Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.ADH.2 und Suspicious.Cloud.9

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.02.2014, 16:06   #1
Trollo
 
Trojan.ADH.2 und Suspicious.Cloud.9 - Frage

Trojan.ADH.2 und Suspicious.Cloud.9



Hallöle,

nach 5 min im Internet surfen auf Facebook, Google und Maxdome habe ich mir den Trojan.ADH.2 am 08.02.14 eingefangen.

Code:
ATTFilter
Dateiname: batbrowsebho.dll
Bedrohungsname: Trojan.ADH.2
Vollständiger Pfad: c:\program files (x86)\batbrowse\batbrowsebho.dll

____________________________



Details
Sehr wenige Benutzer,* Sehr neu,* Risiko Hoch





Ursprung
Heruntergeladen von
*hxxp://wpc.0952.edgecastcdn.net/800952/471459f1-c8e9-496f-b471-ee3d269b9c15-install/bed?bet=InternetExplorer





Aktivität
Ausgeführte Aktionen: 3



____________________________



Auf Computern ab*
26.10.2013 um 10:31:34


Zuletzt verwendet*
08.02.2014 um 12:18:35


Start-Element*
Nein


Gestarted*
Nein


____________________________


Sehr wenige Benutzer
Weniger als 5 Benutzer in der Norton Community haben diese Datei verwendet.

Sehr neu
Diese Datei wurde vor weniger als 1 Woche veröffentlicht.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.



____________________________


hxxp://wpc.0952.edgecastcdn.net/800952/471459f1-c8e9-496f-b471-ee3d269b9c15-install/bed?bet=InternetExplorer

Datei heruntergeladen batbrowsebho.dll Bedrohungsname: Trojan.ADH.2
  aus edgecastcdn.net

Quelle: externe Medien




utilbatbrowse.exe





 




Datei erstellt:
batbrowsebho.dll




____________________________

Dateiaktionen

Datei: c:\program files (x86)\batbrowse\ batbrowsebho.dll entfernt
____________________________

Registrierungsaktionen

Registrierungsänderung: HKEY_CLASSES_ROOT\CLSID\ {a7262c86-7809-4d76-a726-5a379f1a3158}, Registrierungsstruktur: 32 bit Löschen schlug fehl
Registrierungsänderung: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {a7262c86-7809-4d76-a726-5a379f1a3158}, Registrierungsstruktur: 32 bit Löschen schlug fehl
____________________________


Dateiabdruck - SHA:
580f6238045282ec390e290d1e064b31c4433327b5c9f5c544a62f1d55120df6
Dateiabdruck - MD5:
Nicht verfügbar
         
Habe soweit alles bereinigt. Norton drüber laufen lassen und auch Malewarebytes - der hat 32 infizierte Dateien gefunden und habe diese eben entfernt. Dann nochmal probeweise Malwarebytes suchen lassen - nichts gefunden. Zuletzt hab ich auch mal Adware mit AdwCleaner entfernt. Soweit so gut.

Malewarebytes Logs (ist nur eine Suche aber es wurden irgendwie zwei Logs erstellt):
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.08.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
**** :: ****-PC [Administrator]

08.02.2014 12:58:51
MBAM-log-2014-02-08 (15-44-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522229
Laufzeit: 1 Stunde(n), 43 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 7104 -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 3556 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 10
HKCR\CLSID\{a7262c86-7809-4d76-a726-5a379f1a3158} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{5f3fedef-b096-4123-97d7-f51b6a819ced} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{76FB2057-6D95-4642-B6C2-1E554CEA7EF7} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7262C86-7809-4D76-A726-5A379F1A3158} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\Update BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\Util BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\plugins (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 17
C:\Program Files (x86)\BatBrowse\BatBrowseBHO.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DigitalSites.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\BatBrowse.ico (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\BatBrowseUninstall.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\sqlite3.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\updateBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll.old.9f3df264-c789-4142-9598-30b968468f97 (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\BatBrowseBrowserFilter.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.FFUpdate.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.GCUpdate.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.IEUpdate.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.08.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
**** :: ****-PC [Administrator]

08.02.2014 12:58:51
mbam-log-2014-02-08 (12-58-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522229
Laufzeit: 1 Stunde(n), 43 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 7104 -> Löschen bei Neustart.
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 3556 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 10
HKCR\CLSID\{a7262c86-7809-4d76-a726-5a379f1a3158} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{5f3fedef-b096-4123-97d7-f51b6a819ced} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{76FB2057-6D95-4642-B6C2-1E554CEA7EF7} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7262C86-7809-4D76-A726-5A379F1A3158} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Update BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Util BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\plugins (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 17
C:\Program Files (x86)\BatBrowse\BatBrowseBHO.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DigitalSites.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\BatBrowse.ico (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\BatBrowseUninstall.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\sqlite3.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\updateBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll.old.9f3df264-c789-4142-9598-30b968468f97 (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\BatBrowseBrowserFilter.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.FFUpdate.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.GCUpdate.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.IEUpdate.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         





Am 12.02.14 war ich nur auf Facebook. Hab mir den Suspicious.Cloud.9 eingefangen (was auch immer das ist).

Code:
ATTFilter
Dateiname: upd.exe
Bedrohungsname: Suspicious.Cloud.9
Vollständiger Pfad: c:\users\heiko\appdata\local\temp\upd.exe

____________________________



Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch





Ursprung
Heruntergeladen von
*Unbekannt





Aktivität
Ausgeführte Aktionen: Ausgeführte Aktionen: 1



____________________________



Auf Computern ab*
Nicht verfügbar


Zuletzt verwendet*
12.02.2014 um 15:33:54


Start-Element*
Nein


Gestarted*
Nein


____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Hoch
Das Risiko dieser Datei ist hoch.

Art der Bedrohung: Heuristikvirus. Bedrohungserkennung auf der Basis von Malwareheuristiken.



____________________________



Quelle: externe Medien



____________________________

Dateiaktionen

Datei: c:\users\heiko\appdata\local\temp\ upd.exe entfernt
____________________________


Dateiabdruck - SHA:
8e7eac4f71e7448732852d979a5d461974c78df7b3a92c20ce1c7ad08214eb7f
Dateiabdruck - MD5:
Nicht verfügbar
         
Norton und Malewarebytes haben beide dann nichts mehr gefunden.

Heute, 14.02.14, wieder nur auf Facebook gewesen (ich spiele keine spiele oder sowas in Facebook!!) und wieder der Suspicous Virus (oder was das ist).

Bitte um Hilfe!!! Habe in nem Forum gelesen es wäre nur Adware... Habe deswegen gerade eben auch nochmal AdwCleaner laufen lassen. Quick-Scan von Norton hat nichts gefunden.

Geändert von Trollo (14.02.2014 um 16:19 Uhr)

Alt 14.02.2014, 17:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.02.2014, 19:18   #3
Trollo
 
Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by **** (administrator) on ****-PC on 14-02-2014 19:16:42
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\WINDOWS\system32\lxdfcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/Mario_Abiball/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/Mario_Abiball/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/Mario_Abiball/components/wmvhdrating.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default
FF DefaultSearchEngine: Wikipedia (de)
FF NetworkProxy: "http", "proxy-1.cojobo.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Flagfox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-02-08]
FF Extension: Domain Details - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013-07-24]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-24]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-05]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-10]
CHR Extension: (uDomainFlag) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklbfdpploakpkdakoielobggbhemlnm [2014-02-10]
CHR Extension: (Norton Identity Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-01-25]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252088 2012-08-25] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 lxdfCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\WINDOWS\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [165688 2012-08-25] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140213.002\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140213.033\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140213.033\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 19:15 - 2014-02-14 19:17 - 00022458 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-12 20:29 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 20:29 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-02-12 20:29 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 20:29 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 20:29 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 20:29 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-12 20:29 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-02-12 20:29 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-12 20:27 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 20:27 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 20:27 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 20:27 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-08 20:01 - 2014-02-14 19:15 - 00716045 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-08 18:24 - 2014-02-14 15:41 - 00008050 _____ () C:\WINDOWS\PFRO.log
2014-02-08 12:57 - 2014-02-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5
2014-01-16 19:42 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 19:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-16 19:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-16 19:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-16 19:41 - 2014-01-16 19:42 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 19:23 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2014-01-16 19:23 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2014-01-16 19:23 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2014-01-16 19:23 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-01-16 19:23 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-01-16 19:23 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2014-01-16 19:23 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-01-16 19:23 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-01-16 19:23 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-01-16 19:23 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-01-16 19:22 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-16 19:22 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 19:22 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-16 19:22 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 19:22 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys

==================== One Month Modified Files and Folders =======

2014-02-14 19:17 - 2014-02-14 19:15 - 00022458 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-14 19:16 - 2013-10-26 09:42 - 00000000 ____D () C:\FRST
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-14 19:15 - 2014-02-08 20:01 - 00716045 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-14 19:13 - 2013-10-23 15:18 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 19:11 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-14 15:54 - 2013-07-24 20:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-14 15:45 - 2013-10-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-02-14 15:42 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-14 15:41 - 2014-02-08 18:24 - 00008050 _____ () C:\WINDOWS\PFRO.log
2014-02-14 15:40 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-14 15:33 - 2013-10-27 17:08 - 00000000 ____D () C:\AdwCleaner
2014-02-14 15:31 - 2013-12-18 17:31 - 00000133 _____ () C:\Users\****\AppData\Roaming\WB.CFG
2014-02-14 15:31 - 2013-10-26 09:31 - 00000306 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-02-14 15:29 - 2013-10-23 15:18 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 21:45 - 2012-11-12 02:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-12 21:45 - 2012-11-12 02:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-12 21:45 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 20:34 - 2013-07-25 12:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 18:25 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-08 16:24 - 2013-07-24 22:12 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-02-08 16:17 - 2013-07-25 09:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-02-08 14:50 - 2014-02-08 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-06 19:32 - 2013-07-25 13:32 - 00000000 ____D () C:\Users\****\Documents\MAGIX_MusicMaker16Premium
2014-02-05 18:54 - 2013-07-24 20:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:30 - 2013-10-23 15:28 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:36 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\****\Documents\Privat
2014-02-03 20:24 - 2013-07-25 01:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713764075-1403762093-349256513-1002
2014-02-03 20:13 - 2013-07-25 01:13 - 00000000 ____D () C:\Users\****
2014-02-03 19:53 - 2013-07-30 16:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\IrfanView
2014-02-03 19:50 - 2013-07-25 09:01 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 19:47 - 2013-07-25 11:38 - 00000000 ____D () C:\Users\****\AppData\Local\Deployment
2014-02-03 19:46 - 2013-07-25 19:56 - 00000000 ____D () C:\Ubisoft
2014-02-03 17:21 - 2013-12-07 21:47 - 00000000 ____D () C:\rads
2014-02-03 17:21 - 2013-07-24 21:36 - 00000000 ____D () C:\Users\****\Desktop\Games
2014-02-03 14:40 - 2013-07-24 20:35 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-02-02 19:47 - 2013-07-25 20:47 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-02 19:47 - 2013-07-25 20:46 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-02 19:45 - 2013-07-25 20:46 - 00291488 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-02-01 19:52 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-02-01 10:20 - 2014-02-12 20:29 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 20:29 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 20:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 22:10 - 2013-11-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:28 - 2013-07-25 20:45 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-01-25 20:59 - 2013-07-25 12:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mp3tag
2014-01-25 16:21 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-01-25 16:16 - 2013-08-27 13:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\dvdcss
2014-01-19 13:23 - 2013-07-25 01:14 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-01-18 14:46 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\.gimp-2.8
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-18 12:47 - 2013-08-02 13:28 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0
2014-01-17 20:12 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5
2014-01-16 20:06 - 2013-10-20 15:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 19:51 - 2013-08-16 12:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 19:51 - 2013-07-24 20:51 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 19:42 - 2014-01-16 19:41 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 19:42 - 2013-07-24 21:32 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-06 15:05

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by **** at 2014-02-14 19:17:04
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Ashampoo Snap 5 v.5.1.5 (x32 Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.05 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EZdrummer Lite Installer (x32 Version: 1.3.1 - Toontrack)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4 - Focusrite Audio Engineering Limited.)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Foxtab (x32 Version:  - FoxTab) <==== ATTENTION
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guitar Pro 6 (x32 Version:  - Arobas Music)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (x32 Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lexmark 6500 Series (Version:  - Lexmark International, Inc.)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 16 Premium (x32 Version: 16.0.0.28 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
Mp3tag v2.57 (x32 Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (x32 Version: 1.0.0.0 - MAGIX AG)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo (x32 Version: 1.3.1 - Toontrack)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Zip Extractor (HKCU Version:  - ) <==== ATTENTION
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VirtualDJ Home FREE (x32 Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6 - Webocton)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKCU Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

24-01-2014 20:23:04 Geplanter Prüfpunkt
02-02-2014 14:11:46 Geplanter Prüfpunkt
03-02-2014 18:49:53 Removed League of Legends
12-02-2014 19:29:48 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17D56BDB-BDA4-4666-A10B-742237168D11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2685B524-6B5A-40D8-92C3-9BC88A7191A6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2BA98B35-B011-42CE-BBDD-BE79E4215036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2F84BFE1-0E57-46BA-B4FB-9F72E9DA0AA5} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {390CDF9B-53E3-44BE-84CE-19E0B2A5867A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {474C0E16-D6AA-466F-9F08-242197394681} - \DigitalSite No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E63B2B-5917-4B36-A508-DCE199A187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {AE80CD1E-1A14-4E09-91B3-E12ED5ABD7FE} - System32\Tasks\FoxTab => C:\Users\****\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B90BD215-7EFC-433C-B6DE-3C6150B602B4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C92E3D90-0771-45A5-B900-8C72C08AAB83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDC0BB9E-6570-42AB-BF35-CA765141157C} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {FB4E5ACD-0921-4EA1-BFFE-DAC2EF4D49E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\****\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-31 06:54 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 16:17 - 2012-09-14 03:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-10-04 14:49 - 2007-06-11 18:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-10-04 14:49 - 2007-06-01 13:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2013-06-27 21:12 - 2013-06-27 21:12 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-25 20:45 - 2014-01-25 21:28 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-11-11 18:01 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2013-10-04 14:49 - 2007-05-24 21:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-10-04 14:49 - 2007-05-03 16:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-10-04 14:49 - 2007-03-26 08:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-10-04 14:49 - 2007-06-01 13:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 304

Startzeit: 01cf25c6cf410638

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 5bdc6d45-91ba-11e3-bea1-b888e39448a7

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/09/2014 05:24:28 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cf25b314fa8b3d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 76c90334-91a6-11e3-bea1-b888e39448a7

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/06/2014 04:19:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5

Error: (02/06/2014 04:19:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5

Error: (02/05/2014 06:21:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lxdfcoms.exe, Version: 1.0.2.0, Zeitstempel: 0x464c9d04
Name des fehlerhaften Moduls: lxdfhbn3.dll, Version: 1.0.2.0, Zeitstempel: 0x464c9d06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005fc13
ID des fehlerhaften Prozesses: 0x4b0
Startzeit der fehlerhaften Anwendung: 0xlxdfcoms.exe0
Pfad der fehlerhaften Anwendung: lxdfcoms.exe1
Pfad des fehlerhaften Moduls: lxdfcoms.exe2
Berichtskennung: lxdfcoms.exe3
Vollständiger Name des fehlerhaften Pakets: lxdfcoms.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: lxdfcoms.exe5

Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (01/25/2014 02:08:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0, Zeitstempel: 0x5199de21
Name des fehlerhaften Moduls: RSECore.dll, Version: 0.0.0.0, Zeitstempel: 0x5199daa6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056708
ID des fehlerhaften Prozesses: 0x1654
Startzeit der fehlerhaften Anwendung: 0xGuitarPro.exe0
Pfad der fehlerhaften Anwendung: GuitarPro.exe1
Pfad des fehlerhaften Moduls: GuitarPro.exe2
Berichtskennung: GuitarPro.exe3
Vollständiger Name des fehlerhaften Pakets: GuitarPro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GuitarPro.exe5


System errors:
=============
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 04:18:21 PM) (Source: DCOM) (User: ****-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/05/2014 06:21:42 PM) (Source: Service Control Manager) (User: )
Description: Dienst "lxdf_device" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/01/2014 05:33:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642030401cf25c6cf4106384294967295C:\WINDOWS\system32\wwahost.exe5bdc6d45-91ba-11e3-bea1-b888e39448a7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Error: (02/09/2014 05:24:28 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420c2c01cf25b314fa8b3d4294967295C:\WINDOWS\system32\wwahost.exe76c90334-91a6-11e3-bea1-b888e39448a7Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbweApp

Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe

Error: (02/06/2014 04:19:48 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000041d00805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1da345f3-8f42-11e3-be9f-b888e39448a7

Error: (02/06/2014 04:19:43 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000000500805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1a4077b1-8f42-11e3-be9f-b888e39448a7

Error: (02/05/2014 06:21:04 PM) (Source: Application Error)(User: )
Description: lxdfcoms.exe1.0.2.0464c9d04lxdfhbn3.dll1.0.2.0464c9d06c0000005000000000005fc134b001cf1f6785be3db9C:\WINDOWS\system32\lxdfcoms.exeC:\WINDOWS\system32\lxdfhbn3.dlle3e94d9d-8e89-11e3-be9f-b888e39448a7

Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (01/25/2014 02:08:04 PM) (Source: Application Error)(User: )
Description: GuitarPro.exe0.0.0.05199de21RSECore.dll0.0.0.05199daa6c000000500056708165401cf19c1fe05c357C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\Program Files (x86)\Guitar Pro 6\RSECore.dllb926ec33-85c1-11e3-be9e-b888e39448a7


CodeIntegrity Errors:
===================================
  Date: 2014-02-08 16:17:52.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-06 18:35:37.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-06 18:31:00.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 21:24:12.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 21:02:14.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 17:34:35.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-29 20:33:16.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-26 13:52:16.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-26 12:17:43.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-25 21:10:12.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8057.77 MB
Available physical RAM: 5966 MB
Total Pagefile: 9273.77 MB
Available Pagefile: 7094.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:542.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 38E90BD1)

Partition: GPT Partition Type
==================== End Of Log ============================
         
__________________

Alt 15.02.2014, 18:01   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.02.2014, 13:34   #5
Trollo
 
Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



1. AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 13:13:06
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : **** - ****-PC
# Gestartet von : C:\Users\****\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2218 octets] - [27/10/2013 17:08:51]
AdwCleaner[R1].txt - [1318 octets] - [08/02/2014 18:23:03]
AdwCleaner[R2].txt - [1249 octets] - [14/02/2014 15:32:54]
AdwCleaner[R3].txt - [1370 octets] - [16/02/2014 13:12:43]
AdwCleaner[S0].txt - [2021 octets] - [27/10/2013 17:10:41]
AdwCleaner[S1].txt - [1379 octets] - [08/02/2014 18:23:49]
AdwCleaner[S2].txt - [1311 octets] - [14/02/2014 15:33:46]
AdwCleaner[S3].txt - [1291 octets] - [16/02/2014 13:13:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1351 octets] ##########
         
2. JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by **** on 16.02.2014 at 13:21:45,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2014 at 13:26:13,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
3. FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by **** (administrator) on ****-PC on 16-02-2014 13:28:43
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\WINDOWS\system32\lxdfcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/Mario_Abiball/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/Mario_Abiball/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/Mario_Abiball/components/wmvhdrating.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default
FF DefaultSearchEngine: Wikipedia (de)
FF NetworkProxy: "http", "proxy-1.cojobo.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Flagfox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-02-08]
FF Extension: Domain Details - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013-07-24]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-24]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-05]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-10]
CHR Extension: (uDomainFlag) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklbfdpploakpkdakoielobggbhemlnm [2014-02-10]
CHR Extension: (Norton Identity Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-01-25]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252088 2012-08-25] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 lxdfCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\WINDOWS\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [165688 2012-08-25] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140214.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140215.007\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140215.007\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-14 19:17 - 2014-02-14 19:17 - 00032439 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-14 19:15 - 2014-02-16 13:29 - 00022222 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-12 20:30 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 20:30 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 20:29 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 20:29 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-02-12 20:29 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 20:29 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 20:29 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 20:29 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-12 20:29 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-02-12 20:29 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-12 20:27 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 20:27 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 20:27 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 20:27 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-08 12:57 - 2014-02-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5

==================== One Month Modified Files and Folders =======

2014-02-16 13:29 - 2014-02-14 19:15 - 00022222 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-16 13:29 - 2013-10-23 15:18 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 13:28 - 2013-10-26 09:42 - 00000000 ____D () C:\FRST
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:17 - 2013-10-23 15:18 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 13:17 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-16 13:16 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-16 13:15 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-16 13:13 - 2013-10-27 17:08 - 00000000 ____D () C:\AdwCleaner
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-16 13:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-16 12:54 - 2013-07-24 20:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-15 16:31 - 2013-10-26 09:31 - 00000306 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-02-15 16:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-15 15:59 - 2013-10-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-02-14 19:17 - 2014-02-14 19:17 - 00032439 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-14 15:31 - 2013-12-18 17:31 - 00000133 _____ () C:\Users\****\AppData\Roaming\WB.CFG
2014-02-12 21:45 - 2012-11-12 02:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-12 21:45 - 2012-11-12 02:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-12 21:45 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 20:34 - 2013-07-25 12:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 16:24 - 2013-07-24 22:12 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-02-08 16:17 - 2013-07-25 09:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-02-08 14:50 - 2014-02-08 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-06 19:32 - 2013-07-25 13:32 - 00000000 ____D () C:\Users\****\Documents\MAGIX_MusicMaker16Premium
2014-02-05 18:54 - 2013-07-24 20:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:30 - 2013-10-23 15:28 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:36 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\****\Documents\Privat
2014-02-03 20:24 - 2013-07-25 01:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713764075-1403762093-349256513-1002
2014-02-03 20:13 - 2013-07-25 01:13 - 00000000 ____D () C:\Users\****
2014-02-03 19:53 - 2013-07-30 16:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\IrfanView
2014-02-03 19:50 - 2013-07-25 09:01 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 19:47 - 2013-07-25 11:38 - 00000000 ____D () C:\Users\****\AppData\Local\Deployment
2014-02-03 19:46 - 2013-07-25 19:56 - 00000000 ____D () C:\Ubisoft
2014-02-03 17:21 - 2013-12-07 21:47 - 00000000 ____D () C:\rads
2014-02-03 17:21 - 2013-07-24 21:36 - 00000000 ____D () C:\Users\****\Desktop\Games
2014-02-03 14:40 - 2013-07-24 20:35 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-02-02 19:47 - 2013-07-25 20:47 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-02 19:47 - 2013-07-25 20:46 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-02 19:45 - 2013-07-25 20:46 - 00291488 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-02-01 10:20 - 2014-02-12 20:29 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 20:29 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 20:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 22:10 - 2013-11-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:28 - 2013-07-25 20:45 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-01-25 20:59 - 2013-07-25 12:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mp3tag
2014-01-25 16:21 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-01-25 16:16 - 2013-08-27 13:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\dvdcss
2014-01-19 13:23 - 2013-07-25 01:14 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-01-18 14:46 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\.gimp-2.8
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-18 12:47 - 2013-08-02 13:28 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0
2014-01-17 20:12 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-06 15:05

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by **** at 2014-02-16 13:29:12
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Ashampoo Snap 5 v.5.1.5 (x32 Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.05 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EZdrummer Lite Installer (x32 Version: 1.3.1 - Toontrack)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4 - Focusrite Audio Engineering Limited.)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Foxtab (x32 Version:  - FoxTab) <==== ATTENTION
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guitar Pro 6 (x32 Version:  - Arobas Music)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (x32 Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lexmark 6500 Series (Version:  - Lexmark International, Inc.)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 16 Premium (x32 Version: 16.0.0.28 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
Mp3tag v2.57 (x32 Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (x32 Version: 1.0.0.0 - MAGIX AG)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo (x32 Version: 1.3.1 - Toontrack)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Zip Extractor (HKCU Version:  - ) <==== ATTENTION
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VirtualDJ Home FREE (x32 Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6 - Webocton)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKCU Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

24-01-2014 20:23:04 Geplanter Prüfpunkt
02-02-2014 14:11:46 Geplanter Prüfpunkt
03-02-2014 18:49:53 Removed League of Legends
12-02-2014 19:29:48 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17D56BDB-BDA4-4666-A10B-742237168D11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2685B524-6B5A-40D8-92C3-9BC88A7191A6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2BA98B35-B011-42CE-BBDD-BE79E4215036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2F84BFE1-0E57-46BA-B4FB-9F72E9DA0AA5} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {390CDF9B-53E3-44BE-84CE-19E0B2A5867A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {474C0E16-D6AA-466F-9F08-242197394681} - \DigitalSite No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E63B2B-5917-4B36-A508-DCE199A187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {AE80CD1E-1A14-4E09-91B3-E12ED5ABD7FE} - System32\Tasks\FoxTab => C:\Users\****\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B90BD215-7EFC-433C-B6DE-3C6150B602B4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C92E3D90-0771-45A5-B900-8C72C08AAB83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDC0BB9E-6570-42AB-BF35-CA765141157C} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {FB4E5ACD-0921-4EA1-BFFE-DAC2EF4D49E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\****\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-31 06:54 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 16:17 - 2012-09-14 03:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-10-04 14:49 - 2007-06-11 18:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-10-04 14:49 - 2007-06-01 13:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-04 14:49 - 2007-05-24 21:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-10-04 14:49 - 2007-05-03 16:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-10-04 14:49 - 2007-03-26 08:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-10-04 14:49 - 2007-06-01 13:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 304

Startzeit: 01cf25c6cf410638

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 5bdc6d45-91ba-11e3-bea1-b888e39448a7

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/09/2014 05:24:28 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cf25b314fa8b3d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 76c90334-91a6-11e3-bea1-b888e39448a7

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/06/2014 04:19:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5

Error: (02/06/2014 04:19:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5

Error: (02/05/2014 06:21:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lxdfcoms.exe, Version: 1.0.2.0, Zeitstempel: 0x464c9d04
Name des fehlerhaften Moduls: lxdfhbn3.dll, Version: 1.0.2.0, Zeitstempel: 0x464c9d06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005fc13
ID des fehlerhaften Prozesses: 0x4b0
Startzeit der fehlerhaften Anwendung: 0xlxdfcoms.exe0
Pfad der fehlerhaften Anwendung: lxdfcoms.exe1
Pfad des fehlerhaften Moduls: lxdfcoms.exe2
Berichtskennung: lxdfcoms.exe3
Vollständiger Name des fehlerhaften Pakets: lxdfcoms.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: lxdfcoms.exe5

Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (01/25/2014 02:08:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0, Zeitstempel: 0x5199de21
Name des fehlerhaften Moduls: RSECore.dll, Version: 0.0.0.0, Zeitstempel: 0x5199daa6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056708
ID des fehlerhaften Prozesses: 0x1654
Startzeit der fehlerhaften Anwendung: 0xGuitarPro.exe0
Pfad der fehlerhaften Anwendung: GuitarPro.exe1
Pfad des fehlerhaften Moduls: GuitarPro.exe2
Berichtskennung: GuitarPro.exe3
Vollständiger Name des fehlerhaften Pakets: GuitarPro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GuitarPro.exe5


System errors:
=============
Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 04:18:21 PM) (Source: DCOM) (User: ****-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642030401cf25c6cf4106384294967295C:\WINDOWS\system32\wwahost.exe5bdc6d45-91ba-11e3-bea1-b888e39448a7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Error: (02/09/2014 05:24:28 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420c2c01cf25b314fa8b3d4294967295C:\WINDOWS\system32\wwahost.exe76c90334-91a6-11e3-bea1-b888e39448a7Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbweApp

Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe

Error: (02/06/2014 04:19:48 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000041d00805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1da345f3-8f42-11e3-be9f-b888e39448a7

Error: (02/06/2014 04:19:43 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000000500805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1a4077b1-8f42-11e3-be9f-b888e39448a7

Error: (02/05/2014 06:21:04 PM) (Source: Application Error)(User: )
Description: lxdfcoms.exe1.0.2.0464c9d04lxdfhbn3.dll1.0.2.0464c9d06c0000005000000000005fc134b001cf1f6785be3db9C:\WINDOWS\system32\lxdfcoms.exeC:\WINDOWS\system32\lxdfhbn3.dlle3e94d9d-8e89-11e3-be9f-b888e39448a7

Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (01/25/2014 02:08:04 PM) (Source: Application Error)(User: )
Description: GuitarPro.exe0.0.0.05199de21RSECore.dll0.0.0.05199daa6c000000500056708165401cf19c1fe05c357C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\Program Files (x86)\Guitar Pro 6\RSECore.dllb926ec33-85c1-11e3-be9e-b888e39448a7


CodeIntegrity Errors:
===================================
  Date: 2014-02-08 16:17:52.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-06 18:35:37.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-06 18:31:00.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 21:24:12.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 21:02:14.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 17:34:35.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-29 20:33:16.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-26 13:52:16.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-26 12:17:43.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-25 21:10:12.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8057.77 MB
Available physical RAM: 5938.97 MB
Total Pagefile: 9273.77 MB
Available Pagefile: 7083.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:542.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 38E90BD1)

Partition: GPT Partition Type
==================== End Of Log ============================
         


Alt 17.02.2014, 13:17   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Trojan.ADH.2 und Suspicious.Cloud.9

Alt 17.02.2014, 19:17   #7
Trollo
 
Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=42603a2ad0872e429706459505b4721a
# engine=17105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 06:05:42
# local_time=2014-02-17 07:05:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=3591 16777213 83 88 791125 155256927 0 0
# compatibility_mode=5893 16776574 100 94 15836845 52166453 0 0
# scanned=415368
# found=0
# cleaned=0
# scan_time=10560
         
Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender               
Norton Internet Security CBE   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.44  
 Adobe Reader XI  
 Mozilla Firefox 25.0.1 Firefox out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by **** (administrator) on ****-PC on 17-02-2014 19:14:20
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\WINDOWS\system32\lxdfcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3713764075-1403762093-349256513-1002\...\Run: [RESTART_STICKY_NOTES] - C:\WINDOWS\system32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/Mario_Abiball/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/Mario_Abiball/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/Mario_Abiball/components/wmvhdrating.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default
FF DefaultSearchEngine: Wikipedia (de)
FF NetworkProxy: "http", "proxy-1.cojobo.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Flagfox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-02-08]
FF Extension: Domain Details - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013-07-24]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-24]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-05]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-10]
CHR Extension: (uDomainFlag) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklbfdpploakpkdakoielobggbhemlnm [2014-02-10]
CHR Extension: (Norton Identity Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-01-25]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252088 2012-08-25] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 lxdfCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\WINDOWS\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [165688 2012-08-25] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140214.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140217.001\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140217.001\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2014-02-17 19:10 - 2014-02-17 19:10 - 00987425 _____ () C:\Users\****\Downloads\SecurityCheck.exe
2014-02-16 16:37 - 2014-02-16 16:37 - 00051165 _____ () C:\Users\****\Downloads\prodigy_invaders_must_die.gp5
2014-02-16 14:18 - 2014-02-17 18:06 - 00140757 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-14 19:17 - 2014-02-16 13:29 - 00032133 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-14 19:15 - 2014-02-17 19:14 - 02152448 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-14 19:15 - 2014-02-17 19:14 - 00022469 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-12 20:30 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 20:30 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 20:29 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 20:29 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-02-12 20:29 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 20:29 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 20:29 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 20:29 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-12 20:29 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-02-12 20:29 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-12 20:27 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 20:27 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 20:27 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 20:27 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-08 12:57 - 2014-02-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2014-02-17 19:14 - 2014-02-14 19:15 - 02152448 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-17 19:14 - 2014-02-14 19:15 - 00022469 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-17 19:14 - 2013-10-26 09:42 - 00000000 ____D () C:\FRST
2014-02-17 19:10 - 2014-02-17 19:10 - 00987425 _____ () C:\Users\****\Downloads\SecurityCheck.exe
2014-02-17 19:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-17 18:54 - 2013-07-24 20:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-17 18:31 - 2013-10-26 09:31 - 00000306 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-02-17 18:29 - 2013-10-23 15:18 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 18:06 - 2014-02-16 14:18 - 00140757 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-17 17:55 - 2013-08-16 12:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-17 17:53 - 2013-07-24 20:51 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-17 16:42 - 2013-10-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-02-17 16:08 - 2012-11-12 02:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-17 16:08 - 2012-11-12 02:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-17 16:08 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-17 15:46 - 2013-10-23 15:18 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 16:37 - 2014-02-16 16:37 - 00051165 _____ () C:\Users\****\Downloads\prodigy_invaders_must_die.gp5
2014-02-16 13:29 - 2014-02-14 19:17 - 00032133 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:17 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-16 13:16 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-16 13:15 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-16 13:13 - 2013-10-27 17:08 - 00000000 ____D () C:\AdwCleaner
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-15 16:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-14 15:31 - 2013-12-18 17:31 - 00000133 _____ () C:\Users\****\AppData\Roaming\WB.CFG
2014-02-12 20:34 - 2013-07-25 12:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 16:24 - 2013-07-24 22:12 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-02-08 16:17 - 2013-07-25 09:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-02-08 14:50 - 2014-02-08 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-06 19:32 - 2013-07-25 13:32 - 00000000 ____D () C:\Users\****\Documents\MAGIX_MusicMaker16Premium
2014-02-05 18:54 - 2013-07-24 20:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:30 - 2013-10-23 15:28 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:36 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\****\Documents\Privat
2014-02-03 20:24 - 2013-07-25 01:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713764075-1403762093-349256513-1002
2014-02-03 20:13 - 2013-07-25 01:13 - 00000000 ____D () C:\Users\****
2014-02-03 19:53 - 2013-07-30 16:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\IrfanView
2014-02-03 19:50 - 2013-07-25 09:01 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 19:47 - 2013-07-25 11:38 - 00000000 ____D () C:\Users\****\AppData\Local\Deployment
2014-02-03 19:46 - 2013-07-25 19:56 - 00000000 ____D () C:\Ubisoft
2014-02-03 17:21 - 2013-12-07 21:47 - 00000000 ____D () C:\rads
2014-02-03 17:21 - 2013-07-24 21:36 - 00000000 ____D () C:\Users\****\Desktop\Games
2014-02-03 14:40 - 2013-07-24 20:35 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-02-02 19:47 - 2013-07-25 20:47 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-02 19:47 - 2013-07-25 20:46 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-02 19:45 - 2013-07-25 20:46 - 00291488 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-02-01 10:20 - 2014-02-12 20:29 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 20:29 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 20:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 22:10 - 2013-11-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:28 - 2013-07-25 20:45 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-01-25 20:59 - 2013-07-25 12:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mp3tag
2014-01-25 16:21 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-01-25 16:16 - 2013-08-27 13:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\dvdcss
2014-01-19 13:23 - 2013-07-25 01:14 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-01-18 14:46 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\.gimp-2.8
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-18 12:47 - 2013-08-02 13:28 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\upd.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-17 17:53

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by **** at 2014-02-17 19:15:10
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Ashampoo Snap 5 v.5.1.5 (x32 Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.05 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EZdrummer Lite Installer (x32 Version: 1.3.1 - Toontrack)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4 - Focusrite Audio Engineering Limited.)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Foxtab (x32 Version:  - FoxTab) <==== ATTENTION
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guitar Pro 6 (x32 Version:  - Arobas Music)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (x32 Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lexmark 6500 Series (Version:  - Lexmark International, Inc.)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 16 Premium (x32 Version: 16.0.0.28 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
Mp3tag v2.57 (x32 Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (x32 Version: 1.0.0.0 - MAGIX AG)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo (x32 Version: 1.3.1 - Toontrack)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Zip Extractor (HKCU Version:  - ) <==== ATTENTION
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VirtualDJ Home FREE (x32 Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6 - Webocton)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKCU Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

24-01-2014 20:23:04 Geplanter Prüfpunkt
02-02-2014 14:11:46 Geplanter Prüfpunkt
03-02-2014 18:49:53 Removed League of Legends
12-02-2014 19:29:48 Windows Update
17-02-2014 16:51:20 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17D56BDB-BDA4-4666-A10B-742237168D11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2685B524-6B5A-40D8-92C3-9BC88A7191A6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2BA98B35-B011-42CE-BBDD-BE79E4215036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2F84BFE1-0E57-46BA-B4FB-9F72E9DA0AA5} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {390CDF9B-53E3-44BE-84CE-19E0B2A5867A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {474C0E16-D6AA-466F-9F08-242197394681} - \DigitalSite No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E63B2B-5917-4B36-A508-DCE199A187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {AE80CD1E-1A14-4E09-91B3-E12ED5ABD7FE} - System32\Tasks\FoxTab => C:\Users\****\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B90BD215-7EFC-433C-B6DE-3C6150B602B4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C92E3D90-0771-45A5-B900-8C72C08AAB83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDC0BB9E-6570-42AB-BF35-CA765141157C} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {FB4E5ACD-0921-4EA1-BFFE-DAC2EF4D49E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\****\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-07-25 11:06 - 2013-07-25 11:07 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-31 06:54 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-04 14:49 - 2007-06-11 18:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-07-26 16:17 - 2012-09-14 03:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-10-04 14:49 - 2007-06-01 13:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-04 14:49 - 2007-05-24 21:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-10-04 14:49 - 2007-05-03 16:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-10-04 14:49 - 2007-03-26 08:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-10-04 14:49 - 2007-06-01 13:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 07:06:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/17/2014 06:26:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/17/2014 04:08:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/17/2014 04:08:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/17/2014 04:08:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/17/2014 04:08:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/09/2014 07:45:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 304

Startzeit: 01cf25c6cf410638

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 5bdc6d45-91ba-11e3-bea1-b888e39448a7

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/09/2014 05:24:28 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cf25b314fa8b3d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 76c90334-91a6-11e3-bea1-b888e39448a7

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.


System errors:
=============
Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.

Error: (02/08/2014 04:18:21 PM) (Source: DCOM) (User: ****-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (02/17/2014 07:06:52 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/17/2014 06:26:53 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/17/2014 04:08:06 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe

Error: (02/17/2014 04:08:05 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe

Error: (02/17/2014 04:08:00 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe

Error: (02/17/2014 04:08:00 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe

Error: (02/09/2014 07:45:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642030401cf25c6cf4106384294967295C:\WINDOWS\system32\wwahost.exe5bdc6d45-91ba-11e3-bea1-b888e39448a7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe

Error: (02/09/2014 05:24:28 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420c2c01cf25b314fa8b3d4294967295C:\WINDOWS\system32\wwahost.exe76c90334-91a6-11e3-bea1-b888e39448a7Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbweApp

Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe


CodeIntegrity Errors:
===================================
  Date: 2014-02-08 16:17:52.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-06 18:35:37.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-06 18:31:00.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 21:24:12.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 21:02:14.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 17:34:35.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-29 20:33:16.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-26 13:52:16.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-26 12:17:43.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-25 21:10:12.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8057.77 MB
Available physical RAM: 5270.29 MB
Total Pagefile: 9273.77 MB
Available Pagefile: 6375.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:541.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:726.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 38E90BD1)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5E47A00E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Ist soweit alles wieder clean? Was war diese cloud.9 eigentlich? Virus oder Adware?

Alt 18.02.2014, 13:05   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



Adware

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.02.2014, 20:48   #9
Trollo
 
Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



Alles klar Vielen vielen Dank für deine Hilfe !!!!

Alt 19.02.2014, 16:30   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan.ADH.2 und Suspicious.Cloud.9 - Standard

Trojan.ADH.2 und Suspicious.Cloud.9



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojan.ADH.2 und Suspicious.Cloud.9
32 bit, adware, appdata, browser, cloud, code, computer, datei, dateien, forum, google, helper, hilfe!, infizierte, install.exe, internet, log, löschen, malwarebytes, microsoft, neu, norton, programme, software, suche, surfen, suspicious, suspicious.cloud.9, temp, trojaner, windows




Ähnliche Themen: Trojan.ADH.2 und Suspicious.Cloud.9


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. Suspicious.Cloud.9
    Plagegeister aller Art und deren Bekämpfung - 16.01.2015 (7)
  3. suspicious.cloud.7 und suspicious.cloud.9 - ist es riskant, eine einzelne Datei (Excel) auf ein sauberes System zu kopieren?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (3)
  4. Suspicious.cloud.9 verhindert https-Seiten
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (7)
  5. Maleware Suspicious.cloud ? Ist mein Rechner befallen?
    Log-Analyse und Auswertung - 24.05.2014 (15)
  6. Infizierte Registrierungsschlüssel sowie suspicious.cloud.9.
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (9)
  7. Windows 7: Norton meldet Fund von Suspicious.Cloud.5
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (9)
  8. Suspicious.Cloud.7.EP von Norton gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (13)
  9. Suspicious.Cloud.2 - bit8ae0.temp - Norton hat einen Virus gefunden!
    Plagegeister aller Art und deren Bekämpfung - 07.08.2013 (6)
  10. Suspicious.cloud.5 (groupon virus)
    Log-Analyse und Auswertung - 11.03.2013 (3)
  11. cloud behaviour .suspicious@1
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (24)
  12. 50€-Trojaner "Suspicious.Cloud.7.EP"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (25)
  13. Windows gesperrt suspicious cloud 50€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (5)
  14. Suspicious.Cloud.7.EP
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (53)
  15. Spyware.Passwords.XGen, Trojan.Dropper.PGen, Packer.Suspicious, JAVA/Agent.2212
    Plagegeister aller Art und deren Bekämpfung - 05.12.2010 (3)
  16. Suspicious:W32/Malware!Gemini
    Plagegeister aller Art und deren Bekämpfung - 09.03.2009 (9)
  17. Trojaner Trojan.Downloader-Gen/Suspicious?
    Plagegeister aller Art und deren Bekämpfung - 26.03.2008 (2)

Zum Thema Trojan.ADH.2 und Suspicious.Cloud.9 - Hallöle, nach 5 min im Internet surfen auf Facebook, Google und Maxdome habe ich mir den Trojan.ADH.2 am 08.02.14 eingefangen. Code: Alles auswählen Aufklappen ATTFilter Dateiname: batbrowsebho.dll Bedrohungsname: Trojan.ADH.2 Vollständiger - Trojan.ADH.2 und Suspicious.Cloud.9...
Archiv
Du betrachtest: Trojan.ADH.2 und Suspicious.Cloud.9 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.