Moin cosinus,
leider war mir nicht bewusst wie die Files innerhalb des Threads gepostet werden, nun aber: 1. defogger_disable.log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:07 on 03/11/2013 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- 2. FRST.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by ***** (administrator) on *****-PC on 03-11-2013 22:32:06
Running from C:\Users\*****\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) G:\Starmoney_8_NEU\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [Del1208867] - cmd.exe /Q /D /c del "C:\Users\*****\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Runonce: [Del1208867] - cmd.exe /Q /D /c del "C:\Users\*****\AppData\Local\Temp\0.del"
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: D - D:\MSsetup.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\migra\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-09] (Google Inc.)
HKU\migra\...\Run: [AdobeBridge] - [x]
HKU\migra\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\migra\...\Policies\system: [LogonHoursAction] 2
HKU\migra\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: [0 ] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A4918739841CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM - {39DE6E8C-5D81-9B47-1B5E-7459A28AD3CE} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCyD0A0EzyzzyBzytB0F0DtN0D0Tzu0CyDtCtAtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu1O1L1I1PtF1F1C1N1V0A1Q1F1S1P&cr=2129080208&ir=
SearchScopes: HKLM-x32 - {39DE6E8C-5D81-9B47-1B5E-7459A28AD3CE} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=SearchooD&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyCyD0A0EzyzzyBzytB0F0DtN0D0Tzu0CyDtCtAtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu1O1L1I1PtF1F1C1N1V0A1Q1F1S1P&cr=2129080208&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {368F608B-D7BB-4793-9228-024847BB993D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN21588204201146044&UM=1
SearchScopes: HKCU - {39DE6E8C-5D81-9B47-1B5E-7459A28AD3CE} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\Extensions\firefox@batbrowse.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Norton Identity Protection) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 HPSLPSVC; C:\Users\*****\AppData\Local\Temp\7zS7F93\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 StarMoney 8.0 OnlineUpdate; G:\Starmoney_8_NEU\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 Apache2.4; "F:\xampp\apache\bin\httpd.exe" -k runservice [x]
S2 FileZillaServer; "F:\xampp\filezillaftp\filezillaserver.exe" [x]
S2 mysql; F:\xampp\mysql\bin\mysqld.exe --defaults-file=f:\xampp\mysql\bin\my.ini mysql
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-23] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-08] (GFI Software)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1557248 2010-04-09] (Creative Technology Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20131102.007\ENG64.SYS [126040 2013-09-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20131102.007\EX64.SYS [2099288 2013-09-23] (Symantec Corporation)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2013-11-03] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
U3 DfSdkS;
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-03 22:31 - 2013-11-03 22:31 - 00000000 ____D C:\FRST
2013-11-03 22:31 - 2013-11-03 22:30 - 01957098 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-11-03 22:24 - 2013-11-03 22:24 - 00000000 ____D C:\Users\*****\AppData\Local\PackageAware
2013-11-03 22:07 - 2013-11-03 22:07 - 00000476 _____ C:\Users\*****\Downloads\defogger_disable.log
2013-11-03 22:07 - 2013-11-03 22:07 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-11-03 22:06 - 2013-11-03 22:06 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-11-03 22:01 - 2013-11-03 22:01 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\*****\Downloads\fdminst_3.9.3.1360.exe
2013-11-03 21:56 - 2013-11-03 21:56 - 00000096 _____ C:\Users\*****\AppData\Roaming\WB.CFG
2013-11-03 21:56 - 2013-11-03 21:56 - 00000006 _____ C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-11-03 19:28 - 2013-11-03 22:23 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-03 19:28 - 2013-11-03 19:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\DigitalSite
2013-11-03 19:26 - 2013-11-03 19:26 - 00752096 _____ C:\Users\*****\Downloads\ZipExtractorSetup.exe
2013-11-03 19:16 - 2013-11-03 22:28 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner
2013-11-03 19:08 - 2013-11-03 19:09 - 00000020 _____ C:\Windows\system32\Drivers\SMR410.dat
2013-11-03 19:08 - 2013-11-03 19:08 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2013-11-03 07:24 - 2013-11-03 07:24 - 00002026 _____ C:\Users\migra\Desktop\Anpassen Fences.lnk
2013-11-03 07:23 - 2013-11-03 07:23 - 00000000 ____D C:\Users\migra\AppData\Roaming\Stardock
2013-11-02 23:19 - 2013-11-03 22:10 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-31 23:42 - 2013-10-31 23:42 - 01909356 _____ C:\Users\*****\Downloads\com_matukio-2.2.4.zip
2013-10-31 23:21 - 2013-10-31 23:21 - 00238413 _____ C:\Users\*****\Downloads\com_easybookreloaded_v2.5-6.zip
2013-10-30 10:53 - 2013-10-30 10:53 - 00000000 ____D C:\Windows\Sun
2013-10-30 10:53 - 2013-10-30 10:53 - 00000000 ____D C:\ProgramData\Oracle
2013-10-30 10:52 - 2013-10-30 10:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-30 10:52 - 2013-10-30 10:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-30 10:52 - 2013-10-30 10:52 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-30 10:52 - 2013-10-30 10:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-30 10:52 - 2013-10-30 10:52 - 00000000 ____D C:\ProgramData\Sun
2013-10-30 10:52 - 2013-10-30 10:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-30 10:51 - 2013-10-30 10:51 - 00915368 _____ (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-10-27 23:04 - 2013-10-27 23:03 - 01060070 _____ C:\Users\*****\Downloads\adwcleaner-3.010.exe
2013-10-19 10:06 - 2013-10-19 21:01 - 00040290 _____ C:\Users\*****\Documents\MitgliederArbeitsdienstkontoÜbersicht.xls
2013-10-18 07:49 - 2013-10-18 07:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-10-17 06:09 - 2013-10-17 06:09 - 00000355 _____ C:\Users\*****\Desktop\Computer.lnk
2013-10-16 11:37 - 2013-10-16 11:37 - 00000000 ____D C:\ProgramData\McAfee
2013-10-16 00:13 - 2013-10-16 00:13 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-16 00:13 - 2011-04-22 01:17 - 00471144 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-10-16 00:13 - 2011-04-22 01:17 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-10-16 00:13 - 2011-04-22 01:17 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2013-10-16 00:06 - 2011-12-14 00:44 - 00056448 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2013-10-15 20:01 - 2013-10-15 20:01 - 00000000 ____D C:\Program Files (x86)\Etron Technology
2013-10-15 19:19 - 2013-10-15 19:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-10-14 07:11 - 2013-11-03 22:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-14 07:11 - 2013-10-17 06:08 - 12576792 _____ (Malwarebytes Corp.) C:\Users\*****\Downloads\mbar-1.07.0.1007.exe
2013-10-11 07:18 - 2013-10-11 07:18 - 00000000 ____D C:\Users\*****\Documents\Telltale Games
2013-10-11 07:17 - 2013-10-11 07:17 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-11 07:17 - 2013-10-11 07:17 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment
2013-10-09 22:16 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 22:16 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 22:16 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 22:16 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 22:16 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 22:16 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 22:16 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 22:16 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 22:16 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 22:16 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 22:16 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 22:16 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 22:15 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 22:15 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:15 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 19:56 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 19:56 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 19:56 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 19:56 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 19:56 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 19:56 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 19:56 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 19:56 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 19:56 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 19:56 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 19:56 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 19:56 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 19:56 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 19:56 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 19:56 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 19:56 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 19:56 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 19:56 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 19:56 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 19:56 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 19:56 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 19:56 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 19:56 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 19:56 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 19:56 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 19:56 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 19:56 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 19:56 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 19:56 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 19:56 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 19:56 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 19:56 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 19:56 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 19:56 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 19:56 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 19:56 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 19:56 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 19:56 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 19:56 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 19:56 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 19:56 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 19:56 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 19:56 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 19:56 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 19:56 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 19:56 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 19:56 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 19:56 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 19:56 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 19:56 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 19:56 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 19:56 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 19:56 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-06 11:15 - 2013-10-30 10:36 - 00074330 _____ C:\Windows\system32\Drivers\etc\hosts.bak
==================== One Month Modified Files and Folders =======
2013-11-03 22:31 - 2013-11-03 22:31 - 00000000 ____D C:\FRST
2013-11-03 22:30 - 2013-11-03 22:31 - 01957098 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-11-03 22:29 - 2013-02-22 21:55 - 00000000 ____D C:\Users\*****\Documents\Outlook-Dateien
2013-11-03 22:28 - 2013-11-03 19:16 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner
2013-11-03 22:24 - 2013-11-03 22:24 - 00000000 ____D C:\Users\*****\AppData\Local\PackageAware
2013-11-03 22:24 - 2013-10-01 13:49 - 00000000 __HDC C:\ProgramData\~0
2013-11-03 22:23 - 2013-11-03 19:28 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-03 22:20 - 2013-02-20 23:47 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-03 22:18 - 2013-06-29 05:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-03 22:14 - 2009-07-14 05:45 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 22:14 - 2009-07-14 05:45 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 22:10 - 2013-11-02 23:19 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-03 22:10 - 2013-10-14 07:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-03 22:07 - 2013-11-03 22:07 - 00000476 _____ C:\Users\*****\Downloads\defogger_disable.log
2013-11-03 22:07 - 2013-11-03 22:07 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-11-03 22:07 - 2013-02-20 22:22 - 00000000 ____D C:\Users\*****
2013-11-03 22:06 - 2013-11-03 22:06 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-11-03 22:01 - 2013-11-03 22:01 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\*****\Downloads\fdminst_3.9.3.1360.exe
2013-11-03 21:56 - 2013-11-03 21:56 - 00000096 _____ C:\Users\*****\AppData\Roaming\WB.CFG
2013-11-03 21:56 - 2013-11-03 21:56 - 00000006 _____ C:\Users\*****\AppData\Roaming\WBPU-TTL.DAT
2013-11-03 21:56 - 2013-02-28 14:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-03 21:56 - 2013-02-20 22:19 - 01212560 _____ C:\Windows\WindowsUpdate.log
2013-11-03 19:58 - 2013-03-06 21:39 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-03 19:28 - 2013-11-03 19:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\DigitalSite
2013-11-03 19:26 - 2013-11-03 19:26 - 00752096 _____ C:\Users\*****\Downloads\ZipExtractorSetup.exe
2013-11-03 19:16 - 2013-08-19 18:56 - 00000000 ____D C:\Users\*****\AppData\Local\NPE
2013-11-03 19:12 - 2011-04-12 08:38 - 00702236 _____ C:\Windows\system32\perfh007.dat
2013-11-03 19:12 - 2011-04-12 08:38 - 00149792 _____ C:\Windows\system32\perfc007.dat
2013-11-03 19:12 - 2009-07-14 06:13 - 01622004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 19:09 - 2013-11-03 19:08 - 00000020 _____ C:\Windows\system32\Drivers\SMR410.dat
2013-11-03 19:08 - 2013-11-03 19:08 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2013-11-03 19:08 - 2013-04-27 19:03 - 00124965 _____ C:\Windows\setupact.log
2013-11-03 19:08 - 2013-04-11 14:12 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-11-03 19:08 - 2013-03-07 07:48 - 00000000 ____D C:\Users\migra
2013-11-03 19:08 - 2013-02-20 23:47 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-03 19:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 18:53 - 2013-02-21 02:07 - 00000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2013-11-03 10:03 - 2013-03-04 18:35 - 00001626 _____ C:\Windows\msacc30.ini
2013-11-03 07:33 - 2013-02-26 08:45 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-11-03 07:24 - 2013-11-03 07:24 - 00002026 _____ C:\Users\migra\Desktop\Anpassen Fences.lnk
2013-11-03 07:24 - 2013-03-07 07:48 - 00091496 _____ C:\Users\migra\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-03 07:23 - 2013-11-03 07:23 - 00000000 ____D C:\Users\migra\AppData\Roaming\Stardock
2013-11-03 07:23 - 2013-06-07 06:36 - 00000000 ___RD C:\Users\migra\Virtual Machines
2013-11-03 07:23 - 2013-03-07 07:48 - 00000000 ___RD C:\Users\migra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-03 07:23 - 2013-03-07 07:48 - 00000000 ___RD C:\Users\migra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-01 22:08 - 2013-05-02 04:29 - 00257900 _____ C:\Windows\PFRO.log
2013-11-01 16:00 - 2013-04-27 14:10 - 00000408 _____ C:\Windows\Tasks\One-Click Optimizer.job
2013-10-31 23:42 - 2013-10-31 23:42 - 01909356 _____ C:\Users\*****\Downloads\com_matukio-2.2.4.zip
2013-10-31 23:21 - 2013-10-31 23:21 - 00238413 _____ C:\Users\*****\Downloads\com_easybookreloaded_v2.5-6.zip
2013-10-30 16:03 - 2013-02-26 09:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-30 10:53 - 2013-10-30 10:53 - 00000000 ____D C:\Windows\Sun
2013-10-30 10:53 - 2013-10-30 10:53 - 00000000 ____D C:\ProgramData\Oracle
2013-10-30 10:52 - 2013-10-30 10:52 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-30 10:52 - 2013-10-30 10:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-30 10:52 - 2013-10-30 10:52 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-30 10:52 - 2013-10-30 10:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-30 10:52 - 2013-10-30 10:52 - 00000000 ____D C:\ProgramData\Sun
2013-10-30 10:52 - 2013-10-30 10:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-30 10:51 - 2013-10-30 10:51 - 00915368 _____ (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-10-30 10:36 - 2013-10-06 11:15 - 00074330 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2013-10-30 10:15 - 2013-09-11 13:15 - 00000000 ____D C:\AdwCleaner
2013-10-28 17:26 - 2013-02-28 14:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-28 17:26 - 2013-02-20 23:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-28 17:26 - 2013-02-20 23:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-27 23:03 - 2013-10-27 23:04 - 01060070 _____ C:\Users\*****\Downloads\adwcleaner-3.010.exe
2013-10-26 21:00 - 2013-02-28 11:16 - 00058115 _____ C:\Users\*****\Documents\Kosten Jens.xlsx
2013-10-23 11:52 - 2013-03-19 11:22 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2013-10-23 11:38 - 2013-04-18 10:34 - 00001456 _____ C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-10-22 20:54 - 2009-07-14 05:45 - 01905760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-22 12:22 - 2013-02-20 23:30 - 00091496 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 06:53 - 2013-02-21 10:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-21 19:50 - 2013-04-02 10:06 - 00000000 ____D C:\Users\*****\Documents\Links Programme
2013-10-21 08:44 - 2013-02-25 12:32 - 00000000 ____D C:\Users\*****\AppData\Local\Apple Computer
2013-10-20 13:48 - 2013-03-12 15:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-10-19 21:01 - 2013-10-19 10:06 - 00040290 _____ C:\Users\*****\Documents\MitgliederArbeitsdienstkontoÜbersicht.xls
2013-10-18 07:49 - 2013-10-18 07:49 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-10-18 07:43 - 2013-02-21 00:15 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-18 07:43 - 2013-02-21 00:15 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-10-17 06:09 - 2013-10-17 06:09 - 00000355 _____ C:\Users\*****\Desktop\Computer.lnk
2013-10-17 06:08 - 2013-10-14 07:11 - 12576792 _____ (Malwarebytes Corp.) C:\Users\*****\Downloads\mbar-1.07.0.1007.exe
2013-10-16 11:37 - 2013-10-16 11:37 - 00000000 ____D C:\ProgramData\McAfee
2013-10-16 00:13 - 2013-10-16 00:13 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-15 20:01 - 2013-10-15 20:01 - 00000000 ____D C:\Program Files (x86)\Etron Technology
2013-10-15 20:01 - 2013-02-25 10:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-15 19:20 - 2013-02-20 22:22 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-15 19:19 - 2013-10-15 19:19 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-10-15 19:19 - 2013-04-11 14:12 - 00001007 _____ C:\Users\migra\Desktop\SpeedFan.lnk
2013-10-15 19:19 - 2013-04-11 14:12 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-10-13 07:31 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-10-13 07:24 - 2013-03-10 07:33 - 00000000 ____D C:\Windows\Minidump
2013-10-12 10:00 - 2013-02-20 23:47 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-10-11 10:57 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-11 07:18 - 2013-10-11 07:18 - 00000000 ____D C:\Users\*****\Documents\Telltale Games
2013-10-11 07:17 - 2013-10-11 07:17 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-11 07:17 - 2013-10-11 07:17 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment
2013-10-11 06:48 - 2013-08-30 05:47 - 12907592 _____ (Malwarebytes Corp.) C:\Users\*****\Downloads\mbar-1.07.0.1005.exe
2013-10-11 00:48 - 2013-03-12 10:01 - 00000000 ____D C:\Users\*****\AppData\Roaming\FreeFLVConverter
2013-10-10 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 04:07 - 2013-02-21 02:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 04:07 - 2013-02-21 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 22:12 - 2013-02-21 11:01 - 01602706 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 22:08 - 2013-07-11 05:12 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 22:06 - 2013-02-21 02:24 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 19:55 - 2013-09-09 14:51 - 00183129 _____ C:\Users\*****\Documents\MitgliederAllgemeineListen (Querformat).xls
2013-10-08 17:15 - 2013-02-20 23:47 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 17:15 - 2013-02-20 23:47 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\CTPBSeq.exe
C:\Users\*****\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\*****\AppData\Local\Temp\sfamcc00001.dll
C:\Users\*****\AppData\Local\Temp\sfareca00001.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-01 07:06
==================== End Of Log ============================ --- --- --- 3. Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by ***** at 2013-11-03 22:33:00
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe CS6 Design and Web Premium (x32 Version: 6)
Adobe Edge Animate (x32 Version: 1.5)
Adobe Exchange Panel (x32 Version: 1)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Touch App Plugins (x32 Version: 1.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1116.1515.27190)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190)
ANNO 1404 - Venedig (x32 Version: 2.01.5010)
Anno 1404 (x32 Version: 1.00.0000)
ANNO 1404 (x32 Version: 1.02.0000)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CPUID CPU-Z 1.63.0
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Systeminformationen (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Deutsche Post E-Porto (Version: 2.3.0)
Etron USB3.0 Host Controller (x32 Version: 0.104)
FileZilla Client 3.7.3 (HKCU Version: 3.7.3)
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet Pro 8600 Hilfe (x32 Version: 28.0.0)
HP Product Detection (x32 Version: 11.15.0009)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Internet Explorer (x32 Version: 9)
IrfanView (remove only) (x32 Version: 4.36)
iSL-FiVE_4_0_225_0 (x32 Version: 04.00.0225)
iTunes (Version: 11.0.4.4)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access 2003 Runtime (x32 Version: 11.0.8173.0)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Norton 360 (x32 Version: 21.1.0.18)
Norton Management (x32 Version: 3.2.2.12)
Notepad++ (x32 Version: 6.4.3)
NVIDIA Drivers (Version: 1.10.62.40)
PDF Settings CS6 (x32 Version: 11.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
SpeedFan (remove only) (x32)
StarMoney (x32 Version: 3.0.1.31)
StarMoney (x32 Version: 3.0.5.8)
StarMoney 8.0 (x32 Version: 8.0)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (Version: 28.0.1315.0)
Tales of Monkey Island - Launch of the Screaming Narwhal (x32 Version: 1.0.0.15)
TeamViewer 6 (x32 Version: 6.0.17222)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
USB Sound Blaster HD (x32 Version: 1.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
==================== Restore Points =========================
30-10-2013 09:36:10 Norton_Power_Eraser_20131030103609810
30-10-2013 09:42:56 Removed Java 7 Update 21 (64-bit)
30-10-2013 09:43:06 Removed Java 7 Update 21 (64-bit)
30-10-2013 09:52:23 Installed Java 7 Update 45
02-11-2013 22:44:07 Norton_Power_Eraser_20131102234406217
03-11-2013 18:07:14 Norton_Power_Eraser_20131103190713954
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-10-30 10:36 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04EC2578-1BBC-40D9-BA0B-DD2C2A6124A4} - \DealPlyUpdate No Task File
Task: {231CEBE2-DDB3-414A-ADE5-0F240B7C581C} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {32785DFF-80F4-4454-9B14-20CF0E36CE48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-28] (Adobe Systems Incorporated)
Task: {40C3CD97-7246-41AF-9B59-B6EC255054F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {612C95EF-D497-4771-A33D-590DF1BB40F5} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe
Task: {6269381B-B33C-4865-91B3-4BFE9FCE0229} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {772726E0-CA7C-409B-86D1-1B2F4962C29C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {83549B7C-2833-4D06-942E-27486386617E} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {A281B4B7-9481-4AC6-B6C4-CC6AFFBAE010} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B5409060-2906-4486-A320-1C57906663C2} - \Searchya No Task File
Task: {BF40F6B1-0539-49CE-8C3E-E16BB99ED50F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: {C36EF65D-53E5-4973-A533-AA42C31C1E65} - System32\Tasks\{F0989680-418E-4936-83BB-A224ABAF682B} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2013-09-03] (Adobe Systems Incorporated)
Task: {C9BD9BF4-CB92-4D60-85E7-C6E2478D7A35} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C9C5AB09-6DE5-4B82-B511-A1FA0BD78EF4} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {D4513D11-BB96-4147-BAAF-F7BD50564FB1} - System32\Tasks\{84799CBD-C5CA-4688-AC10-CFD7D1BAB214} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2013-09-03] (Adobe Systems Incorporated)
Task: {D6669592-41F7-46C8-9586-EEE3EB18F831} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {E56557BA-A4E9-4AFC-ADE6-5FB1D1C455DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {EC61C0DE-67B7-4F53-93E7-1008B9A2B71C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {ED3CF325-8EF3-4712-9D15-B2E6ABE12801} - System32\Tasks\{28FC4E56-BCA0-44B3-8426-E4B38A99324B} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2013-09-03] (Adobe Systems Incorporated)
Task: {F3641E00-75BF-4289-B32F-3AFEA669C370} - \EPUpdater No Task File
Task: {FB783213-BEBC-407A-AA6F-042795EE8CB4} - System32\Tasks\AdobeAAMUpdater-1.0-*****-PC-***** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe
==================== Loaded Modules (whitelisted) =============
2013-04-04 00:09 - 2013-04-04 00:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-02-25 14:00 - 2009-12-29 15:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2013-02-25 14:00 - 2010-01-27 13:35 - 00231424 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-11-16 15:27 - 2012-11-16 15:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-18 14:49 - 2013-06-18 14:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-16 15:09 - 2012-11-16 15:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-02-25 10:35 - 2011-01-13 11:44 - 00232800 _____ () G:\Starmoney_8_NEU\ouservice\PATCHW32.dll
2013-10-15 21:43 - 2013-11-03 19:08 - 00158720 _____ () C:\Users\*****\AppData\Local\Temp\sfareca00001.dll
2013-10-15 19:21 - 2013-11-03 19:08 - 00192512 _____ () C:\Users\*****\AppData\Local\Temp\sfamcc00001.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-02-25 14:00 - 2009-12-29 15:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-02-25 14:00 - 2010-01-27 13:34 - 00178688 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-04-04 00:09 - 2013-04-04 00:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-08-18 14:02 - 2013-09-11 03:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 15:36 - 2013-10-09 15:36 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: K:\
Description: 2.0 Reader -SD
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: J:\
Description: 2.0 Reader -SM
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: I:\
Description: 2.0 Reader -CF
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: M:\
Description: 2.0 Reader -xD
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: L:\
Description: 2.0 Reader -MS
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2013 07:10:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 07:06:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 06:58:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 06:53:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AddonWeb.exe, Version: 0.0.0.0, Zeitstempel: 0x4ce5502a
Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0x11e0
Startzeit der fehlerhaften Anwendung: 0xAddonWeb.exe0
Pfad der fehlerhaften Anwendung: AddonWeb.exe1
Pfad des fehlerhaften Moduls: AddonWeb.exe2
Berichtskennung: AddonWeb.exe3
Error: (11/03/2013 06:42:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 07:24:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 11:46:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 11:43:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 11:33:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 02:56:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/03/2013 10:18:38 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
Error: (11/03/2013 10:18:38 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON MANAGEMENT\ENGINE\3.2.2.12\CCSVCHST.EXE
Error: (11/03/2013 10:18:37 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\N360.EXE
Error: (11/03/2013 10:18:37 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON MANAGEMENT\ENGINE\3.2.2.12\CCSVCHST.EXE
Error: (11/03/2013 10:18:30 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\WSCSTUB.EXE
Error: (11/03/2013 10:18:30 PM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe
Error: (11/03/2013 10:18:30 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\WSCSTUB.EXE
Error: (11/03/2013 10:18:30 PM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe
Error: (11/03/2013 10:13:18 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES (X86)\NORTON 360\ENGINE\21.1.0.18\WSCSTUB.EXE
Error: (11/03/2013 10:13:18 PM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe
Microsoft Office Sessions:
=========================
Error: (11/03/2013 07:10:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 07:06:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 06:58:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 06:53:33 PM) (Source: Application Error)(User: )
Description: AddonWeb.exe0.0.0.04ce5502aole32.DLL6.1.7601.175144ce7b96fc00000050003934211e001ced8bd8f889416C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exeC:\Windows\syswow64\ole32.DLLdab41f45-44b0-11e3-85a7-bc5ff45b785e
Error: (11/03/2013 06:42:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 07:24:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 11:46:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 11:43:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 11:33:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/02/2013 02:56:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 8165.8 MB
Available physical RAM: 6190.63 MB
Total Pagefile: 12771.98 MB
Available Pagefile: 10437.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:39.76 GB) NTFS
Drive f: (Datenträger 1) (Fixed) (Total:149.04 GB) (Free:55.26 GB) NTFS
Drive g: (Eigene) (Fixed) (Total:149.04 GB) (Free:42.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: B09896B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 12C494C9)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 0355E84F)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================ 4. Gmer.txt Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-03 23:15:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SanDisk_SDSSDP128G rev.2.0.0 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\uwliifow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f2000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031f202f 16 bytes [00, 00, 01, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ff1465 2 bytes [FF, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ff14bb 2 bytes [FF, 76]
.text ... * 2
.text G:\Starmoney_8_NEU\ouservice\StarMoneyOnlineUpdate.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ff1465 2 bytes [FF, 76]
.text G:\Starmoney_8_NEU\ouservice\StarMoneyOnlineUpdate.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ff14bb 2 bytes [FF, 76]
.text ... * 2
.text C:\Program Files (x86)\SpeedFan\speedfan.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ff1465 2 bytes [FF, 76]
.text C:\Program Files (x86)\SpeedFan\speedfan.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ff14bb 2 bytes [FF, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ff1465 2 bytes [FF, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ff14bb 2 bytes [FF, 76]
.text ... * 2
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcb0 5 bytes JMP 00000001002b091c
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe14 5 bytes JMP 00000001002b0048
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afea8 5 bytes JMP 00000001002b02ee
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0004 5 bytes JMP 00000001002b04b2
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779b0038 5 bytes JMP 00000001002b09fe
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779b0068 5 bytes JMP 00000001002b0ae0
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0084 5 bytes JMP 0000000100020050
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b079c 5 bytes JMP 00000001002b012a
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b088c 5 bytes JMP 00000001002b0758
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08a4 5 bytes JMP 00000001002b0676
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0df4 5 bytes JMP 00000001002b03d0
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1920 5 bytes JMP 00000001002b0594
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1be4 5 bytes JMP 00000001002b083a
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d70 5 bytes JMP 00000001002b020c
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075e1524f 7 bytes JMP 00000001002b0f52
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075e153d0 7 bytes JMP 00000001002c0210
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075e15677 1 byte JMP 00000001002c0048
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075e15679 5 bytes {JMP 0xffffffff8a4aa9d1}
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075e1589a 7 bytes JMP 00000001002b0ca6
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075e15a1d 7 bytes JMP 00000001002c03d8
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075e15c9b 7 bytes JMP 00000001002c012c
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075e15d87 7 bytes JMP 00000001002c02f4
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075e17240 7 bytes JMP 00000001002b0e6e
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[568] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075501492 7 bytes JMP 00000001002c04bc
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3708] 0000000180000000
Library c:\program files (x86)\stardock\fences\DesktopDock64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3708] 0000000005920000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 65925
---- EOF - GMER 2.1 ---- 5. AdwCleaner[R0].txt Code:
# AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 14:16:28
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\searchplugins\safesearch.xml
Datei Gefunden : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
Datei Gefunden : C:\Windows\System32\Tasks\DealPlyUpdate
Datei Gefunden : C:\Windows\System32\Tasks\EPUpdater
Datei Gefunden : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B424109-6F99-4306-8F2B-0B2BB1C8C415}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C0EB0A9-265F-4D9D-AF96-0EF2403A73E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DF046E1-80F7-43E0-80C0-0AD696799C8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0FD0502-5878-441D-A3C0-9A4531C526CB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E46008-1902-41A7-91C7-26EC6E0B66D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gefunden : HKLM\Software\Plus-HD-2.3
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\prefs.js ]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n /************************************************************************************\[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gefunden : user_pref("extensions.crossrider.bic", "13f6e6f20b04c65eab1948ef1fa9ed28");
-\\ Google Chrome v29.0.1547.66
[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
*************************
AdwCleaner[R0].txt - [6946 octets] - [11/09/2013 14:16:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7006 octets] ########## 6. AdwCleaner[R11].txt Code:
# AdwCleaner v3.010 - Bericht erstellt am 03/11/2013 um 23:26:06
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Downloads\adwcleaner-3.010.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\user.js
Ordner Gefunden C:\Program Files (x86)\BonanzaDeals
Ordner Gefunden C:\ProgramData\~0
Ordner Gefunden C:\Users\*****\AppData\Local\PackageAware
Ordner Gefunden C:\Users\*****\AppData\Roaming\digitalsite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\dsiteproducts
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\dsiteproducts
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : HKLM\Software\BonanzaDealsLive
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xntjo1y5.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7090 octets] - [11/09/2013 13:16:28]
AdwCleaner[R10].txt - [2145 octets] - [30/10/2013 10:14:10]
AdwCleaner[R11].txt - [1673 octets] - [03/11/2013 23:26:06]
AdwCleaner[R1].txt - [2465 octets] - [14/10/2013 14:48:36]
AdwCleaner[R2].txt - [1307 octets] - [14/10/2013 14:55:45]
AdwCleaner[R3].txt - [1427 octets] - [14/10/2013 14:59:06]
AdwCleaner[R4].txt - [1425 octets] - [14/10/2013 15:02:05]
AdwCleaner[R5].txt - [1545 octets] - [14/10/2013 15:05:09]
AdwCleaner[R6].txt - [1805 octets] - [17/10/2013 06:21:06]
AdwCleaner[R7].txt - [1778 octets] - [21/10/2013 19:51:21]
AdwCleaner[R8].txt - [2091 octets] - [27/10/2013 23:05:33]
AdwCleaner[R9].txt - [2024 octets] - [29/10/2013 06:18:49]
AdwCleaner[S0].txt - [7029 octets] - [11/09/2013 13:17:04]
AdwCleaner[S10].txt - [2208 octets] - [30/10/2013 10:15:24]
AdwCleaner[S1].txt - [2412 octets] - [14/10/2013 14:51:30]
AdwCleaner[S2].txt - [1372 octets] - [14/10/2013 14:57:06]
AdwCleaner[S3].txt - [1488 octets] - [14/10/2013 14:59:52]
AdwCleaner[S4].txt - [1486 octets] - [14/10/2013 15:03:36]
AdwCleaner[S5].txt - [1606 octets] - [14/10/2013 15:05:41]
AdwCleaner[S6].txt - [1866 octets] - [17/10/2013 06:22:40]
AdwCleaner[S7].txt - [1839 octets] - [21/10/2013 19:53:30]
AdwCleaner[S8].txt - [2152 octets] - [27/10/2013 23:07:24]
AdwCleaner[S9].txt - [2085 octets] - [29/10/2013 06:20:13]
########## EOF - C:\AdwCleaner\AdwCleaner[R11].txt - [2935 octets] ########## 6. Als Anhang die Protokolldatei des NPE
Ich hoffe dass Du mir mit den jetzt integrierten Dateien helfenkannst.
Danke
Michael |