:52 - 2012-10-31 12:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-10-31 12:55 - 2012-10-31 12:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2013-09-30 10:32 - 2013-09-30 10:32 - 00333632 _____ () C:\Program Files (x86)\Speed Test Analysis\ButtonSite64.dll 2013-11-11 01:25 - 2013-10-10 12:55 - 00023616 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll 2013-11-11 01:25 - 2013-10-10 12:55 - 00020032 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll 2013-11-11 01:25 - 2013-10-10 12:55 - 00486464 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 08:26 - 2012-11-30 08:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 03216240 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 00444784 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avformat-51.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 00030576 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 00800624 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ResourcesLoc.dll 2013-11-11 01:26 - 2013-11-03 23:11 - 01553776 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\nickel.ocx 2013-11-11 01:26 - 2013-11-03 23:11 - 00153456 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ammp3.dll 2013-06-10 23:06 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2013-01-28 18:08 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2011-08-15 12:12 - 2011-08-15 12:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2012-06-14 03:57 - 2012-06-14 03:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 12:12 - 2011-08-15 12:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-15 12:15 - 2011-08-15 12:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 08:41 - 2011-08-17 08:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 08:48 - 2011-08-17 08:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-08-17 08:48 - 2011-08-17 08:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 11:23 - 2011-08-15 11:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2012-06-14 03:56 - 2012-06-14 03:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2012-06-14 04:06 - 2012-06-14 04:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2012-06-14 03:55 - 2012-06-14 03:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2011-07-19 08:05 - 2011-07-19 08:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll 2011-08-15 12:17 - 2011-08-15 12:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll 2011-07-19 08:04 - 2011-07-19 08:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll 2013-05-25 13:31 - 2013-05-25 14:16 - 00112128 _____ () C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll 2013-06-10 23:06 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/13/2013 09:24:19 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Komponente 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (11/13/2013 08:44:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ccSet.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519abdb0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x659ab88e ID des fehlerhaften Prozesses: 0x16a8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/13/2013 00:25:55 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x2c5c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/13/2013 00:25:43 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x1750 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/12/2013 11:40:47 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x16f4 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/12/2013 11:36:20 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b50 Startzeit: 01cedff78a190f0f Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: d7835319-4bea-11e3-be9d-50b7c3fc4b60 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/12/2013 11:35:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x1318 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (11/12/2013 11:21:28 PM) (Source: Application Hang) (User: ) Description: Programm WWAHost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fd4 Startzeit: 01cedff578eb9a10 Endzeit: 4294967295 Anwendungspfad: C:\Windows\System32\WWAHost.exe Berichts-ID: c04c97fb-4be8-11e3-be9d-50b7c3fc4b60 Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store Error: (11/12/2013 11:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Melo) Description: Die App „winstore_cw5n1h2txyewy!Windows.Store“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (11/11/2013 01:20:59 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000daa3c ID des fehlerhaften Prozesses: 0x2e20 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 System errors: ============= Error: (11/13/2013 08:45:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/13/2013 01:41:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 11:49:19 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 08:41:48 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 02:35:49 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/11/2013 01:26:08 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Datamngr Coordinator" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (11/11/2013 00:07:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (11/09/2013 06:40:35 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/09/2013 01:10:20 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Error: (11/09/2013 00:28:42 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 4 Microsoft Office Sessions: ========================= Error: (11/13/2013 09:24:19 PM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\SantaClara\Documents\Programme\computerbild_downloader_fuer_pdfcreator .exe Error: (11/13/2013 08:44:57 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ccSet.dll_unloaded0.0.0.0519abdb0c0000005659ab88e16a801cee03b88eb7b0bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll7d9e540f-4c37-11e3-be9e-50b7c3fc4b60 Error: (11/13/2013 00:25:55 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2c5c01cedffe84b4c98dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllc69e31f7-4bf1-11e3-be9d-50b7c3fc4b60 Error: (11/13/2013 00:25:43 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c175001cedff6d715dc09C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllbf770bb0-4bf1-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:40:47 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c16f401cedff78a144a4cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll7861103e-4beb-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:36:20 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16537b5001cedff78a190f0f4294967295C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd7835319-4bea-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:35:37 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c131801cedeae8e211f16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllc011c8a6-4bea-11e3-be9d-50b7c3fc4b60 Error: (11/12/2013 11:21:28 PM) (Source: Application Hang)(User: ) Description: WWAHost.exe6.2.9200.164201fd401cedff578eb9a104294967295C:\Windows\System32\WWAHost.exec04c97fb-4be8-11e3-be9d-50b7c3fc4b60winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store Error: (11/12/2013 11:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Melo) Description: winstore_cw5n1h2txyewy!Windows.Store Error: (11/11/2013 01:20:59 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2e2001cede73e4dec321C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll232d7113-4a67-11e3-be9c-50b7c3fc4b60 ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3795.53 MB Available physical RAM: 2286.03 MB Total Pagefile: 15571.54 MB Available Pagefile: 13782.73 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.17 GB) (Free:385.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B20F2230) Partition: GPT Partition Type ==================== End Of Log ============================ GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-13 21:50:49
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 TOSHIBA_MQ01ABD050 rev.AX002F 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SANTAC~1\AppData\Local\Temp\pxloypog.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\Explorer.EXE[2412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f836d5177a 4 bytes [D5, 36, F8, 07]
.text C:\windows\Explorer.EXE[2412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f836d51782 4 bytes [D5, 36, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [600:632] fffff960008ef5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
14.11.2013, 06:35
| #2 | |
| /// the machine /// TB-Ausbilder    | Iminent hat mein Internet verseucht hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
17.11.2013, 20:56
| #3 |
| | Iminent hat mein Internet verseucht @Schrauber: Vielen Dank für die rasche Reaktion.
__________________Jetzt stehen wir in der WG leider plötzlich ohne Internet da, da eine von uns vergaß, dass eine Kündigung in der Welt war. Wenn unser Internet wieder geht, melde ich mich wieder. Entschuldigung. |
|
18.11.2013, 12:22
| #4 |
| /// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2014, 23:12
| #5 |
| | Iminent hat mein Internet verseucht Hallo und guten Abend, @Schrauber: und einen ganz besonderen Gruß an Dich, lange, lange hat es gedauert, bis ich wieder am Netz bin. Mein Problem besteht noch immer. Vielleicht hat es sich sogar verschärft. Auch folgende Seiten poppen immer wieder auf: hxxp://dating.singlessalad.com/ hxxp://lovetest.singlessalad.com/ hxxp://speedtest.gateable.com hxxp://www.speedanalysis.net/ Hier nun wieder eine aktuelle FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by SantaClara (administrator) on MELO on 22-06-2014 23:29:55
Running from C:\Users\SantaClara\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(iMesh Inc) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(iMesh Inc) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-10-29] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-29] (Iminent)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-182115508-3913688524-3247281400-1001\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-182115508-3913688524-3247281400-1001\...\Run: [iMesh] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31012720 2013-11-04] (iMesh, Inc)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=a12720-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=a12720-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=a12720-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: coontiinueTosoave - {1DCE63B7-6C05-D920-EC87-68F8A715C19E} - C:\ProgramData\coontiinueTosoave\51a0b97656bd7.dll No File
BHO-x32: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO-x32: EbOoKBrowsoe - {C2AD2A3F-CECC-7692-CE9E-218B032C6887} - C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent)
Toolbar: HKLM-x32 - Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
FF HKLM-x32\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
FF Extension: Speed Test Analysis - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-06-22]
FF HKCU\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
FF Extension: Speed Test Analysis - C:\Users\SantaClara\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-11-11]
Chrome:
=======
CHR HomePage: hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C"
CHR Extension: (Iminent) - C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-11-11]
CHR Extension: (No Name) - C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb [2013-11-11]
CHR Extension: (Iminent Chrome Toolbar) - C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-22]
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx [2013-10-06]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3544088 2014-05-20] (iMesh Inc)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2886464 2013-10-29] (Iminent)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-12] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-21] (Symantec Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc1.cfg [36248 2014-05-20] (iMesh Inc)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140620.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140622.003\ENG64.SYS [126040 2014-06-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140622.003\EX64.SYS [2099288 2014-06-21] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 23:29 - 2014-06-22 23:29 - 02083328 _____ (Farbar) C:\Users\SantaClara\Downloads\FRST64.exe
2014-06-22 23:29 - 2014-06-22 23:29 - 00025146 _____ () C:\Users\SantaClara\Downloads\FRST.txt
2014-06-22 23:27 - 2014-06-22 23:28 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log
2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log
2014-06-22 23:25 - 2014-06-22 23:25 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe
2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT
2014-06-22 18:48 - 2014-06-22 18:48 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279
2014-06-22 11:55 - 2014-06-22 11:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-22 11:52 - 2014-06-22 11:52 - 00002573 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk
2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings
2014-06-22 08:46 - 2014-06-22 23:19 - 00000000 ____D () C:\ProgramData\Datamngr
2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec
==================== One Month Modified Files and Folders =======
2014-06-22 23:30 - 2014-06-22 23:29 - 00025146 _____ () C:\Users\SantaClara\Downloads\FRST.txt
2014-06-22 23:30 - 2013-11-11 02:49 - 00000000 ____D () C:\FRST
2014-06-22 23:29 - 2014-06-22 23:29 - 02083328 _____ (Farbar) C:\Users\SantaClara\Downloads\FRST64.exe
2014-06-22 23:28 - 2014-06-22 23:27 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log
2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log
2014-06-22 23:27 - 2013-11-13 22:22 - 00000000 _____ () C:\Users\SantaClara\defogger_reenable
2014-06-22 23:27 - 2013-04-27 19:48 - 00000000 ____D () C:\Users\SantaClara
2014-06-22 23:25 - 2014-06-22 23:25 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe
2014-06-22 23:19 - 2014-06-22 08:46 - 00000000 ____D () C:\ProgramData\Datamngr
2014-06-22 22:20 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT
2014-06-22 19:08 - 2013-01-28 18:15 - 01281417 _____ () C:\windows\WindowsUpdate.log
2014-06-22 18:48 - 2014-06-22 18:48 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-06-22 13:38 - 2013-07-14 19:50 - 00000000 ____D () C:\Users\SantaClara\Documents\aaTESTER
2014-06-22 13:21 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-22 13:12 - 2013-02-03 04:58 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-06-22 13:12 - 2013-02-03 04:58 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-06-22 13:12 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-22 13:08 - 2013-01-28 19:22 - 00000000 ____D () C:\ProgramData\WinClon
2014-06-22 13:04 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-22 13:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-06-22 13:01 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279
2014-06-22 11:55 - 2014-06-22 11:55 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-22 11:54 - 2013-01-28 19:20 - 00000000 ____D () C:\ProgramData\Norton
2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-22 11:52 - 2014-06-22 11:52 - 00002573 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 11:52 - 2013-01-28 19:21 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-06-22 11:52 - 2013-01-28 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk
2014-06-22 11:48 - 2013-11-13 08:55 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-22 11:31 - 2012-08-05 23:07 - 00215052 _____ () C:\windows\PFRO.log
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings
2014-06-22 11:10 - 2013-01-28 19:20 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-06-22 10:05 - 2013-08-27 07:13 - 00000000 ____D () C:\windows\system32\MRT
2014-06-22 10:05 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-06-22 09:39 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec
2014-06-21 16:13 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-03 11:46 - 2013-11-15 01:23 - 00002385 _____ () C:\windows\setupact.log
2014-06-03 11:46 - 2013-09-14 21:05 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Dropbox
2014-06-01 17:17 - 2013-06-04 06:58 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-22 09:53
==================== End Of Log ============================
--- --- --- Und die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by SantaClara at 2014-06-22 23:43:13
Running from C:\Users\SantaClara\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - )
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
EbOoKBrowsoe (HKLM-x32\...\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}) (Version: - EbookBrowse)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version: - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare X64 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
HomepageFIX 2013 (HKLM-x32\...\HomepageFIX 2013_is1) (Version: Aktuelle Version - IN MEDIA KG)
iMesh (HKCU\...\iMesh) (Version: 12.5.0.134165 - iMesh Inc) <==== ATTENTION
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 6.44.21.0 - Iminent) <==== ATTENTION
Iminent (x32 Version: 6.44.21.0 - Iminent) Hidden <==== ATTENTION
Iminent Toolbar on IE and Chrome (HKLM-x32\...\iminent) (Version: 1.8.26.8 - iminent) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.1.0 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Music Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Speed Test Analysis (HKLM-x32\...\Speed Test Analysis) (Version: 1.0.0.5 - SpeedAnalysis.com) <==== ATTENTION
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
==================== Restore Points =========================
27-04-2014 20:45:46 Geplanter Prüfpunkt
22-06-2014 07:53:39 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2013-11-14 08:17 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {462A9C50-E71D-498A-A654-45D48150D9F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {7378AA20-9E33-41DC-BB41-9EC044D5C630} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {877A8539-1C1D-46E7-BDBD-81A53099C9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9B8853FE-6E29-4028-AD4F-ACE0F19FEE8C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED90EF92-B208-45CE-BF48-9EC6D81E9DFE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
==================== Loaded Modules (whitelisted) =============
2014-06-22 08:46 - 2014-05-20 14:10 - 00664600 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-06-22 08:46 - 2014-05-20 14:10 - 00024088 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll
2013-09-30 11:32 - 2013-09-30 11:32 - 00333632 _____ () C:\Program Files (x86)\Speed Test Analysis\ButtonSite64.dll
2013-09-30 11:32 - 2013-09-30 11:32 - 00475456 _____ () C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe
2014-06-22 08:46 - 2014-05-20 14:10 - 00020504 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll
2014-06-22 08:46 - 2014-05-20 14:10 - 00490008 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
2013-01-28 19:08 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-05-25 14:31 - 2013-05-25 15:16 - 00112128 _____ () C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll
2012-04-04 07:53 - 2012-04-04 07:53 - 00312832 _____ () C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2013-10-14 01:11 - 2013-11-02 18:44 - 03008624 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-10-14 01:11 - 2013-11-02 18:44 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-14 01:11 - 2013-11-02 18:44 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Bitcasa"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "PMSpeed"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Scan Buttons"
HKCU\...\StartupApproved\Run: => "iMesh"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/22/2014 11:34:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500, Zeitstempel: 0x5028bfc0
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16622, Zeitstempel: 0x519e974e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f035
ID des fehlerhaften Prozesses: 0x12b0
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5
Error: (06/22/2014 11:21:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/22/2014 11:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/22/2014 09:00:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/22/2014 08:45:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/22/2014 07:30:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/22/2014 02:25:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x2e5c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (06/22/2014 02:24:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x1834
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (06/22/2014 00:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm symerr.exe, Version 5.2.0.14 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 890
Startzeit: 01cf8e0157d6d913
Endzeit: 31
Anwendungspfad: C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\symerr.exe
Berichts-ID: 8672e8ba-f9f6-11e3-bea5-50b7c3fc4b60
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/22/2014 11:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1500
Startzeit: 01cf8dfe749b4176
Endzeit: 78
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID: 8f06273e-f9f3-11e3-bea5-50b7c3fc4b60
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (06/22/2014 11:27:20 PM) (Source: DCOM) (EventID: 10010) (User: Melo)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (06/22/2014 11:21:46 PM) (Source: DCOM) (EventID: 10010) (User: Melo)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (06/22/2014 11:06:46 PM) (Source: DCOM) (EventID: 10010) (User: Melo)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (06/22/2014 09:13:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (06/22/2014 09:00:20 PM) (Source: DCOM) (EventID: 10010) (User: Melo)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (06/22/2014 08:45:20 PM) (Source: DCOM) (EventID: 10010) (User: Melo)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (06/22/2014 07:30:18 PM) (Source: DCOM) (EventID: 10010) (User: Melo)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
Error: (06/22/2014 07:27:36 PM) (Source: DCOM) (EventID: 10016) (User: Melo)
Description: ComputerstandardLokalAktivierung{682159D9-C321-47CA-B3F1-30E36B2EC8B9}{CDCBCFCA-3CDC-436F-A4E2-0E02075250C2}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/22/2014 07:27:36 PM) (Source: DCOM) (EventID: 10016) (User: Melo)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/22/2014 07:27:20 PM) (Source: DCOM) (EventID: 10016) (User: Melo)
Description: ComputerstandardLokalAktivierung{682159D9-C321-47CA-B3F1-30E36B2EC8B9}{CDCBCFCA-3CDC-436F-A4E2-0E02075250C2}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (06/22/2014 11:34:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin3.4.9593.5005028bfc0RPCRT4.dll6.2.9200.16622519e974ec00000050001f03512b001cf8e419f216884C:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\windows\SYSTEM32\RPCRT4.dllf9e10659-fa54-11e3-bea7-50b7c3fc4b60
Error: (06/22/2014 11:21:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (06/22/2014 11:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (06/22/2014 09:00:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (06/22/2014 08:45:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (06/22/2014 07:30:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Melo)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (06/22/2014 02:25:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2e5c01cf8e14e8900eadC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll3b5c0c6d-fa08-11e3-bea7-50b7c3fc4b60
Error: (06/22/2014 02:24:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c183401cf8e0b96100babC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll1c321476-fa08-11e3-bea7-50b7c3fc4b60
Error: (06/22/2014 00:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: symerr.exe5.2.0.1489001cf8e0157d6d91331C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\symerr.exe8672e8ba-f9f6-11e3-bea5-50b7c3fc4b60
Error: (06/22/2014 11:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16537150001cf8dfe749b417678C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE8f06273e-f9f3-11e3-bea5-50b7c3fc4b60
CodeIntegrity Errors:
===================================
Date: 2013-11-14 07:15:59.716
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 3795.53 MB
Available physical RAM: 1199.78 MB
Total Pagefile: 15571.54 MB
Available Pagefile: 12179.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:443.17 GB) (Free:384.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B20F2230)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-23 00:08:45
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 TOSHIBA_MQ01ABD050 rev.AX002F 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\SANTAC~1\AppData\Local\Temp\pxloypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000179a00 7 bytes [40, CA, 81, 01, 00, 4C, F2]
.text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000179a08 7 bytes [01, EA, BF, FF, 00, C7, DA]
---- User code sections - GMER 2.1 ----
.text C:\windows\Explorer.EXE[10476] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc717d1532 4 bytes [7D, 71, FC, 07]
.text C:\windows\Explorer.EXE[10476] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc717d153a 4 bytes [7D, 71, FC, 07]
.text C:\windows\Explorer.EXE[10476] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc717d165a 4 bytes [7D, 71, FC, 07]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [1620:7136] fffff960008fd5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
23.06.2014, 18:43
| #6 |
| /// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ --> Iminent hat mein Internet verseucht |
|
25.06.2014, 01:33
| #7 |
| | Iminent hat mein Internet verseucht @Schrauber: Vielen Dank vorab fuer Deine schnelle Hilfe. Hier nun die ComboFix.txt: Code:
ATTFilter ComboFix 14-06-24.01 - SantaClara 25.06.2014 2:10.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3796.2393 [GMT 2:00]
ausgeführt von:: c:\users\SantaClara\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\programdata\Wincert\WIN32C~1.DLL
.
---- Vorheriger Suchlauf -------
.
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\1369487762.png
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\51a0b992c812a6.11322428.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\background.html
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\content.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\lsdb.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\manifest.json
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\popup.html
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\sqlite.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\51a0b976569c82.00861701.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\background.html
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\content.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\lsdb.js
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\manifest.json
c:\users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\sqlite.js
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-25 bis 2014-06-25 ))))))))))))))))))))))))))))))
.
.
2014-06-25 00:21 . 2014-06-25 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-24 22:43 . 2014-06-24 22:43 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-06-22 22:26 . 2014-06-23 05:23 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-22 22:25 . 2014-06-22 22:25 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-22 22:25 . 2014-06-22 22:25 -------- d-----w- c:\programdata\Malwarebytes
2014-06-22 22:25 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-22 22:25 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-22 22:25 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-22 10:20 . 2014-06-22 10:20 -------- d-----w- c:\programdata\22279
2014-06-22 09:59 . 2014-06-22 09:59 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-06-22 09:52 . 2014-06-22 09:52 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-06-22 09:52 . 2014-06-22 09:52 -------- d-----w- c:\program files (x86)\Norton Internet Security
2014-06-22 09:34 . 2014-06-22 09:34 -------- d-----w- c:\programdata\Symantec
2014-06-22 09:19 . 2014-06-22 09:19 -------- d-----w- c:\programdata\PCSettings
2014-06-22 09:10 . 2014-06-22 13:31 -------- d-----w- c:\windows\system32\drivers\NISx64\1503000.00C
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-22 06:24 . 2013-04-27 19:47 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-01 15:17 . 2013-06-04 04:58 95414520 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}]
2013-05-25 13:16 112128 ------w- c:\programdata\EbOoKBrowsoe\51a0b992c832f.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}"
[HKEY_CLASSES_ROOT\CLSID\{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}]
2012-08-06 03:41 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 03:41 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-08-15 2994880]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-06-10 162856]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]
@="Driver"
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SymELAM.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SBIOSIO;SBIOSIO;c:\windows\Temp\SBIOSIO64.SYS;c:\windows\Temp\SBIOSIO64.SYS [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140623.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140623.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}"
[HKEY_CLASSES_ROOT\CLSID\{8E9BA62A-78E0-4671-9FB2-D94091BA7C47}]
2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2012-12-27 07:58 570880 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2012-12-27 07:58 570880 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\SantaClara\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-12 13263072]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-10-31 766080]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-10-31 127616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2012-12-27 4365824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-17 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-17 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-17 442352]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{0307351f-b2d7-41f2-b44a-8af7d9d90a18} - (no file)
BHO-{1DCE63B7-6C05-D920-EC87-68F8A715C19E} - c:\programdata\coontiinueTosoave\51a0b97656bd7.dll
BHO-{310D38FE-EB4C-467C-8781-B7C2AEB7847D} - (no file)
Toolbar-Locked - (no file)
Toolbar-{0307351f-b2d7-41f2-b44a-8af7d9d90a18} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{246EA909-3E52-03A2-F330-75C407BA3AD4} - c:\progra~3\INSTAL~2\{6585A~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-06-25 02:26:58
ComboFix-quarantined-files.txt 2014-06-25 00:26
.
Vor Suchlauf: 11 Verzeichnis(se), 413.740.609.536 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 413.363.363.840 Bytes frei
.
- - End Of File - - 2A75DE4C5F97F7F7F5693005FCF23817
|
|
25.06.2014, 18:22
| #8 |
| /// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 21:26
| #9 |
| | Iminent hat mein Internet verseucht @Schrauber, ich kann die Malwarebytes Anti-Malware nicht installieren. Es gibt vier bis sechs "runtime error"-Meldungen. Und beim Starten nach der Installation sagt "der Computer", dass das Programm nicht ausgefuehrt werden kann. Was kann ich machen? Vielen Dank & viele Gruesse |
|
28.06.2014, 18:26
| #10 |
| /// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht lass MBAM weg.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2014, 16:08
| #11 |
| | Iminent hat mein Internet verseucht @Schrauber, tut mir leid, dass ich mich länger nicht mit dem PC beschäftigen konnte. Ich war auf auswärtigen Terminen ohne diesen PC und dann hat mich die Familie immer noch in Beschlag genommen.... Ich hoffe, Du betreust mich weiterhin... Vielen Dank schon einmal dafuer. AdwCleaner.txt Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 13/07/2014 um 13:35:35
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : SantaClara - MELO
# Gestartet von : C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Ordner Gefunden : C:\Program Files (x86)\IminentToolbar
Ordner Gefunden : C:\ProgramData\BitGuard
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\ProgramData\EbOoKBrowsoe
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbOoKBrowsoe
Ordner Gefunden : C:\ProgramData\StarApp
Ordner Gefunden : C:\ProgramData\wincert
Ordner Gefunden : C:\Users\SantaClara\AppData\LocalLow\DataMngr
Ordner Gefunden : C:\Users\SantaClara\AppData\LocalLow\EbOoKBrowsoe
Ordner Gefunden : C:\Users\SantaClara\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\APN DTX
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gefunden : HKCU\Software\SIEN SA
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\APN DTX
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D38FE-EB4C-467C-8781-B7C2AEB7847D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v
[ Datei : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Extension] : pkhojieggfgllhllcegoffdcnmdeojgb
*************************
AdwCleaner[R0].txt - [9760 octets] - [13/07/2014 13:35:35]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9820 octets] ##########
Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 13/07/2014 um 13:45:37
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : SantaClara - MELO
# Gestartet von : C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\ProgramData\EbOoKBrowsoe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbOoKBrowsoe
Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
Ordner Gelöscht : C:\Users\SantaClara\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\SantaClara\AppData\LocalLow\EbOoKBrowsoe
Ordner Gelöscht : C:\Users\SantaClara\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis
Datei Gelöscht : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedtestanalysis@SpeedAnalysis.com]
Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310D38FE-EB4C-467C-8781-B7C2AEB7847D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DCE63B7-6C05-D920-EC87-68F8A715C19E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2AD2A3F-CECC-7692-CE9E-218B032C6887}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v
[ Datei : C:\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : pkhojieggfgllhllcegoffdcnmdeojgb
*************************
AdwCleaner[R0].txt - [10104 octets] - [13/07/2014 13:35:35]
AdwCleaner[S0].txt - [9493 octets] - [13/07/2014 13:45:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9553 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by SantaClara on 13.07.2014 at 15:02:58,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2014 at 15:13:35,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
13.07.2014, 16:16
| #12 |
| | Iminent hat mein Internet verseucht So, nun doch herausgefunden, wie das funktioniert. Hier kommen die FRST.txt und die Additional.txt |
|
14.07.2014, 14:30
| #13 |
| /// the machine /// TB-Ausbilder | Iminent hat mein Internet verseucht Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2014, 01:03
| #14 |
| | Iminent hat mein Internet verseucht @Schrauber: Vielen Dank fuer Deine weiteren Schritte. Leider kann ich seit zwei Tagen nicht den ESET Online Scanner downloaden. Es heisst: "Die Seite kann nicht angezeigt werden." - und das völlig unmotiviert. Denn bei anderen Internetseiten gibt es kein Problem. Das passiert in letzter Zeit auch häufiger, dass populäre Internetseiten (z. B. BBC - Homepage) nicht angezeigt werden können, obwohl doch alles ok ist und eben andere Internetseiten völlig problemlos geöffnet werden können. Ist das auch ein Virus oder ähnliches? Sobald mir der Download von ESET gelungen ist, melde ich mich wieder. Beste Gruesse Wenn man vom Teufel spricht..... Hat nun doch noch endlich geklappt mit ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d1d0475d1c2b554c8afe779fccb1d753
# engine=19208
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-16 11:31:50
# local_time=2014-07-17 01:31:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 8155 168150095 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1815312 30434803 0 0
# scanned=212967
# found=9
# cleaned=0
# scan_time=7168
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="Variante von Win32/Adware.MultiPlug.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Wincert\WIN32C~1.DLL.vir"
sh=3B39F64FBC1F16DF8ED2F3D7BC47A2AB228257B8 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1\51a0b992c812a6.11322428.js.vir"
sh=FF32D82508C6BFDF2DB4BD1EBB2719C39BAB0992 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\SantaClara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1\51a0b976569c82.00861701.js.vir"
sh=061835A0FF0C2CCE68BAE010A645292D7C13FB2B ft=1 fh=aab26c3e0cc2e8a4 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SantaClara\Desktop\winamp564_full_emusic-7plus_de-de.exe"
sh=EE072FA3FD3DFFA5C766D8D8F7ADAF25588914AA ft=1 fh=90acba26c47f2848 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SantaClara\Documents\Programme\computerbild_downloader_fuer_pdfcreator.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version out of Date!
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuClient.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by SantaClara (administrator) on MELO on 17-07-2014 01:47:42
Running from C:\Users\SantaClara\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-182115508-3913688524-3247281400-1001\...\Run: [Scan Buttons] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {8E9BA62A-78E0-4671-9FB2-D94091BA7C47} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: No Name - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-07-16]
Chrome:
=======
CHR HomePage:
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-15]
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-12] (Emsisoft GmbH)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-12] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140715.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-23] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140716.016\ENG64.SYS [126040 2014-06-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140716.016\EX64.SYS [2099288 2014-06-21] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-26] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-16 23:21 - 2014-07-16 23:21 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-07-16 23:20 - 2014-07-16 23:21 - 02347384 _____ (ESET) C:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
2014-07-16 23:03 - 2014-07-16 23:03 - 00854390 _____ () C:\Users\SantaClara\Desktop\SecurityCheck.exe
2014-07-13 16:57 - 2014-07-13 17:00 - 00000000 ____D () C:\aaaTester
2014-07-13 16:50 - 2014-07-13 16:50 - 01110476 _____ () C:\Users\SantaClara\Desktop\7z920.exe
2014-07-13 16:04 - 2014-07-13 16:04 - 00000000 ____D () C:\Users\SantaClara\Desktop\FRST-OlderVersion
2014-07-13 15:13 - 2014-07-13 15:13 - 00000685 _____ () C:\Users\SantaClara\Desktop\JRT.txt
2014-07-13 15:02 - 2014-07-13 15:02 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-13 15:00 - 2014-07-13 15:00 - 01016261 _____ (Thisisu) C:\Users\SantaClara\Desktop\JRT.exe
2014-07-13 13:35 - 2014-07-13 13:45 - 00000000 ____D () C:\AdwCleaner
2014-07-13 13:33 - 2014-07-13 13:33 - 01348263 _____ () C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe
2014-07-13 12:12 - 2014-07-13 12:12 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-13 10:43 - 2014-07-13 10:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-13 09:43 - 2014-07-13 09:43 - 00380416 _____ () C:\Users\SantaClara\Desktop\Gmer-19357.exe
2014-07-13 09:36 - 2014-07-13 16:04 - 02086912 _____ (Farbar) C:\Users\SantaClara\Desktop\FRST64.exe
2014-07-13 09:33 - 2014-07-13 09:33 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe
2014-07-13 09:27 - 2014-07-13 09:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\SantaClara\Desktop\revosetup95.exe
2014-07-13 08:54 - 2014-07-13 08:54 - 05218570 _____ (Swearware) C:\Users\SantaClara\Desktop\ComboFix.exe
2014-07-12 18:26 - 2014-07-13 08:27 - 00000000 ___RD () C:\Users\SantaClara\Podcasts
2014-07-12 18:23 - 2014-07-12 18:26 - 00000000 ____D () C:\Program Files\Zune
2014-07-12 18:23 - 2014-07-12 18:23 - 00000939 _____ () C:\Users\Public\Desktop\Zune.lnk
2014-07-12 18:23 - 2014-07-12 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2014-07-12 17:42 - 2014-07-16 23:18 - 00000000 __RDO () C:\Users\SantaClara\OneDrive
2014-07-10 00:33 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 21:27 - 2014-07-09 21:27 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-07-09 21:12 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 21:12 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 21:12 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 21:12 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 21:12 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 21:12 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 21:12 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 21:12 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 21:12 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 21:12 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 21:11 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 21:11 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 21:11 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 21:11 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 21:11 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 21:11 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 21:11 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 21:11 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 21:11 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 21:11 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 21:11 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 21:11 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 21:11 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 21:11 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 21:11 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 21:11 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 21:11 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 21:11 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 21:11 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 21:11 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 21:11 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 21:11 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 21:11 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 21:11 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 21:11 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 21:11 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 21:11 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 21:10 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 21:10 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 21:10 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 21:10 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 21:10 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 21:10 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 21:10 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 21:10 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 21:10 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 21:10 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 21:10 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 21:10 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 21:10 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 21:10 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 21:10 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 21:10 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 21:10 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-27 23:40 - 2014-06-27 23:40 - 01110476 _____ () C:\Users\SantaClara\Desktop\Zip 7z920.exe
2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-27 22:22 - 2014-06-27 22:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Downloads\mbam-setup-2.0.1.1004.exe
2014-06-27 22:06 - 2013-08-22 08:57 - 00002143 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
2014-06-27 22:02 - 2014-06-27 22:05 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-06-27 21:55 - 2014-07-13 12:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-27 20:26 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-27 20:26 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-27 20:26 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieUserList
2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieSiteList
2014-06-26 07:38 - 2014-06-26 07:38 - 00001450 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-26 07:37 - 2014-06-26 07:37 - 00000020 ___SH () C:\Users\SantaClara\ntuser.ini
2014-06-26 01:25 - 2014-06-26 07:38 - 00000000 ___DC () C:\WINDOWS\Panther
2014-06-26 01:25 - 2014-06-26 01:25 - 00000000 __SHD () C:\Recovery
2014-06-26 01:24 - 2014-06-26 01:24 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-26 01:24 - 2014-06-26 01:24 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-26 01:23 - 2014-06-26 01:23 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-26 01:22 - 2014-06-26 01:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-26 01:22 - 2014-06-26 01:22 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-26 01:22 - 2014-06-26 01:22 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-06-26 01:21 - 2014-06-26 01:21 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-26 01:21 - 2014-06-26 01:21 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-26 01:17 - 2014-06-26 01:17 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-06-26 01:17 - 2014-06-26 01:17 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-06-26 01:17 - 2014-06-26 01:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-26 01:16 - 2014-06-26 01:16 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-06-26 01:16 - 2014-06-26 01:16 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-06-26 01:16 - 2014-06-26 01:16 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-26 01:15 - 2014-06-26 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-26 01:13 - 2014-06-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-26 01:11 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-06-26 01:11 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-26 01:11 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-06-26 01:11 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-06-26 01:11 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-26 01:11 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-06-26 01:02 - 2014-07-16 23:31 - 01788851 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-26 01:01 - 2014-06-26 01:01 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-06-26 00:44 - 2014-06-26 00:44 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-26 00:39 - 2014-06-26 00:39 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-06-26 00:37 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\SantaClara
2014-06-26 00:37 - 2014-06-26 01:02 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
2014-06-26 00:37 - 2014-06-26 01:02 - 00022863 _____ () C:\WINDOWS\diagerr.xml
2014-06-26 00:37 - 2014-06-26 00:38 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-26 00:37 - 2014-06-26 00:38 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Vorlagen
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Startmenü
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Netzwerkumgebung
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Lokale Einstellungen
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Eigene Dateien
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Druckumgebung
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Musik
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Bilder
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Verlauf
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Anwendungsdaten
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Anwendungsdaten
2014-06-26 00:37 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-06-26 00:37 - 2014-03-18 12:11 - 00000369 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-06-26 00:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-26 00:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-26 00:28 - 2014-06-26 00:42 - 00000000 ____D () C:\Program Files\Elantech
2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\Program Files\Realtek
2014-06-25 23:26 - 2014-06-26 01:02 - 00006549 _____ () C:\WINDOWS\comsetup.log
2014-06-25 21:16 - 2014-06-25 21:16 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-25 02:26 - 2014-06-25 02:26 - 00022290 _____ () C:\Users\SantaClara\Desktop\ComboFix.txt
2014-06-25 01:09 - 2014-07-13 16:08 - 00025775 _____ () C:\Users\SantaClara\Desktop\Addition.txt
2014-06-25 00:54 - 2014-07-17 01:47 - 00018969 _____ () C:\Users\SantaClara\Desktop\FRST.txt
2014-06-25 00:43 - 2014-06-25 00:43 - 00001264 _____ () C:\Users\SantaClara\Desktop\Revo Uninstaller.lnk
2014-06-25 00:43 - 2014-06-25 00:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 00:26 - 2014-06-23 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 00:25 - 2014-07-13 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-23 00:25 - 2014-06-23 00:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 00:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 00:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-23 00:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-23 00:22 - 2014-06-23 00:22 - 00000000 ____D () C:\Users\SantaClara\Desktop\anti-malware
2014-06-23 00:08 - 2014-07-13 09:49 - 00003077 _____ () C:\Users\SantaClara\Desktop\GMER.txt
2014-06-22 23:27 - 2014-07-13 09:34 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log
2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log
2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279
2014-06-22 11:52 - 2014-07-16 23:15 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-22 11:52 - 2014-07-16 23:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk
2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings
2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec
==================== One Month Modified Files and Folders =======
2014-07-17 01:48 - 2014-06-25 00:54 - 00018969 _____ () C:\Users\SantaClara\Desktop\FRST.txt
2014-07-17 01:47 - 2013-11-11 02:49 - 00000000 ____D () C:\FRST
2014-07-17 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-16 23:31 - 2014-06-26 01:02 - 01788851 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-16 23:31 - 2013-04-27 19:58 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-182115508-3913688524-3247281400-1001
2014-07-16 23:21 - 2014-07-16 23:21 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-07-16 23:21 - 2014-07-16 23:20 - 02347384 _____ (ESET) C:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
2014-07-16 23:19 - 2013-01-28 19:22 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-16 23:18 - 2014-07-12 17:42 - 00000000 __RDO () C:\Users\SantaClara\OneDrive
2014-07-16 23:15 - 2014-06-22 11:52 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-16 23:15 - 2014-06-22 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-16 23:15 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-16 23:15 - 2013-01-28 19:21 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-07-16 23:15 - 2013-01-28 19:20 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-07-16 23:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-07-16 23:13 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-16 23:03 - 2014-07-16 23:03 - 00854390 _____ () C:\Users\SantaClara\Desktop\SecurityCheck.exe
2014-07-16 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-13 17:00 - 2014-07-13 16:57 - 00000000 ____D () C:\aaaTester
2014-07-13 16:50 - 2014-07-13 16:50 - 01110476 _____ () C:\Users\SantaClara\Desktop\7z920.exe
2014-07-13 16:08 - 2014-06-25 01:09 - 00025775 _____ () C:\Users\SantaClara\Desktop\Addition.txt
2014-07-13 16:04 - 2014-07-13 16:04 - 00000000 ____D () C:\Users\SantaClara\Desktop\FRST-OlderVersion
2014-07-13 16:04 - 2014-07-13 09:36 - 02086912 _____ (Farbar) C:\Users\SantaClara\Desktop\FRST64.exe
2014-07-13 15:13 - 2014-07-13 15:13 - 00000685 _____ () C:\Users\SantaClara\Desktop\JRT.txt
2014-07-13 15:02 - 2014-07-13 15:02 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-13 15:00 - 2014-07-13 15:00 - 01016261 _____ (Thisisu) C:\Users\SantaClara\Desktop\JRT.exe
2014-07-13 13:47 - 2014-03-18 03:50 - 00001110 _____ () C:\WINDOWS\PFRO.log
2014-07-13 13:45 - 2014-07-13 13:35 - 00000000 ____D () C:\AdwCleaner
2014-07-13 13:33 - 2014-07-13 13:33 - 01348263 _____ () C:\Users\SantaClara\Desktop\adwcleaner_3.215.exe
2014-07-13 12:13 - 2013-06-16 17:33 - 00000000 ____D () C:\Users\SantaClara\AppData\Local\CrashDumps
2014-07-13 12:12 - 2014-07-13 12:12 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-13 12:12 - 2014-06-27 21:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-13 12:12 - 2014-06-23 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-13 10:43 - 2014-07-13 10:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-13 09:49 - 2014-06-23 00:08 - 00003077 _____ () C:\Users\SantaClara\Desktop\GMER.txt
2014-07-13 09:43 - 2014-07-13 09:43 - 00380416 _____ () C:\Users\SantaClara\Desktop\Gmer-19357.exe
2014-07-13 09:34 - 2014-06-22 23:27 - 00000482 _____ () C:\Users\SantaClara\Desktop\defogger_disable.log
2014-07-13 09:33 - 2014-07-13 09:33 - 00050477 _____ () C:\Users\SantaClara\Desktop\Defogger.exe
2014-07-13 09:27 - 2014-07-13 09:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\SantaClara\Desktop\revosetup95.exe
2014-07-13 08:54 - 2014-07-13 08:54 - 05218570 _____ (Swearware) C:\Users\SantaClara\Desktop\ComboFix.exe
2014-07-13 08:27 - 2014-07-12 18:26 - 00000000 ___RD () C:\Users\SantaClara\Podcasts
2014-07-12 18:26 - 2014-07-12 18:23 - 00000000 ____D () C:\Program Files\Zune
2014-07-12 18:26 - 2014-06-26 00:37 - 00000000 ____D () C:\Users\SantaClara
2014-07-12 18:23 - 2014-07-12 18:23 - 00000939 _____ () C:\Users\Public\Desktop\Zune.lnk
2014-07-12 18:23 - 2014-07-12 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2014-07-12 18:04 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-12 18:04 - 2014-03-18 11:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-12 18:04 - 2014-03-18 11:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-12 16:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 08:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 08:20 - 2013-10-14 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-10 08:20 - 2013-08-22 16:44 - 03365360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 00:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 00:41 - 2013-01-28 19:11 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-07-10 00:36 - 2013-08-27 07:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 00:34 - 2013-06-04 06:58 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 00:33 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 21:27 - 2014-07-09 21:27 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-07-09 21:27 - 2013-08-22 16:46 - 00288886 _____ () C:\WINDOWS\setupact.log
2014-07-09 21:27 - 2013-08-22 16:46 - 00000262 _____ () C:\WINDOWS\setuperr.log
2014-07-09 21:27 - 2013-07-09 07:29 - 00000000 ____D () C:\Users\SantaClara\Documents\Bluetooth Folder
2014-07-09 21:25 - 2014-03-18 11:40 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 02:56 - 2013-05-14 19:27 - 00000000 ____D () C:\Users\SantaClara\Documents\V-Photomuseum
2014-07-08 00:31 - 2013-05-17 20:01 - 00000000 ____D () C:\Users\SantaClara\Documents\yo
2014-07-04 06:59 - 2013-10-14 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-27 23:40 - 2014-06-27 23:40 - 01110476 _____ () C:\Users\SantaClara\Desktop\Zip 7z920.exe
2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-27 23:40 - 2014-06-27 23:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-27 22:22 - 2014-06-27 22:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SantaClara\Downloads\mbam-setup-2.0.1.1004.exe
2014-06-27 22:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-27 22:06 - 2013-06-06 20:17 - 00003552 _____ () C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2014-06-27 22:05 - 2014-06-27 22:02 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-06-27 22:05 - 2013-04-27 19:49 - 00000000 ____D () C:\Users\SantaClara\AppData\Local\Packages
|
|
17.07.2014, 01:04
| #15 |
| | Iminent hat mein Internet verseucht FRST.txt - Teil 2 Code:
ATTFilter 2014-06-27 20:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieUserList
2014-06-26 07:42 - 2014-06-26 07:42 - 00000000 __SHD () C:\Users\SantaClara\AppData\Local\EmieSiteList
2014-06-26 07:38 - 2014-06-26 07:38 - 00001450 _____ () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-26 07:38 - 2014-06-26 01:25 - 00000000 ___DC () C:\WINDOWS\Panther
2014-06-26 07:37 - 2014-06-26 07:37 - 00000020 ___SH () C:\Users\SantaClara\ntuser.ini
2014-06-26 01:25 - 2014-06-26 01:25 - 00000000 __SHD () C:\Recovery
2014-06-26 01:24 - 2014-06-26 01:24 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-26 01:24 - 2014-06-26 01:24 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-26 01:24 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-06-26 01:23 - 2014-06-26 01:23 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-26 01:23 - 2014-06-26 01:23 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-06-26 01:23 - 2014-06-26 01:23 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-26 01:23 - 2014-06-26 01:23 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-26 01:22 - 2014-06-26 01:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-26 01:22 - 2014-06-26 01:22 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-26 01:22 - 2014-06-26 01:22 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-26 01:22 - 2014-06-26 01:22 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-06-26 01:21 - 2014-06-26 01:21 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-26 01:21 - 2014-06-26 01:21 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-06-26 01:21 - 2014-06-26 01:21 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-06-26 01:21 - 2014-06-26 01:21 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-06-26 01:21 - 2014-06-26 01:21 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-06-26 01:21 - 2014-06-26 01:21 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-06-26 01:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-06-26 01:19 - 2014-06-26 01:19 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-06-26 01:19 - 2014-06-26 01:19 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-26 01:18 - 2014-06-26 01:18 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-26 01:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-06-26 01:17 - 2014-06-26 01:17 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-26 01:17 - 2014-06-26 01:17 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-06-26 01:17 - 2014-06-26 01:17 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-06-26 01:17 - 2014-06-26 01:17 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-06-26 01:17 - 2014-06-26 01:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-26 01:16 - 2014-06-26 01:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-26 01:16 - 2014-06-26 01:16 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-06-26 01:16 - 2014-06-26 01:16 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-06-26 01:16 - 2014-06-26 01:16 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-26 01:16 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-26 01:15 - 2014-06-26 01:15 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-26 01:15 - 2014-06-26 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-26 01:15 - 2014-06-26 01:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-26 01:15 - 2014-06-26 01:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-26 01:15 - 2014-06-26 01:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-26 01:15 - 2014-06-26 01:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-26 01:13 - 2014-06-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-26 01:11 - 2014-06-26 01:11 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-26 01:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-26 01:03 - 2014-06-26 01:03 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-06-26 01:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-26 01:03 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2014-06-26 01:02 - 2014-06-26 00:37 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
2014-06-26 01:02 - 2014-06-26 00:37 - 00022863 _____ () C:\WINDOWS\diagerr.xml
2014-06-26 01:02 - 2014-06-25 23:26 - 00006549 _____ () C:\WINDOWS\comsetup.log
2014-06-26 01:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-26 01:01 - 2014-06-26 01:01 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-06-26 00:54 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-06-26 00:53 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-26 00:47 - 2013-11-11 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-26 00:47 - 2013-11-11 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomepageFIX2013
2014-06-26 00:47 - 2013-11-08 09:16 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
2014-06-26 00:47 - 2013-09-14 21:08 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-26 00:47 - 2013-08-27 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-06-26 00:47 - 2013-08-27 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 9.03 Standard
2014-06-26 00:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-06-26 00:47 - 2013-07-07 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-06-26 00:47 - 2013-07-06 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-06-26 00:47 - 2013-07-06 10:10 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2014-06-26 00:47 - 2013-05-25 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontiinueTosoave
2014-06-26 00:47 - 2013-05-22 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
2014-06-26 00:47 - 2013-05-01 16:02 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
2014-06-26 00:47 - 2013-02-03 05:13 - 00000000 ____D () C:\WINDOWS\en-GB
2014-06-26 00:47 - 2013-01-28 19:42 - 00000000 ____D () C:\WINDOWS\it
2014-06-26 00:47 - 2013-01-28 19:42 - 00000000 ____D () C:\WINDOWS\de
2014-06-26 00:47 - 2013-01-28 19:41 - 00000000 ____D () C:\WINDOWS\fr
2014-06-26 00:47 - 2013-01-28 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2014-06-26 00:47 - 2013-01-28 19:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2014-06-26 00:47 - 2013-01-28 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2014-06-26 00:47 - 2013-01-28 19:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2014-06-26 00:47 - 2013-01-28 19:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-06-26 00:47 - 2013-01-28 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-26 00:44 - 2014-06-26 00:44 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-26 00:44 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-06-26 00:44 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-06-26 00:44 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-06-26 00:44 - 2013-08-27 23:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\color
2014-06-26 00:44 - 2013-08-22 17:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-06-26 00:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-06-26 00:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-06-26 00:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-06-26 00:44 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2014-06-26 00:42 - 2014-06-26 00:28 - 00000000 ____D () C:\Program Files\Elantech
2014-06-26 00:42 - 2013-08-27 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-06-26 00:42 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-26 00:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-26 00:42 - 2013-01-28 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa
2014-06-26 00:42 - 2012-08-05 23:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-06-26 00:39 - 2014-06-26 00:39 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-06-26 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-06-26 00:38 - 2014-06-26 00:37 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-26 00:38 - 2014-06-26 00:37 - 00000000 ___RD () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Vorlagen
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Startmenü
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Netzwerkumgebung
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Lokale Einstellungen
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Eigene Dateien
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Druckumgebung
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Musik
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Documents\Eigene Bilder
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Verlauf
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\AppData\Local\Anwendungsdaten
2014-06-26 00:37 - 2014-06-26 00:37 - 00000000 _SHDL () C:\Users\SantaClara\Anwendungsdaten
2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-06-26 00:28 - 2014-06-26 00:28 - 00000000 ____D () C:\Program Files\Realtek
2014-06-25 23:57 - 2013-01-28 18:15 - 02014946 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-06-25 23:01 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-25 21:16 - 2014-06-25 21:16 - 00000000 ____D () C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-25 08:35 - 2013-07-07 16:21 - 00000000 ____D () C:\Users\SantaClara\Documents\Musik
2014-06-25 02:27 - 2013-11-14 08:01 - 00000000 ____D () C:\Qoobox
2014-06-25 02:27 - 2013-01-28 19:34 - 00000000 ____D () C:\Users\EasySurvey
2014-06-25 02:26 - 2014-06-25 02:26 - 00022290 _____ () C:\Users\SantaClara\Desktop\ComboFix.txt
2014-06-25 02:22 - 2012-07-26 07:26 - 00000215 _____ () C:\WINDOWS\system.ini
2014-06-25 01:38 - 2013-11-11 01:07 - 00000898 _____ () C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-06-25 00:43 - 2014-06-25 00:43 - 00001264 _____ () C:\Users\SantaClara\Desktop\Revo Uninstaller.lnk
2014-06-25 00:43 - 2014-06-25 00:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 07:23 - 2014-06-23 00:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 00:25 - 2014-06-23 00:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 00:22 - 2014-06-23 00:22 - 00000000 ____D () C:\Users\SantaClara\Desktop\anti-malware
2014-06-22 23:27 - 2014-06-22 23:27 - 00000254 _____ () C:\Users\SantaClara\Desktop\defogger_enable.log
2014-06-22 23:27 - 2013-11-13 22:22 - 00000000 _____ () C:\Users\SantaClara\defogger_reenable
2014-06-22 19:52 - 2014-06-22 19:52 - 00000000 ____D () C:\Users\SantaClara\Documents\IT
2014-06-22 13:38 - 2013-07-14 19:50 - 00000000 ____D () C:\Users\SantaClara\Documents\aaTESTER
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\ProgramData\22279
2014-06-22 11:54 - 2013-01-28 19:20 - 00000000 ____D () C:\ProgramData\Norton
2014-06-22 11:52 - 2014-06-22 11:52 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-06-22 11:52 - 2014-06-22 11:52 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-06-22 11:52 - 2014-06-22 11:52 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 11:52 - 2013-01-28 19:21 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-22 11:48 - 2014-06-22 11:48 - 00001259 _____ () C:\Users\SantaClara\Desktop\Norton-Installationsdateien.lnk
2014-06-22 11:48 - 2013-11-13 08:55 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-06-22 11:34 - 2014-06-22 11:34 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-22 11:19 - 2014-06-22 11:19 - 00000000 ____D () C:\ProgramData\PCSettings
2014-06-21 16:23 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\SantaClara\Documents\Symantec
2014-06-19 03:39 - 2014-07-09 21:11 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 02:48 - 2014-07-09 21:11 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 02:16 - 2014-07-09 21:11 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:09 - 2014-07-09 21:11 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 01:51 - 2014-07-09 21:11 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 21:11 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 21:11 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 01:46 - 2014-07-09 21:11 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 01:39 - 2014-07-09 21:11 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 01:33 - 2014-07-09 21:11 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 21:11 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 01:27 - 2014-07-09 21:11 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 01:12 - 2014-07-09 21:11 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 00:59 - 2014-07-09 21:11 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 21:11 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 21:11 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 00:57 - 2014-07-09 21:11 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 00:52 - 2014-07-09 21:11 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 21:11 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 21:11 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 00:45 - 2014-07-09 21:11 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 21:11 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 21:11 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 21:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 21:11 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 21:11 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 21:11 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-17 00:26 - 2014-07-09 21:12 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-06-17 00:24 - 2014-07-09 21:12 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-16 23:31
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014
Ran by SantaClara at 2014-07-17 01:51:11
Running from C:\Users\SantaClara\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - )
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
EbOoKBrowsoe (HKLM-x32\...\{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}) (Version: - EbookBrowse)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version: - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare X64 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
HomepageFIX 2013 (HKLM-x32\...\HomepageFIX 2013_is1) (Version: Aktuelle Version - IN MEDIA KG)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
==================== Restore Points =========================
27-06-2014 18:40:15 Windows Update
09-07-2014 19:18:59 Windows Update
12-07-2014 16:22:47 Zune 4.8 installiert
==================== Hosts content: ==========================
2012-07-26 07:26 - 2014-06-25 02:21 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D5DD34B-4481-486D-BB20-BD500336FBEB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {566741B8-6187-4636-B5EA-3149881380E0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {66FD2B28-C412-47EA-B8EA-D1278784B07A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {888D153F-E674-4C66-8012-51D3DA0F9B2F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D8626DA-B77D-4C68-889A-882BEB7C0430} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC)
Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D5B56BAE-AD79-4F11-BD22-A42519998BAE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
==================== Loaded Modules (whitelisted) =============
2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-07-24 05:06 - 2012-07-24 05:06 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-01-28 19:08 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-08-15 13:12 - 2011-08-15 13:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-06-14 04:57 - 2012-06-14 04:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 13:12 - 2011-08-15 13:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 13:15 - 2011-08-15 13:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 09:41 - 2011-08-17 09:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 09:48 - 2011-08-17 09:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 09:48 - 2011-08-17 09:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 12:23 - 2011-08-15 12:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-06-14 04:56 - 2012-06-14 04:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-06-14 05:06 - 2012-06-14 05:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-06-14 04:55 - 2012-06-14 04:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 09:05 - 2011-07-19 09:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 13:17 - 2011-08-15 13:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 09:04 - 2011-07-19 09:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\SantaClara\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Bitcasa"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "PMSpeed"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Scan Buttons"
HKCU\...\StartupApproved\Run: => "iMesh"
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2014 01:33:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 11:33:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 11:21:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (07/16/2014 09:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17207, Zeitstempel: 0x53a22b71
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000839e5
ID des fehlerhaften Prozesses: 0x1958
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
System errors:
=============
Error: (07/16/2014 08:30:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/16/2014 08:08:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/16/2014 01:32:16 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/16/2014 00:25:24 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/15/2014 10:09:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/15/2014 08:22:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/13/2014 07:55:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/13/2014 05:21:49 PM) (Source: DCOM) (EventID: 10016) (User: MELO)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/13/2014 05:21:49 PM) (Source: DCOM) (EventID: 10016) (User: MELO)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/13/2014 05:21:48 PM) (Source: DCOM) (EventID: 10016) (User: MELO)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}MeloSantaClaraS-1-5-21-182115508-3913688524-3247281400-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (07/17/2014 01:33:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (07/16/2014 11:33:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
Error: (07/16/2014 11:23:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
Error: (07/16/2014 11:23:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
Error: (07/16/2014 11:21:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SantaClara\Desktop\esetsmartinstaller_deu.exe
Error: (07/16/2014 09:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30MSHTML.dll11.0.9600.1720753a22b71c0000005000839e5195801cfa12c6028a925C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\MSHTML.dllb34fe502-0d1f-11e4-beb1-1867b021d017
CodeIntegrity Errors:
===================================
Date: 2014-06-25 02:20:50.049
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-25 02:20:49.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-14 07:15:59.716
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3795.54 MB
Available physical RAM: 2226.62 MB
Total Pagefile: 4435.54 MB
Available Pagefile: 2639.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:442.73 GB) (Free:402.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B20F2230)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
| Themen zu Iminent hat mein Internet verseucht |
| administrator, adobe, cpu, downloader, emsisoft, error, explorer, farbar, farbar recovery scan tool, fehler, google, installation, internet, mozilla, nicht möglich, ntdll.dll, object, pdf, plug-in, programm, realtek, registry, richtlinie, security, services.exe, software, svchost.exe, symantec, system, windows, windowsapps, winlogon.exe, wlan |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
