| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.ADH.2 und Suspicious.Cloud.9Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.02.2014, 15:06
| #1 |
 |  Trojan.ADH.2 und Suspicious.Cloud.9 Hallöle, nach 5 min im Internet surfen auf Facebook, Google und Maxdome habe ich mir den Trojan.ADH.2 am 08.02.14 eingefangen. Code:
ATTFilter Dateiname: batbrowsebho.dll
Bedrohungsname: Trojan.ADH.2
Vollständiger Pfad: c:\program files (x86)\batbrowse\batbrowsebho.dll
____________________________
Details
Sehr wenige Benutzer,* Sehr neu,* Risiko Hoch
Ursprung
Heruntergeladen von
*hxxp://wpc.0952.edgecastcdn.net/800952/471459f1-c8e9-496f-b471-ee3d269b9c15-install/bed?bet=InternetExplorer
Aktivität
Ausgeführte Aktionen: 3
____________________________
Auf Computern ab*
26.10.2013 um 10:31:34
Zuletzt verwendet*
08.02.2014 um 12:18:35
Start-Element*
Nein
Gestarted*
Nein
____________________________
Sehr wenige Benutzer
Weniger als 5 Benutzer in der Norton Community haben diese Datei verwendet.
Sehr neu
Diese Datei wurde vor weniger als 1 Woche veröffentlicht.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
hxxp://wpc.0952.edgecastcdn.net/800952/471459f1-c8e9-496f-b471-ee3d269b9c15-install/bed?bet=InternetExplorer
Datei heruntergeladen batbrowsebho.dll Bedrohungsname: Trojan.ADH.2
aus edgecastcdn.net
Quelle: externe Medien
utilbatbrowse.exe
Datei erstellt:
batbrowsebho.dll
____________________________
Dateiaktionen
Datei: c:\program files (x86)\batbrowse\ batbrowsebho.dll entfernt
____________________________
Registrierungsaktionen
Registrierungsänderung: HKEY_CLASSES_ROOT\CLSID\ {a7262c86-7809-4d76-a726-5a379f1a3158}, Registrierungsstruktur: 32 bit Löschen schlug fehl
Registrierungsänderung: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {a7262c86-7809-4d76-a726-5a379f1a3158}, Registrierungsstruktur: 32 bit Löschen schlug fehl
____________________________
Dateiabdruck - SHA:
580f6238045282ec390e290d1e064b31c4433327b5c9f5c544a62f1d55120df6
Dateiabdruck - MD5:
Nicht verfügbar
Malewarebytes Logs (ist nur eine Suche aber es wurden irgendwie zwei Logs erstellt): Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.08.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 **** :: ****-PC [Administrator] 08.02.2014 12:58:51 MBAM-log-2014-02-08 (15-44-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 522229 Laufzeit: 1 Stunde(n), 43 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 7104 -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 3556 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 1 C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 10 HKCR\CLSID\{a7262c86-7809-4d76-a726-5a379f1a3158} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{5f3fedef-b096-4123-97d7-f51b6a819ced} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKCR\Interface\{76FB2057-6D95-4642-B6C2-1E554CEA7EF7} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7262C86-7809-4D76-A726-5A379F1A3158} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Update BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\Util BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Program Files (x86)\BatBrowse (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\plugins (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 17 C:\Program Files (x86)\BatBrowse\BatBrowseBHO.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DigitalSites.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\BatBrowse.ico (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\BatBrowseUninstall.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\sqlite3.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\updateBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll.old.9f3df264-c789-4142-9598-30b968468f97 (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\BatBrowseBrowserFilter.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.FFUpdate.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.GCUpdate.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.IEUpdate.dll (PUP.Optional.BatBrowse.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.08.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 **** :: ****-PC [Administrator] 08.02.2014 12:58:51 mbam-log-2014-02-08 (12-58-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 522229 Laufzeit: 1 Stunde(n), 43 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 7104 -> Löschen bei Neustart. C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 3556 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 10 HKCR\CLSID\{a7262c86-7809-4d76-a726-5a379f1a3158} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{5f3fedef-b096-4123-97d7-f51b6a819ced} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{76FB2057-6D95-4642-B6C2-1E554CEA7EF7} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7262C86-7809-4D76-A726-5A379F1A3158} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Update BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Util BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Program Files (x86)\BatBrowse (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\plugins (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 17 C:\Program Files (x86)\BatBrowse\BatBrowseBHO.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DigitalSites.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\BatBrowse.ico (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\BatBrowseUninstall.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\sqlite3.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\updateBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\BatBrowse.BrowserFilter.Helper.dll.old.9f3df264-c789-4142-9598-30b968468f97 (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\BatBrowseBrowserFilter.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\sqlite3.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.FFUpdate.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.GCUpdate.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BatBrowse\bin\plugins\BatBrowse.IEUpdate.dll (PUP.Optional.BatBrowse.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Am 12.02.14 war ich nur auf Facebook. Hab mir den Suspicious.Cloud.9 eingefangen (was auch immer das ist). Code:
ATTFilter Dateiname: upd.exe
Bedrohungsname: Suspicious.Cloud.9
Vollständiger Pfad: c:\users\heiko\appdata\local\temp\upd.exe
____________________________
Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Hoch
Ursprung
Heruntergeladen von
*Unbekannt
Aktivität
Ausgeführte Aktionen: Ausgeführte Aktionen: 1
____________________________
Auf Computern ab*
Nicht verfügbar
Zuletzt verwendet*
12.02.2014 um 15:33:54
Start-Element*
Nein
Gestarted*
Nein
____________________________
Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.
Unbekannt
Diese Dateiversion ist nicht bekannt.
Hoch
Das Risiko dieser Datei ist hoch.
Art der Bedrohung: Heuristikvirus. Bedrohungserkennung auf der Basis von Malwareheuristiken.
____________________________
Quelle: externe Medien
____________________________
Dateiaktionen
Datei: c:\users\heiko\appdata\local\temp\ upd.exe entfernt
____________________________
Dateiabdruck - SHA:
8e7eac4f71e7448732852d979a5d461974c78df7b3a92c20ce1c7ad08214eb7f
Dateiabdruck - MD5:
Nicht verfügbar
Heute, 14.02.14, wieder nur auf Facebook gewesen (ich spiele keine spiele oder sowas in Facebook!!) und wieder der Suspicous Virus (oder was das ist). Bitte um Hilfe!!! Habe in nem Forum gelesen es wäre nur Adware... Habe deswegen gerade eben auch nochmal AdwCleaner laufen lassen. Quick-Scan von Norton hat nichts gefunden. Geändert von Trollo (14.02.2014 um 15:19 Uhr) |
|
14.02.2014, 16:24
| #2 |
| /// the machine /// TB-Ausbilder    |  Trojan.ADH.2 und Suspicious.Cloud.9 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.02.2014, 18:18
| #3 |
| | Trojan.ADH.2 und Suspicious.Cloud.9FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by **** (administrator) on ****-PC on 14-02-2014 19:16:42
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\WINDOWS\system32\lxdfcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/Mario_Abiball/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/Mario_Abiball/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/Mario_Abiball/components/wmvhdrating.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default
FF DefaultSearchEngine: Wikipedia (de)
FF NetworkProxy: "http", "proxy-1.cojobo.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Flagfox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-02-08]
FF Extension: Domain Details - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013-07-24]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-24]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-05]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-10]
CHR Extension: (uDomainFlag) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklbfdpploakpkdakoielobggbhemlnm [2014-02-10]
CHR Extension: (Norton Identity Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-01-25]
==================== Services (Whitelisted) =================
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252088 2012-08-25] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 lxdfCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\WINDOWS\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [165688 2012-08-25] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140213.002\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140213.033\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140213.033\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-14 19:15 - 2014-02-14 19:17 - 00022458 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-12 20:29 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 20:29 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-02-12 20:29 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 20:29 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 20:29 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 20:29 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-12 20:29 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-02-12 20:29 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-12 20:27 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 20:27 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 20:27 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 20:27 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-08 20:01 - 2014-02-14 19:15 - 00716045 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-08 18:24 - 2014-02-14 15:41 - 00008050 _____ () C:\WINDOWS\PFRO.log
2014-02-08 12:57 - 2014-02-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5
2014-01-16 19:42 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 19:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-16 19:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-16 19:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-16 19:41 - 2014-01-16 19:42 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 19:23 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2014-01-16 19:23 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2014-01-16 19:23 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2014-01-16 19:23 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-01-16 19:23 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-01-16 19:23 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2014-01-16 19:23 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-01-16 19:23 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-01-16 19:23 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-01-16 19:23 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-01-16 19:22 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-16 19:22 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 19:22 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-16 19:22 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 19:22 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
==================== One Month Modified Files and Folders =======
2014-02-14 19:17 - 2014-02-14 19:15 - 00022458 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-14 19:16 - 2013-10-26 09:42 - 00000000 ____D () C:\FRST
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-14 19:15 - 2014-02-08 20:01 - 00716045 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-14 19:13 - 2013-10-23 15:18 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 19:11 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-14 15:54 - 2013-07-24 20:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-14 15:45 - 2013-10-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-02-14 15:42 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-14 15:41 - 2014-02-08 18:24 - 00008050 _____ () C:\WINDOWS\PFRO.log
2014-02-14 15:40 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-14 15:33 - 2013-10-27 17:08 - 00000000 ____D () C:\AdwCleaner
2014-02-14 15:31 - 2013-12-18 17:31 - 00000133 _____ () C:\Users\****\AppData\Roaming\WB.CFG
2014-02-14 15:31 - 2013-10-26 09:31 - 00000306 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-02-14 15:29 - 2013-10-23 15:18 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 21:45 - 2012-11-12 02:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-12 21:45 - 2012-11-12 02:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-12 21:45 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 20:34 - 2013-07-25 12:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 18:25 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-08 16:24 - 2013-07-24 22:12 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-02-08 16:17 - 2013-07-25 09:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-02-08 14:50 - 2014-02-08 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-06 19:32 - 2013-07-25 13:32 - 00000000 ____D () C:\Users\****\Documents\MAGIX_MusicMaker16Premium
2014-02-05 18:54 - 2013-07-24 20:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:30 - 2013-10-23 15:28 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:36 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\****\Documents\Privat
2014-02-03 20:24 - 2013-07-25 01:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713764075-1403762093-349256513-1002
2014-02-03 20:13 - 2013-07-25 01:13 - 00000000 ____D () C:\Users\****
2014-02-03 19:53 - 2013-07-30 16:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\IrfanView
2014-02-03 19:50 - 2013-07-25 09:01 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 19:47 - 2013-07-25 11:38 - 00000000 ____D () C:\Users\****\AppData\Local\Deployment
2014-02-03 19:46 - 2013-07-25 19:56 - 00000000 ____D () C:\Ubisoft
2014-02-03 17:21 - 2013-12-07 21:47 - 00000000 ____D () C:\rads
2014-02-03 17:21 - 2013-07-24 21:36 - 00000000 ____D () C:\Users\****\Desktop\Games
2014-02-03 14:40 - 2013-07-24 20:35 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-02-02 19:47 - 2013-07-25 20:47 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-02 19:47 - 2013-07-25 20:46 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-02 19:45 - 2013-07-25 20:46 - 00291488 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-02-01 19:52 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-02-01 10:20 - 2014-02-12 20:29 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 20:29 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 20:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 22:10 - 2013-11-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:28 - 2013-07-25 20:45 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-01-25 20:59 - 2013-07-25 12:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mp3tag
2014-01-25 16:21 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-01-25 16:16 - 2013-08-27 13:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\dvdcss
2014-01-19 13:23 - 2013-07-25 01:14 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-01-18 14:46 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\.gimp-2.8
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-18 12:47 - 2013-08-02 13:28 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0
2014-01-17 20:12 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5
2014-01-16 20:06 - 2013-10-20 15:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 19:51 - 2013-08-16 12:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 19:51 - 2013-07-24 20:51 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 19:42 - 2014-01-16 19:41 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 19:42 - 2013-07-24 21:32 - 00000000 ____D () C:\Program Files (x86)\Java
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 15:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by **** at 2014-02-14 19:17:04
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Ashampoo Snap 5 v.5.1.5 (x32 Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.05 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EZdrummer Lite Installer (x32 Version: 1.3.1 - Toontrack)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4 - Focusrite Audio Engineering Limited.)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guitar Pro 6 (x32 Version: - Arobas Music)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (x32 Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lexmark 6500 Series (Version: - Lexmark International, Inc.)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 16 Premium (x32 Version: 16.0.0.28 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
Mp3tag v2.57 (x32 Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (x32 Version: 1.0.0.0 - MAGIX AG)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo (x32 Version: 1.3.1 - Toontrack)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update for Zip Extractor (HKCU Version: - ) <==== ATTENTION
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VirtualDJ Home FREE (x32 Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6 - Webocton)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKCU Version: - ) <==== ATTENTION
==================== Restore Points =========================
24-01-2014 20:23:04 Geplanter Prüfpunkt
02-02-2014 14:11:46 Geplanter Prüfpunkt
03-02-2014 18:49:53 Removed League of Legends
12-02-2014 19:29:48 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {17D56BDB-BDA4-4666-A10B-742237168D11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2685B524-6B5A-40D8-92C3-9BC88A7191A6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2BA98B35-B011-42CE-BBDD-BE79E4215036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2F84BFE1-0E57-46BA-B4FB-9F72E9DA0AA5} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {390CDF9B-53E3-44BE-84CE-19E0B2A5867A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {474C0E16-D6AA-466F-9F08-242197394681} - \DigitalSite No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E63B2B-5917-4B36-A508-DCE199A187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {AE80CD1E-1A14-4E09-91B3-E12ED5ABD7FE} - System32\Tasks\FoxTab => C:\Users\****\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B90BD215-7EFC-433C-B6DE-3C6150B602B4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C92E3D90-0771-45A5-B900-8C72C08AAB83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDC0BB9E-6570-42AB-BF35-CA765141157C} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {FB4E5ACD-0921-4EA1-BFFE-DAC2EF4D49E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\****\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-08-31 06:54 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 16:17 - 2012-09-14 03:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-10-04 14:49 - 2007-06-11 18:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-10-04 14:49 - 2007-06-01 13:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2013-06-27 21:12 - 2013-06-27 21:12 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-25 20:45 - 2014-01-25 21:28 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-11-11 18:01 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2013-10-04 14:49 - 2007-05-24 21:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-10-04 14:49 - 2007-05-03 16:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-10-04 14:49 - 2007-03-26 08:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-10-04 14:49 - 2007-06-01 13:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 304
Startzeit: 01cf25c6cf410638
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 5bdc6d45-91ba-11e3-bea1-b888e39448a7
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/09/2014 05:24:28 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c2c
Startzeit: 01cf25b314fa8b3d
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 76c90334-91a6-11e3-bea1-b888e39448a7
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/06/2014 04:19:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5
Error: (02/06/2014 04:19:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5
Error: (02/05/2014 06:21:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lxdfcoms.exe, Version: 1.0.2.0, Zeitstempel: 0x464c9d04
Name des fehlerhaften Moduls: lxdfhbn3.dll, Version: 1.0.2.0, Zeitstempel: 0x464c9d06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005fc13
ID des fehlerhaften Prozesses: 0x4b0
Startzeit der fehlerhaften Anwendung: 0xlxdfcoms.exe0
Pfad der fehlerhaften Anwendung: lxdfcoms.exe1
Pfad des fehlerhaften Moduls: lxdfcoms.exe2
Berichtskennung: lxdfcoms.exe3
Vollständiger Name des fehlerhaften Pakets: lxdfcoms.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: lxdfcoms.exe5
Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (01/25/2014 02:08:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0, Zeitstempel: 0x5199de21
Name des fehlerhaften Moduls: RSECore.dll, Version: 0.0.0.0, Zeitstempel: 0x5199daa6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056708
ID des fehlerhaften Prozesses: 0x1654
Startzeit der fehlerhaften Anwendung: 0xGuitarPro.exe0
Pfad der fehlerhaften Anwendung: GuitarPro.exe1
Pfad des fehlerhaften Moduls: GuitarPro.exe2
Berichtskennung: GuitarPro.exe3
Vollständiger Name des fehlerhaften Pakets: GuitarPro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GuitarPro.exe5
System errors:
=============
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 04:18:21 PM) (Source: DCOM) (User: ****-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (02/05/2014 06:21:42 PM) (Source: Service Control Manager) (User: )
Description: Dienst "lxdf_device" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/01/2014 05:33:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642030401cf25c6cf4106384294967295C:\WINDOWS\system32\wwahost.exe5bdc6d45-91ba-11e3-bea1-b888e39448a7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
Error: (02/09/2014 05:24:28 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420c2c01cf25b314fa8b3d4294967295C:\WINDOWS\system32\wwahost.exe76c90334-91a6-11e3-bea1-b888e39448a7Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbweApp
Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe
Error: (02/06/2014 04:19:48 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000041d00805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1da345f3-8f42-11e3-be9f-b888e39448a7
Error: (02/06/2014 04:19:43 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000000500805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1a4077b1-8f42-11e3-be9f-b888e39448a7
Error: (02/05/2014 06:21:04 PM) (Source: Application Error)(User: )
Description: lxdfcoms.exe1.0.2.0464c9d04lxdfhbn3.dll1.0.2.0464c9d06c0000005000000000005fc134b001cf1f6785be3db9C:\WINDOWS\system32\lxdfcoms.exeC:\WINDOWS\system32\lxdfhbn3.dlle3e94d9d-8e89-11e3-be9f-b888e39448a7
Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (01/25/2014 02:08:04 PM) (Source: Application Error)(User: )
Description: GuitarPro.exe0.0.0.05199de21RSECore.dll0.0.0.05199daa6c000000500056708165401cf19c1fe05c357C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\Program Files (x86)\Guitar Pro 6\RSECore.dllb926ec33-85c1-11e3-be9e-b888e39448a7
CodeIntegrity Errors:
===================================
Date: 2014-02-08 16:17:52.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 18:35:37.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 18:31:00.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 21:24:12.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 21:02:14.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 17:34:35.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-29 20:33:16.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-26 13:52:16.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-26 12:17:43.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-25 21:10:12.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8057.77 MB
Available physical RAM: 5966 MB
Total Pagefile: 9273.77 MB
Available Pagefile: 7094.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:542.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 38E90BD1)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
15.02.2014, 17:01
| #4 |
| /// the machine /// TB-Ausbilder | Trojan.ADH.2 und Suspicious.Cloud.9 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.02.2014, 12:34
| #5 |
| | Trojan.ADH.2 und Suspicious.Cloud.9 1. AdwCleaner: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 13:13:06
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : **** - ****-PC
# Gestartet von : C:\Users\****\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2218 octets] - [27/10/2013 17:08:51]
AdwCleaner[R1].txt - [1318 octets] - [08/02/2014 18:23:03]
AdwCleaner[R2].txt - [1249 octets] - [14/02/2014 15:32:54]
AdwCleaner[R3].txt - [1370 octets] - [16/02/2014 13:12:43]
AdwCleaner[S0].txt - [2021 octets] - [27/10/2013 17:10:41]
AdwCleaner[S1].txt - [1379 octets] - [08/02/2014 18:23:49]
AdwCleaner[S2].txt - [1311 octets] - [14/02/2014 15:33:46]
AdwCleaner[S3].txt - [1291 octets] - [16/02/2014 13:13:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1351 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by **** on 16.02.2014 at 13:21:45,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2014 at 13:26:13,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by **** (administrator) on ****-PC on 16-02-2014 13:28:43
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\WINDOWS\system32\lxdfcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/Mario_Abiball/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/Mario_Abiball/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/Mario_Abiball/components/wmvhdrating.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default
FF DefaultSearchEngine: Wikipedia (de)
FF NetworkProxy: "http", "proxy-1.cojobo.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Flagfox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-02-08]
FF Extension: Domain Details - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013-07-24]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-24]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-05]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-10]
CHR Extension: (uDomainFlag) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklbfdpploakpkdakoielobggbhemlnm [2014-02-10]
CHR Extension: (Norton Identity Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-01-25]
==================== Services (Whitelisted) =================
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252088 2012-08-25] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 lxdfCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\WINDOWS\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [165688 2012-08-25] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140214.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140215.007\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140215.007\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-14 19:17 - 2014-02-14 19:17 - 00032439 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-14 19:15 - 2014-02-16 13:29 - 00022222 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-12 20:30 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 20:30 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 20:29 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 20:29 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-02-12 20:29 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 20:29 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 20:29 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 20:29 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-12 20:29 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-02-12 20:29 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-12 20:27 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 20:27 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 20:27 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 20:27 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-08 12:57 - 2014-02-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5
==================== One Month Modified Files and Folders =======
2014-02-16 13:29 - 2014-02-14 19:15 - 00022222 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-16 13:29 - 2013-10-23 15:18 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 13:28 - 2013-10-26 09:42 - 00000000 ____D () C:\FRST
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:17 - 2013-10-23 15:18 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 13:17 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-16 13:16 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-16 13:15 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-16 13:13 - 2013-10-27 17:08 - 00000000 ____D () C:\AdwCleaner
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-16 13:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-16 12:54 - 2013-07-24 20:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-15 16:31 - 2013-10-26 09:31 - 00000306 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-02-15 16:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-15 15:59 - 2013-10-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-02-14 19:17 - 2014-02-14 19:17 - 00032439 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-14 19:15 - 2014-02-14 19:15 - 02152960 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-14 15:31 - 2013-12-18 17:31 - 00000133 _____ () C:\Users\****\AppData\Roaming\WB.CFG
2014-02-12 21:45 - 2012-11-12 02:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-12 21:45 - 2012-11-12 02:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-12 21:45 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 20:34 - 2013-07-25 12:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 16:24 - 2013-07-24 22:12 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-02-08 16:17 - 2013-07-25 09:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-02-08 14:50 - 2014-02-08 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-06 19:32 - 2013-07-25 13:32 - 00000000 ____D () C:\Users\****\Documents\MAGIX_MusicMaker16Premium
2014-02-05 18:54 - 2013-07-24 20:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:30 - 2013-10-23 15:28 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:36 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\****\Documents\Privat
2014-02-03 20:24 - 2013-07-25 01:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713764075-1403762093-349256513-1002
2014-02-03 20:13 - 2013-07-25 01:13 - 00000000 ____D () C:\Users\****
2014-02-03 19:53 - 2013-07-30 16:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\IrfanView
2014-02-03 19:50 - 2013-07-25 09:01 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 19:47 - 2013-07-25 11:38 - 00000000 ____D () C:\Users\****\AppData\Local\Deployment
2014-02-03 19:46 - 2013-07-25 19:56 - 00000000 ____D () C:\Ubisoft
2014-02-03 17:21 - 2013-12-07 21:47 - 00000000 ____D () C:\rads
2014-02-03 17:21 - 2013-07-24 21:36 - 00000000 ____D () C:\Users\****\Desktop\Games
2014-02-03 14:40 - 2013-07-24 20:35 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-02-02 19:47 - 2013-07-25 20:47 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-02 19:47 - 2013-07-25 20:46 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-02 19:45 - 2013-07-25 20:46 - 00291488 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-02-01 10:20 - 2014-02-12 20:29 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 20:29 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 20:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 22:10 - 2013-11-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:28 - 2013-07-25 20:45 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-01-25 20:59 - 2013-07-25 12:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mp3tag
2014-01-25 16:21 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-01-25 16:16 - 2013-08-27 13:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\dvdcss
2014-01-19 13:23 - 2013-07-25 01:14 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-01-18 14:46 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\.gimp-2.8
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-18 12:47 - 2013-08-02 13:28 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0
2014-01-17 20:12 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-17 19:13 - 2014-01-17 19:13 - 00078296 _____ () C:\Users\****\Downloads\zebrahead_hell_yeah.gp5
2014-01-17 19:04 - 2014-01-17 19:04 - 00034051 _____ () C:\Users\****\Downloads\zebrahead_call_your_friends.gp5
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 15:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by **** at 2014-02-16 13:29:12
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Ashampoo Snap 5 v.5.1.5 (x32 Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.05 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EZdrummer Lite Installer (x32 Version: 1.3.1 - Toontrack)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4 - Focusrite Audio Engineering Limited.)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guitar Pro 6 (x32 Version: - Arobas Music)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (x32 Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lexmark 6500 Series (Version: - Lexmark International, Inc.)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 16 Premium (x32 Version: 16.0.0.28 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
Mp3tag v2.57 (x32 Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (x32 Version: 1.0.0.0 - MAGIX AG)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo (x32 Version: 1.3.1 - Toontrack)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update for Zip Extractor (HKCU Version: - ) <==== ATTENTION
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VirtualDJ Home FREE (x32 Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6 - Webocton)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKCU Version: - ) <==== ATTENTION
==================== Restore Points =========================
24-01-2014 20:23:04 Geplanter Prüfpunkt
02-02-2014 14:11:46 Geplanter Prüfpunkt
03-02-2014 18:49:53 Removed League of Legends
12-02-2014 19:29:48 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {17D56BDB-BDA4-4666-A10B-742237168D11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2685B524-6B5A-40D8-92C3-9BC88A7191A6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2BA98B35-B011-42CE-BBDD-BE79E4215036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2F84BFE1-0E57-46BA-B4FB-9F72E9DA0AA5} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {390CDF9B-53E3-44BE-84CE-19E0B2A5867A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {474C0E16-D6AA-466F-9F08-242197394681} - \DigitalSite No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E63B2B-5917-4B36-A508-DCE199A187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {AE80CD1E-1A14-4E09-91B3-E12ED5ABD7FE} - System32\Tasks\FoxTab => C:\Users\****\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B90BD215-7EFC-433C-B6DE-3C6150B602B4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C92E3D90-0771-45A5-B900-8C72C08AAB83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDC0BB9E-6570-42AB-BF35-CA765141157C} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {FB4E5ACD-0921-4EA1-BFFE-DAC2EF4D49E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\****\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-08-31 06:54 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 16:17 - 2012-09-14 03:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-10-04 14:49 - 2007-06-11 18:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-10-04 14:49 - 2007-06-01 13:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-04 14:49 - 2007-05-24 21:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-10-04 14:49 - 2007-05-03 16:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-10-04 14:49 - 2007-03-26 08:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-10-04 14:49 - 2007-06-01 13:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 304
Startzeit: 01cf25c6cf410638
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 5bdc6d45-91ba-11e3-bea1-b888e39448a7
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/09/2014 05:24:28 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c2c
Startzeit: 01cf25b314fa8b3d
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 76c90334-91a6-11e3-bea1-b888e39448a7
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/06/2014 04:19:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5
Error: (02/06/2014 04:19:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Name des fehlerhaften Moduls: MusicMaker.exe, Version: 16.0.5.0, Zeitstempel: 0x4db97284
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00805ebb
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xMusicMaker.exe0
Pfad der fehlerhaften Anwendung: MusicMaker.exe1
Pfad des fehlerhaften Moduls: MusicMaker.exe2
Berichtskennung: MusicMaker.exe3
Vollständiger Name des fehlerhaften Pakets: MusicMaker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MusicMaker.exe5
Error: (02/05/2014 06:21:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lxdfcoms.exe, Version: 1.0.2.0, Zeitstempel: 0x464c9d04
Name des fehlerhaften Moduls: lxdfhbn3.dll, Version: 1.0.2.0, Zeitstempel: 0x464c9d06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005fc13
ID des fehlerhaften Prozesses: 0x4b0
Startzeit der fehlerhaften Anwendung: 0xlxdfcoms.exe0
Pfad der fehlerhaften Anwendung: lxdfcoms.exe1
Pfad des fehlerhaften Moduls: lxdfcoms.exe2
Berichtskennung: lxdfcoms.exe3
Vollständiger Name des fehlerhaften Pakets: lxdfcoms.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: lxdfcoms.exe5
Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (01/25/2014 02:08:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0, Zeitstempel: 0x5199de21
Name des fehlerhaften Moduls: RSECore.dll, Version: 0.0.0.0, Zeitstempel: 0x5199daa6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056708
ID des fehlerhaften Prozesses: 0x1654
Startzeit der fehlerhaften Anwendung: 0xGuitarPro.exe0
Pfad der fehlerhaften Anwendung: GuitarPro.exe1
Pfad des fehlerhaften Moduls: GuitarPro.exe2
Berichtskennung: GuitarPro.exe3
Vollständiger Name des fehlerhaften Pakets: GuitarPro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GuitarPro.exe5
System errors:
=============
Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 04:18:21 PM) (Source: DCOM) (User: ****-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Microsoft Office Sessions:
=========================
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642030401cf25c6cf4106384294967295C:\WINDOWS\system32\wwahost.exe5bdc6d45-91ba-11e3-bea1-b888e39448a7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
Error: (02/09/2014 05:24:28 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420c2c01cf25b314fa8b3d4294967295C:\WINDOWS\system32\wwahost.exe76c90334-91a6-11e3-bea1-b888e39448a7Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbweApp
Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe
Error: (02/06/2014 04:19:48 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000041d00805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1da345f3-8f42-11e3-be9f-b888e39448a7
Error: (02/06/2014 04:19:43 PM) (Source: Application Error)(User: )
Description: MusicMaker.exe16.0.5.04db97284MusicMaker.exe16.0.5.04db97284c000000500805ebb185401cf2344884391d6C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exeC:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe1a4077b1-8f42-11e3-be9f-b888e39448a7
Error: (02/05/2014 06:21:04 PM) (Source: Application Error)(User: )
Description: lxdfcoms.exe1.0.2.0464c9d04lxdfhbn3.dll1.0.2.0464c9d06c0000005000000000005fc134b001cf1f6785be3db9C:\WINDOWS\system32\lxdfcoms.exeC:\WINDOWS\system32\lxdfhbn3.dlle3e94d9d-8e89-11e3-be9f-b888e39448a7
Error: (02/03/2014 08:07:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (02/02/2014 06:19:54 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (01/25/2014 02:08:04 PM) (Source: Application Error)(User: )
Description: GuitarPro.exe0.0.0.05199de21RSECore.dll0.0.0.05199daa6c000000500056708165401cf19c1fe05c357C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exeC:\Program Files (x86)\Guitar Pro 6\RSECore.dllb926ec33-85c1-11e3-be9e-b888e39448a7
CodeIntegrity Errors:
===================================
Date: 2014-02-08 16:17:52.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 18:35:37.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 18:31:00.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 21:24:12.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 21:02:14.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 17:34:35.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-29 20:33:16.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-26 13:52:16.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-26 12:17:43.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-25 21:10:12.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8057.77 MB
Available physical RAM: 5938.97 MB
Total Pagefile: 9273.77 MB
Available Pagefile: 7083.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:542.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 38E90BD1)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
17.02.2014, 12:17
| #6 |
| /// the machine /// TB-Ausbilder | Trojan.ADH.2 und Suspicious.Cloud.9ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Trojan.ADH.2 und Suspicious.Cloud.9 |
|
17.02.2014, 18:17
| #7 |
| | Trojan.ADH.2 und Suspicious.Cloud.9 ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=42603a2ad0872e429706459505b4721a
# engine=17105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 06:05:42
# local_time=2014-02-17 07:05:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 83 88 791125 155256927 0 0
# compatibility_mode=5893 16776574 100 94 15836845 52166453 0 0
# scanned=415368
# found=0
# cleaned=0
# scan_time=10560
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Norton Internet Security CBE WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.44 Adobe Reader XI Mozilla Firefox 25.0.1 Firefox out of Date! Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by **** (administrator) on ****-PC on 17-02-2014 19:14:20
Running from C:\Users\****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\WINDOWS\system32\lxdfcoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
() C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [lxdfmon.exe] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe [455600 2007-06-11] ()
HKLM\...\Run: [lxdfamon] - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe [20480 2007-06-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [IntellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lexmark 6500 Series] - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe [308144 2007-06-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3713764075-1403762093-349256513-1002\...\Run: [RESTART_STICKY_NOTES] - C:\WINDOWS\system32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {E94F6640-DF04-4C3A-9ABD-D8246A05E733} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/Mario_Abiball/components/hidinputmonitorx.ocx
DPF: HKLM-x32 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/Mario_Abiball/components/A9.ocx
DPF: HKLM-x32 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/Mario_Abiball/components/wmvhdrating.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default
FF DefaultSearchEngine: Wikipedia (de)
FF NetworkProxy: "http", "proxy-1.cojobo.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\ich@maltegoetz.de [2014-02-08]
FF Extension: Flagfox - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-02-08]
FF Extension: Domain Details - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013-07-24]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Firebug - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-24]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-05]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\2zjds9a1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-11-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-10]
CHR Extension: (uDomainFlag) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklbfdpploakpkdakoielobggbhemlnm [2014-02-10]
CHR Extension: (Norton Identity Protection) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\****\AppData\Local\foxtab_speeddial.crx [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-25]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-01-25]
==================== Services (Whitelisted) =================
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252088 2012-08-25] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 lxdfCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [33712 2007-05-29] (Lexmark International, Inc.)
R2 lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [1053104 2007-05-29] ( )
R2 lxdf_device; C:\WINDOWS\SysWOW64\lxdfcoms.exe [598960 2007-05-29] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [165688 2012-08-25] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\IPSDefs\20140214.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140217.001\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security CBE\NortonData\21.0.0.100\Definitions\VirusDefs\20140217.001\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2014-02-17 19:10 - 2014-02-17 19:10 - 00987425 _____ () C:\Users\****\Downloads\SecurityCheck.exe
2014-02-16 16:37 - 2014-02-16 16:37 - 00051165 _____ () C:\Users\****\Downloads\prodigy_invaders_must_die.gp5
2014-02-16 14:18 - 2014-02-17 18:06 - 00140757 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-14 19:17 - 2014-02-16 13:29 - 00032133 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-14 19:15 - 2014-02-17 19:14 - 02152448 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-14 19:15 - 2014-02-17 19:14 - 00022469 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-12 20:30 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 20:30 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 20:29 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 20:29 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-12 20:29 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 20:29 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 20:29 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 20:29 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 20:29 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-02-12 20:29 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 20:29 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 20:29 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 20:29 - 2013-11-27 01:19 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-12 20:29 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-02-12 20:29 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-12 20:27 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 20:27 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 20:27 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 20:27 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-08 12:57 - 2014-02-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
2014-02-17 19:14 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2014-02-17 19:14 - 2014-02-14 19:15 - 02152448 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2014-02-17 19:14 - 2014-02-14 19:15 - 00022469 _____ () C:\Users\****\Downloads\FRST.txt
2014-02-17 19:14 - 2013-10-26 09:42 - 00000000 ____D () C:\FRST
2014-02-17 19:10 - 2014-02-17 19:10 - 00987425 _____ () C:\Users\****\Downloads\SecurityCheck.exe
2014-02-17 19:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-17 18:54 - 2013-07-24 20:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-17 18:31 - 2013-10-26 09:31 - 00000306 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-02-17 18:29 - 2013-10-23 15:18 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 18:06 - 2014-02-16 14:18 - 00140757 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-17 17:55 - 2013-08-16 12:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-17 17:53 - 2013-07-24 20:51 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-17 16:42 - 2013-10-04 14:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 6500 Series
2014-02-17 16:08 - 2012-11-12 02:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-17 16:08 - 2012-11-12 02:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-17 16:08 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-17 15:46 - 2013-10-23 15:18 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 16:37 - 2014-02-16 16:37 - 00051165 _____ () C:\Users\****\Downloads\prodigy_invaders_must_die.gp5
2014-02-16 13:29 - 2014-02-14 19:17 - 00032133 _____ () C:\Users\****\Downloads\Addition.txt
2014-02-16 13:26 - 2014-02-16 13:26 - 00000678 _____ () C:\Users\****\Desktop\JRT.txt
2014-02-16 13:17 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-16 13:16 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-16 13:15 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-16 13:13 - 2013-10-27 17:08 - 00000000 ____D () C:\AdwCleaner
2014-02-16 13:12 - 2014-02-16 13:12 - 01166132 _____ () C:\Users\****\Downloads\adwcleaner.exe
2014-02-16 13:04 - 2014-02-16 13:04 - 01037530 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2014-02-15 16:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-14 15:31 - 2013-12-18 17:31 - 00000133 _____ () C:\Users\****\AppData\Roaming\WB.CFG
2014-02-12 20:34 - 2013-07-25 12:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 16:24 - 2013-07-24 22:12 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-02-08 16:17 - 2013-07-25 09:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-02-08 14:50 - 2014-02-08 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:57 - 2014-02-08 12:57 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:57 - 2014-02-08 12:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2014-02-08 12:56 - 2014-02-08 12:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:54 - 2014-02-08 12:54 - 00001354 _____ () C:\Users\****\Desktop\Norton_Scan_8-2-14.txt
2014-02-07 22:00 - 2014-02-07 22:00 - 00012781 _____ () C:\Users\****\Desktop\sum_41_screaming_bloody_murder.mid
2014-02-06 19:32 - 2013-07-25 13:32 - 00000000 ____D () C:\Users\****\Documents\MAGIX_MusicMaker16Premium
2014-02-05 18:54 - 2013-07-24 20:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:30 - 2013-10-23 15:28 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 16:36 - 2013-07-24 21:30 - 00000000 ____D () C:\Users\****\Documents\Privat
2014-02-03 20:24 - 2013-07-25 01:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713764075-1403762093-349256513-1002
2014-02-03 20:13 - 2013-07-25 01:13 - 00000000 ____D () C:\Users\****
2014-02-03 19:53 - 2013-07-30 16:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\IrfanView
2014-02-03 19:50 - 2013-07-25 09:01 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-02-03 19:47 - 2013-07-25 11:38 - 00000000 ____D () C:\Users\****\AppData\Local\Deployment
2014-02-03 19:46 - 2013-07-25 19:56 - 00000000 ____D () C:\Ubisoft
2014-02-03 17:21 - 2013-12-07 21:47 - 00000000 ____D () C:\rads
2014-02-03 17:21 - 2013-07-24 21:36 - 00000000 ____D () C:\Users\****\Desktop\Games
2014-02-03 14:40 - 2013-07-24 20:35 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-02-02 19:47 - 2013-07-25 20:47 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-02 19:47 - 2013-07-25 20:46 - 00291760 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-02 19:45 - 2013-07-25 20:46 - 00291488 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-02-01 17:17 - 2014-02-01 17:17 - 00000000 ____D () C:\Users\****\AppData\Local\NPE
2014-02-01 10:20 - 2014-02-12 20:29 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 20:29 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 19274240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 15403520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 20:29 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 14359040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 20:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 20:29 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 20:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-01-30 22:10 - 2013-11-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 21:28 - 2013-07-25 20:45 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-01-25 20:59 - 2013-07-25 12:05 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mp3tag
2014-01-25 16:21 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-01-25 16:16 - 2013-08-27 13:39 - 00000000 ____D () C:\Users\****\AppData\Roaming\dvdcss
2014-01-19 13:23 - 2013-07-25 01:14 - 00000000 ____D () C:\Users\****\AppData\Local\Packages
2014-01-18 14:46 - 2013-07-24 22:51 - 00000000 ____D () C:\Users\****\.gimp-2.8
2014-01-18 12:47 - 2014-01-18 12:47 - 00002257 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-01-18 12:47 - 2013-08-02 13:28 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\upd.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-17 17:53
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by **** at 2014-02-17 19:15:10
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security CBE (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Ashampoo Snap 5 v.5.1.5 (x32 Version: 5.1.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: 2.11 Beta1 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
CCleaner (Version: 4.05 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (x32 Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EZdrummer Lite Installer (x32 Version: 1.3.1 - Toontrack)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0 - MAGIX AG)
Focusrite USB 2.0 Audio Driver 2.4 (Version: 2.4 - Focusrite Audio Engineering Limited.)
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guitar Pro 6 (x32 Version: - Arobas Music)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.2000.1462 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (x32 Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lexmark 6500 Series (Version: - Lexmark International, Inc.)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8 - MAGIX AG)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 16 Premium (x32 Version: 16.0.0.28 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (x32 Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Premium 9.0.0.54 (D) (x32 Version: 9.0.0.54 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla)
Mp3tag v2.57 (x32 Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Internet Security CBE (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (x32 Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (x32 Version: 1.0.0.0 - MAGIX AG)
Scarlett Plug-in Suite 1.4 (x32 Version: 1.4 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo (x32 Version: 1.3.1 - Toontrack)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update for Zip Extractor (HKCU Version: - ) <==== ATTENTION
UserGuide (x32 Version: 1.0.0.9 - Lenovo)
VirtualDJ Home FREE (x32 Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6 - Webocton)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKCU Version: - ) <==== ATTENTION
==================== Restore Points =========================
24-01-2014 20:23:04 Geplanter Prüfpunkt
02-02-2014 14:11:46 Geplanter Prüfpunkt
03-02-2014 18:49:53 Removed League of Legends
12-02-2014 19:29:48 Windows Update
17-02-2014 16:51:20 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {17D56BDB-BDA4-4666-A10B-742237168D11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2685B524-6B5A-40D8-92C3-9BC88A7191A6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2BA98B35-B011-42CE-BBDD-BE79E4215036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {2F84BFE1-0E57-46BA-B4FB-9F72E9DA0AA5} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {390CDF9B-53E3-44BE-84CE-19E0B2A5867A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {474C0E16-D6AA-466F-9F08-242197394681} - \DigitalSite No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8E63B2B-5917-4B36-A508-DCE199A187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {AE80CD1E-1A14-4E09-91B3-E12ED5ABD7FE} - System32\Tasks\FoxTab => C:\Users\****\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B90BD215-7EFC-433C-B6DE-3C6150B602B4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C92E3D90-0771-45A5-B900-8C72C08AAB83} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EDC0BB9E-6570-42AB-BF35-CA765141157C} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {FB4E5ACD-0921-4EA1-BFFE-DAC2EF4D49E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\****\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-07-25 11:06 - 2013-07-25 11:07 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-31 06:54 - 2012-08-24 00:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-04 14:49 - 2007-06-11 18:53 - 00455600 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe
2013-07-26 16:17 - 2012-09-14 03:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2013-10-04 14:49 - 2007-06-01 13:06 - 00020480 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-11 17:54 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-04 14:49 - 2007-05-24 21:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfscw.dll
2013-10-04 14:49 - 2007-05-03 16:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfdatr.dll
2013-10-04 14:49 - 2007-03-26 08:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 6500 Series\lxdfcats.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00028672 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Common.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00036864 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.Monitor.Core.dll
2013-10-04 14:49 - 2007-06-08 09:52 - 00057344 _____ () C:\Program Files (x86)\Lexmark 6500 Series\app4r.devmons.mcmdevmon.dll
2013-10-04 14:49 - 2007-06-01 13:06 - 00011776 _____ () C:\Program Files (x86)\Lexmark 6500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 21:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 21:30 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/17/2014 07:06:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (02/17/2014 06:26:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (02/17/2014 04:08:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (02/17/2014 04:08:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (02/17/2014 04:08:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (02/17/2014 04:08:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 304
Startzeit: 01cf25c6cf410638
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 5bdc6d45-91ba-11e3-bea1-b888e39448a7
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/09/2014 05:24:28 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c2c
Startzeit: 01cf25b314fa8b3d
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: 76c90334-91a6-11e3-bea1-b888e39448a7
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ****-PC)
Description: Das Paket „Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.
System errors:
=============
Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/16/2014 01:16:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/14/2014 03:42:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 06:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2014 06:25:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/08/2014 04:20:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdfCATSCustConnectService erreicht.
Error: (02/08/2014 04:18:21 PM) (Source: DCOM) (User: ****-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Microsoft Office Sessions:
=========================
Error: (02/17/2014 07:06:52 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/17/2014 06:26:53 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/17/2014 04:08:06 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe
Error: (02/17/2014 04:08:05 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe
Error: (02/17/2014 04:08:00 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe
Error: (02/17/2014 04:08:00 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\****\Pictures\Screenshots\esetsmartinstaller_enu.exe
Error: (02/09/2014 07:45:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.1642030401cf25c6cf4106384294967295C:\WINDOWS\system32\wwahost.exe5bdc6d45-91ba-11e3-bea1-b888e39448a7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
Error: (02/09/2014 07:45:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
Error: (02/09/2014 05:24:28 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420c2c01cf25b314fa8b3d4294967295C:\WINDOWS\system32\wwahost.exe76c90334-91a6-11e3-bea1-b888e39448a7Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbweApp
Error: (02/09/2014 05:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ****-PC)
Description: Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe
CodeIntegrity Errors:
===================================
Date: 2014-02-08 16:17:52.636
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 18:35:37.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-06 18:31:00.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 21:24:12.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 21:02:14.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-01 17:34:35.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-29 20:33:16.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-26 13:52:16.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-26 12:17:43.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-25 21:10:12.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8057.77 MB
Available physical RAM: 5270.29 MB
Total Pagefile: 9273.77 MB
Available Pagefile: 6375.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:541.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:726.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 38E90BD1)
Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5E47A00E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ist soweit alles wieder clean? Was war diese cloud.9 eigentlich? Virus oder Adware? |
|
18.02.2014, 12:05
| #8 |
| /// the machine /// TB-Ausbilder | Trojan.ADH.2 und Suspicious.Cloud.9 Adware Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.02.2014, 19:48
| #9 |
| | Trojan.ADH.2 und Suspicious.Cloud.9 Alles klar Vielen vielen Dank für deine Hilfe !!!! |
|
19.02.2014, 15:30
| #10 |
| /// the machine /// TB-Ausbilder | Trojan.ADH.2 und Suspicious.Cloud.9 Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojan.ADH.2 und Suspicious.Cloud.9 |
| 32 bit, adware, appdata, browser, cloud, code, computer, datei, dateien, forum, google, helper, hilfe!, infizierte, install.exe, internet, log, löschen, malwarebytes, microsoft, neu, norton, programme, software, suche, surfen, suspicious, suspicious.cloud.9, temp, trojaner, windows |
