Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wörter doppelt blau unterstrichen, Java Update Free (https://www.trojaner-board.de/158311-woerter-doppelt-blau-unterstrichen-java-update-free.html)

MarieClara 04.09.2014 21:21
Wörter doppelt blau unterstrichen, Java Update Free
 
Liebe Trojaner-Board-Mitglieder,

seit ein paar Tagen sind einige Wörter auf Internetseiten (Firefox) doppelt blau unterstrichen. Streift man mit dem Cursor darüber, erscheint "Java Update Free" - das nervt. Ich möchte eine ganz "normale" Internetseite abrufen, ohne doppelt blau unterstrichene Wörter.
Ich habe schon alle Plug-Ins von Java deaktiviert, damit ich das endlich loswerde und auch "Adblock Plus" installiert, aber es bringt nichts.

Gerade eben bin ich auf diesen Artikel gestoßen, der genau zu meinem Problem passt: http://www.trojaner-board.de/154837-...chirmrand.html

Auch ich kenne mich am Computer nicht gut aus, von daher wäre es nett wenn man mich Schritt für Schritt aufklärt, was zu tun ist.

Ich bedanke mich im Voraus,
MarieClara

deeprybka 04.09.2014 21:44
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

MarieClara 05.09.2014 18:08
Ich habe jetzt erstmal den Schritt mit AdwCleaner gemacht und ich soll ja den Inhalt posten, also:

# Gestartet von : C:\Users\User\Downloads\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Pokki
Ordner Gelöscht : C:\Program Files (x86)\SiteLookup
Ordner Gelöscht : C:\Users\User\AppData\Local\Pokki
Ordner Gelöscht : C:\Users\User\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\User\AppData\Roaming\SimilarAddon

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2040 octets] - [05/09/2014 19:02:11]
AdwCleaner[S0].txt - [1690 octets] - [05/09/2014 19:03:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1750 octets] ##########








Dann mache ich jetzt die weiteren Schritte

deeprybka 05.09.2014 18:13
Zitat:
Ich habe jetzt erstmal den Schritt mit AdwCleaner gemacht und ich soll ja den Inhalt posten, also:
Hi, eigentlich sollst Du meinen Anweisungen folgen und mit Schritt 1 beginnen. Das ist ein FRST-Scan. :)

MarieClara 05.09.2014 18:16
FRST.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by User (administrator) on NOTEBOOK on 05-09-2014 19:12:33
Running from C:\Users\User\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-3214894856-3182142478-1087394404-1001\...\Run: [sbitunesagent] => C:\Program Files (x86)\Songbird\songbirditunesagent.exe
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Website Tipster - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\Extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3} [2014-08-31]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-09-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-19] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1505000.013\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\IPSDefs\20140904.002\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140904.021\ENG64.SYS [129752 2014-08-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140904.021\EX64.SYS [2137304 2014-08-29] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 19:12 - 2014-09-05 19:13 - 00017219 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-05 19:12 - 2014-09-05 19:12 - 02104832 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-09-05 19:12 - 2014-09-05 19:12 - 00000000 ____D () C:\FRST
2014-09-05 19:04 - 2014-09-05 19:04 - 00002058 _____ () C:\Windows\PFRO.log
2014-09-05 19:02 - 2014-09-05 19:03 - 00000000 ____D () C:\AdwCleaner
2014-09-05 19:01 - 2014-09-05 19:01 - 01370467 _____ () C:\Users\User\Downloads\adwcleaner_3.309.exe
2014-09-05 18:51 - 2014-09-05 19:03 - 00048292 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 22:32 - 2014-09-04 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-04 22:32 - 2014-09-04 22:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-04 22:30 - 2014-09-05 19:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 22:30 - 2014-09-04 22:30 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-04 21:48 - 2014-09-04 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-04 21:48 - 2014-09-04 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-04 21:47 - 2014-09-04 21:47 - 00000000 ____D () C:\Program Files\Java
2014-09-04 21:35 - 2014-09-04 21:37 - 01101648 _____ () C:\Users\User\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-09-04 21:04 - 2014-09-04 21:04 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-04 21:04 - 2014-09-04 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-04 21:03 - 2014-09-04 21:03 - 03826912 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup417_slim.exe
2014-09-02 23:56 - 2014-09-02 23:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 23:51 - 2014-09-02 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-02 23:49 - 2014-09-02 23:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\RHEng
2014-09-02 23:49 - 2014-09-02 23:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-02 23:48 - 2014-09-02 23:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2014-09-02 23:47 - 2014-09-02 23:48 - 29605200 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter3.12.44.820.exe
2014-09-02 22:34 - 2014-09-02 22:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-02 22:33 - 2014-09-02 23:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Songbird2
2014-09-02 22:33 - 2014-09-02 22:33 - 00000000 ____D () C:\Users\User\AppData\Local\Songbird2
2014-09-02 21:59 - 2014-09-02 22:30 - 00006190 _____ () C:\Users\User\Documents\iDumpClassic2013.txt
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\EscSoft
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Local\SkinSoft
2014-09-02 17:07 - 2014-09-02 17:08 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 19:59 - 2014-08-31 20:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.3 Release 1
2014-08-31 19:58 - 2014-08-31 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.2 Release 1
2014-08-30 14:26 - 2014-08-31 20:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions
2014-08-30 14:26 - 2014-08-30 15:08 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-08-30 12:59 - 2014-09-02 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-30 12:59 - 2014-08-30 13:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-08-30 12:59 - 2014-08-30 12:59 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer
2014-08-30 12:59 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-30 12:58 - 2014-08-30 12:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-30 12:58 - 2014-08-30 12:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-30 12:58 - 2014-08-30 12:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Users\User\AppData\Local\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-30 12:57 - 2014-08-30 12:58 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-30 12:55 - 2014-08-30 12:56 - 113492816 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes64Setup.exe
2014-08-30 12:46 - 2014-08-30 14:40 - 00002076 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 11:48 - 2014-09-04 22:34 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-08-29 17:13 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 23:39 - 2014-08-27 23:42 - 00000000 ____D () C:\Users\User\Documents\Bilder Rezepte
2014-08-27 23:28 - 2014-08-27 23:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-19 14:27 - 2014-08-19 14:27 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-08-19 10:47 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 10:47 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 10:47 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 10:47 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 10:47 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 10:47 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 10:47 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-16 13:54 - 2014-09-04 21:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-16 12:59 - 2014-08-29 19:58 - 00355848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 12:46 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-08-16 12:46 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-08-16 12:45 - 2014-08-16 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 12:45 - 2014-08-16 12:45 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\ProgramData\ATI
2014-08-15 15:53 - 2014-08-30 11:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-14 16:45 - 2014-08-14 16:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 16:38 - 2014-07-12 06:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 16:38 - 2014-07-12 06:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 16:38 - 2014-07-12 02:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 16:38 - 2014-07-12 02:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-08-14 16:38 - 2014-07-09 00:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-08-14 16:38 - 2014-07-09 00:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-08-14 16:38 - 2014-07-09 00:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-08-14 16:38 - 2014-07-09 00:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-08-14 16:38 - 2014-07-07 07:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-08-14 16:38 - 2014-07-07 07:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-08-14 16:38 - 2014-07-04 12:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-08-14 16:38 - 2014-07-03 03:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 16:38 - 2014-07-03 02:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 16:38 - 2014-06-28 09:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-08-14 16:38 - 2014-06-28 08:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-08-14 16:38 - 2014-06-28 08:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-08-14 16:38 - 2014-06-28 01:09 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-08-14 16:38 - 2014-06-27 05:42 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-08-14 16:38 - 2014-06-27 05:41 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-08-14 16:38 - 2014-06-25 09:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-08-14 16:38 - 2014-06-25 09:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 16:38 - 2014-06-18 01:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-14 16:38 - 2014-06-18 01:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-14 16:38 - 2014-06-13 01:35 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 16:38 - 2014-06-13 01:34 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 16:38 - 2014-06-13 01:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 16:38 - 2014-06-13 01:29 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 16:38 - 2014-06-13 01:29 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 16:38 - 2014-06-13 01:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 16:38 - 2014-06-11 16:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-14 16:38 - 2014-06-11 06:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-14 16:38 - 2014-06-11 00:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-14 16:38 - 2014-05-30 01:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-14 16:38 - 2014-05-30 01:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-14 16:38 - 2014-02-04 12:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-14 15:47 - 2014-08-16 13:48 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-08-14 15:47 - 2014-08-14 15:47 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-08-14 15:45 - 2014-08-14 15:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-14 15:44 - 2014-08-14 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-14 15:42 - 2014-08-14 15:42 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-14 15:39 - 2014-08-14 16:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:39 - 2014-08-14 15:42 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-14 15:39 - 2014-08-14 15:39 - 00000000 __RHD () C:\MSOCache
2014-08-14 15:34 - 2014-08-14 15:34 - 00000000 ____D () C:\Users\User\Documents\Symantec
2014-08-14 15:32 - 2014-09-02 22:25 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-14 15:32 - 2014-08-16 12:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-14 15:32 - 2014-08-14 15:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-14 15:32 - 2014-08-14 15:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-14 15:30 - 2014-09-02 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-08-14 15:30 - 2014-09-02 22:25 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-08-14 15:30 - 2014-08-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-08-14 15:29 - 2014-08-14 15:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-14 15:27 - 2014-09-05 19:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214894856-3182142478-1087394404-1001
2014-08-14 15:21 - 2014-08-02 02:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 15:21 - 2014-08-02 02:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 15:08 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 15:06 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:06 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 14:59 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 14:59 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 14:59 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 14:59 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 14:59 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 14:59 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 14:59 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 14:59 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 14:59 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 14:59 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 14:59 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 14:59 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 14:59 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 14:59 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 14:59 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 14:59 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 14:59 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 14:59 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 14:58 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 14:58 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 14:58 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 14:58 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 14:58 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 14:58 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 14:58 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 15:36 - 2013-11-06 10:05 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 09:34 - 2013-11-06 10:05 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-09-05 19:13 - 2014-09-05 19:12 - 00017219 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-05 19:12 - 2014-09-05 19:12 - 02104832 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-09-05 19:12 - 2014-09-05 19:12 - 00000000 ____D () C:\FRST
2014-09-05 19:10 - 2014-08-14 15:27 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214894856-3182142478-1087394404-1001
2014-09-05 19:08 - 2013-11-06 18:32 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 19:08 - 2013-11-06 18:32 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 19:08 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 19:04 - 2014-09-05 19:04 - 00002058 _____ () C:\Windows\PFRO.log
2014-09-05 19:04 - 2014-09-04 22:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 19:04 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 19:03 - 2014-09-05 19:02 - 00000000 ____D () C:\AdwCleaner
2014-09-05 19:03 - 2014-09-05 18:51 - 00048292 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 19:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-05 19:01 - 2014-09-05 19:01 - 01370467 _____ () C:\Users\User\Downloads\adwcleaner_3.309.exe
2014-09-05 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-05 18:56 - 2014-07-09 18:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2014-09-04 22:34 - 2014-08-30 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-09-04 22:32 - 2014-09-04 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-04 22:32 - 2014-09-04 22:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-04 22:32 - 2014-07-09 18:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-04 22:30 - 2014-09-04 22:30 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-04 21:48 - 2014-09-04 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-04 21:48 - 2014-09-04 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-04 21:47 - 2014-09-04 21:47 - 00000000 ____D () C:\Program Files\Java
2014-09-04 21:47 - 2014-07-09 18:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-04 21:37 - 2014-09-04 21:35 - 01101648 _____ () C:\Users\User\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-09-04 21:09 - 2014-08-16 13:54 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-09-04 21:09 - 2013-10-09 15:00 - 00000000 ____D () C:\Windows\Panther
2014-09-04 21:04 - 2014-09-04 21:04 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-04 21:04 - 2014-09-04 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-04 21:03 - 2014-09-04 21:03 - 03826912 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup417_slim.exe
2014-09-02 23:57 - 2014-09-02 23:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\RHEng
2014-09-02 23:56 - 2014-09-02 23:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 23:56 - 2014-08-30 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 23:54 - 2014-09-02 23:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2014-09-02 23:52 - 2014-09-02 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-02 23:52 - 2014-09-02 23:49 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-02 23:48 - 2014-09-02 23:47 - 29605200 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter3.12.44.820.exe
2014-09-02 23:15 - 2014-09-02 22:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Songbird2
2014-09-02 22:57 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-02 22:56 - 2014-07-09 18:10 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-09-02 22:34 - 2014-09-02 22:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-02 22:33 - 2014-09-02 22:33 - 00000000 ____D () C:\Users\User\AppData\Local\Songbird2
2014-09-02 22:30 - 2014-09-02 21:59 - 00006190 _____ () C:\Users\User\Documents\iDumpClassic2013.txt
2014-09-02 22:25 - 2014-08-14 15:32 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-02 22:25 - 2014-08-14 15:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-09-02 22:25 - 2014-08-14 15:30 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\EscSoft
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Local\SkinSoft
2014-09-02 17:08 - 2014-09-02 17:07 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 20:29 - 2014-08-30 14:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions
2014-08-31 20:02 - 2014-08-31 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.3 Release 1
2014-08-31 19:59 - 2014-08-31 19:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.2 Release 1
2014-08-30 15:08 - 2014-08-30 14:26 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-08-30 14:40 - 2014-08-30 12:46 - 00002076 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 13:02 - 2014-08-30 12:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-08-30 12:59 - 2014-08-30 12:59 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer
2014-08-30 12:59 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\iTunes
2014-08-30 12:59 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-30 12:58 - 2014-08-30 12:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Users\User\AppData\Local\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-30 12:58 - 2014-08-30 12:57 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-30 12:56 - 2014-08-30 12:55 - 113492816 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes64Setup.exe
2014-08-30 12:46 - 2014-07-10 17:15 - 00002230 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-08-30 11:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-30 11:11 - 2014-08-15 15:53 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-29 20:00 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-29 19:58 - 2014-08-16 12:59 - 00355848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 19:04 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-29 17:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 23:42 - 2014-08-27 23:39 - 00000000 ____D () C:\Users\User\Documents\Bilder Rezepte
2014-08-27 23:28 - 2014-08-27 23:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-23 08:47 - 2014-08-29 17:13 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 14:27 - 2014-08-19 14:27 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-08-16 21:43 - 2014-07-09 18:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-08-16 13:49 - 2014-07-09 18:09 - 00000000 ____D () C:\Users\User\AppData\Local\Packages
2014-08-16 13:48 - 2014-08-14 15:47 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-08-16 12:59 - 2014-08-14 15:32 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-16 12:48 - 2014-08-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 12:47 - 2014-08-16 12:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-08-16 12:47 - 2014-08-16 12:46 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-08-16 12:45 - 2014-08-16 12:45 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\ProgramData\ATI
2014-08-14 16:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-14 16:48 - 2014-08-14 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 16:45 - 2014-08-14 16:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-14 16:03 - 2014-07-09 20:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 16:01 - 2014-07-09 20:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:47 - 2014-08-14 15:47 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-08-14 15:45 - 2014-08-14 15:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-14 15:45 - 2014-08-14 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-14 15:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-14 15:42 - 2014-08-14 15:42 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-14 15:42 - 2014-08-14 15:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-14 15:40 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew
2014-08-14 15:39 - 2014-08-14 15:39 - 00000000 __RHD () C:\MSOCache
2014-08-14 15:34 - 2014-08-14 15:34 - 00000000 ____D () C:\Users\User\Documents\Symantec
2014-08-14 15:33 - 2013-11-06 10:25 - 00000000 ____D () C:\ProgramData\Norton
2014-08-14 15:32 - 2014-08-14 15:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-14 15:32 - 2014-08-14 15:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-14 15:30 - 2014-08-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-08-14 15:29 - 2014-08-14 15:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-14 15:21 - 2013-10-09 14:42 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:04 - 2013-11-06 10:25 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-14 15:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-29 18:23

==================== End Of Log ============================
--- --- ---







Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by User at 2014-09-05 19:13:21
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30314 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0314.1033.17070 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0314.1033.17070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0314.1033.17070 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0314.1033.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0314.1032.17070 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0314.1033.17070 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.44.820 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.820 - DVDVideoSoft Ltd.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.5.0.19 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.3.181 - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-07-2014 16:18:28 Installed Java 7 Update 60
14-08-2014 13:01:53 Removed Microsoft Office
19-08-2014 08:46:27 Windows Update
29-08-2014 16:23:19 Windows Update
02-09-2014 15:07:07 Installed Java 7 Update 67
04-09-2014 19:11:49 Removed Java 7 Update 60

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05814CD8-6784-42C1-9FCA-88A19664D0AF} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {05C31387-8445-4C69-B72C-DC1111070CB8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {06314B9E-3B0C-4EFF-92BB-782FEE0A45AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {24987A8A-FED9-4441-8A8D-BA56CF697CF9} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-18] (Acer Incorporate)
Task: {45C53586-A2AE-4B35-96E5-15BFB5BC8367} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {51130BBD-1CBB-4C45-9B11-BEADD1DA1F4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5310874E-191D-40E7-A33C-1797DBF736FD} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {788B1B0D-2061-412E-A09A-7500E142DB6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9DA10640-B253-4C39-B688-1626AC236F56} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7C9E3F2-67B8-4630-B4EB-C5366C1C8929} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {D8887171-E2A2-4D9E-9BB6-1D49C5A31CB7} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {E1E16201-561A-441E-A6E7-ED4415496992} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FC797F3A-E34A-43A2-A50E-9837224E59D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-04] (Adobe Systems Incorporated)
Task: {FEBD1DD8-4C91-4A63-989D-2DB7A32D24BF} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-07 02:48 - 2013-09-07 02:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 02:45 - 2013-09-07 02:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 02:52 - 2013-09-07 02:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-06 10:27 - 2013-02-20 23:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-08-16 12:45 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-06 09:56 - 2013-05-08 22:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 10:35:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5141d97f
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5141d97f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e629
ID des fehlerhaften Prozesses: 0xa00
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (09/03/2014 00:54:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5141d97f
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5141d97f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e629
ID des fehlerhaften Prozesses: 0x13cc
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll4

Error: (09/03/2014 00:40:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4


System errors:
=============
Error: (09/05/2014 07:04:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/04/2014 09:54:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/02/2014 11:58:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/02/2014 11:40:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/02/2014 11:27:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/02/2014 10:57:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/02/2014 10:25:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/31/2014 07:21:19 PM) (Source: DCOM) (EventID: 10010) (User: NOTEBOOK)
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (08/30/2014 03:58:40 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/30/2014 03:58:40 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/04/2014 10:35:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435141d97fatieclxx.exe6.14.11.11435141d97fc0000005000000000002e629a0001cfc87fbc1b84dbC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exefa4ea2c3-3472-11e4-be83-201a06765498

Error: (09/03/2014 00:54:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435141d97fatieclxx.exe6.14.11.11435141d97fc0000005000000000002e62913cc01cfc700ca151099C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe0a956a69-32f4-11e4-be82-201a06765498

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (09/03/2014 00:41:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll4

Error: (09/03/2014 00:40:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 3976.27 MB
Available physical RAM: 2410.42 MB
Total Pagefile: 4680.27 MB
Available Pagefile: 3046.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:682.19 GB) (Free:626.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EC53488C)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka 05.09.2014 18:23
Nachdem der Adwcleaner schon gelaufen ist, bitte so weitermachen:

Schritt 1

http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

MarieClara 05.09.2014 18:46
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.09.2014
Suchlauf-Zeit: 19:27:53
Logdatei: Suchlauf-Protokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.05.06
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303731
Verstrichene Zeit: 15 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

deeprybka 05.09.2014 19:01
Hallo,
kannst Du mal bitte dieses Firefox Addon entfernen:

Code:
FF Extension: Website Tipster
https://support.mozilla.org/de/kb/ad...deinstallieren

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

MarieClara 06.09.2014 10:21
Hab ich nicht.

Hab:
- Intel Identity Protection Technology 3.5.29.0 (zwei mal irgendwie)
- iTunes Application Detector 1.0.1.1
- Microsoft Office 2010 14.0.4761.1000 und 14.0.4730.1010
- Shockwave Flash 14.0.0.179
- Silvernight Plug-In 5.1.30514.0
- WildTangent Games App V2 Presence Detector 4.0.5.13
- Adobe Acrobat 11.0.8.4

deeprybka 06.09.2014 11:41
Hi,

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
FF Extension: Website Tipster - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\Extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3} [2014-08-31]
SearchScopes: HKCU - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL =
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Nach dem Reboot:

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

MarieClara 06.09.2014 17:44
Fixblog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by User at 2014-09-06 18:32:51 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Website Tipster - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\Extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3} [2014-08-31]
SearchScopes: HKCU - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL =
EmptyTemp:
       
*****************

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\Extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3} => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{923C10AF-7B4E-4314-B8AE-9CD55666FE59}" => Key deleted successfully.
"HKCR\CLSID\{923C10AF-7B4E-4314-B8AE-9CD55666FE59}" => Key not found.
EmptyTemp: => Removed 293.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by User (administrator) on NOTEBOOK on 06-09-2014 18:38:23
Running from C:\Users\User\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\nav.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-3214894856-3182142478-1087394404-1001\...\Run: [sbitunesagent] => C:\Program Files (x86)\Songbird\songbirditunesagent.exe
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {923C10AF-7B4E-4314-B8AE-9CD55666FE59} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default
FF Homepage: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\e3scdxe2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-09-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-19] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1505000.013\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\IPSDefs\20140905.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140905.007\ENG64.SYS [129752 2014-08-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140905.007\EX64.SYS [2137304 2014-08-29] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 18:38 - 2014-09-06 18:38 - 00016841 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-05 19:26 - 2014-09-05 19:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 19:25 - 2014-09-05 19:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 19:25 - 2014-09-05 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 19:25 - 2014-09-05 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 19:25 - 2014-09-05 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 19:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 19:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 19:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 19:12 - 2014-09-06 18:38 - 00000000 ____D () C:\FRST
2014-09-05 19:12 - 2014-09-05 19:12 - 02104832 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-09-05 19:04 - 2014-09-05 19:04 - 00002058 _____ () C:\Windows\PFRO.log
2014-09-05 19:02 - 2014-09-05 19:03 - 00000000 ____D () C:\AdwCleaner
2014-09-05 19:01 - 2014-09-05 19:01 - 01370467 _____ () C:\Users\User\Downloads\adwcleaner_3.309.exe
2014-09-05 18:51 - 2014-09-06 17:42 - 00105072 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 22:32 - 2014-09-04 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-04 22:32 - 2014-09-04 22:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-04 22:30 - 2014-09-06 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 22:30 - 2014-09-04 22:30 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-04 21:48 - 2014-09-04 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-04 21:48 - 2014-09-04 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-04 21:47 - 2014-09-04 21:47 - 00000000 ____D () C:\Program Files\Java
2014-09-04 21:35 - 2014-09-04 21:37 - 01101648 _____ () C:\Users\User\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-09-04 21:04 - 2014-09-04 21:04 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-04 21:04 - 2014-09-04 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-04 21:03 - 2014-09-04 21:03 - 03826912 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup417_slim.exe
2014-09-02 23:56 - 2014-09-02 23:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 23:51 - 2014-09-02 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-02 23:49 - 2014-09-02 23:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\RHEng
2014-09-02 23:49 - 2014-09-02 23:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-02 23:48 - 2014-09-02 23:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2014-09-02 23:47 - 2014-09-02 23:48 - 29605200 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter3.12.44.820.exe
2014-09-02 22:34 - 2014-09-02 22:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-02 22:33 - 2014-09-02 23:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Songbird2
2014-09-02 22:33 - 2014-09-02 22:33 - 00000000 ____D () C:\Users\User\AppData\Local\Songbird2
2014-09-02 21:59 - 2014-09-02 22:30 - 00006190 _____ () C:\Users\User\Documents\iDumpClassic2013.txt
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\EscSoft
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Local\SkinSoft
2014-09-02 17:07 - 2014-09-02 17:08 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 19:59 - 2014-08-31 20:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.3 Release 1
2014-08-31 19:58 - 2014-08-31 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.2 Release 1
2014-08-30 14:26 - 2014-08-31 20:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions
2014-08-30 14:26 - 2014-08-30 15:08 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-08-30 12:59 - 2014-09-02 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-30 12:59 - 2014-08-30 13:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-08-30 12:59 - 2014-08-30 12:59 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer
2014-08-30 12:59 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-30 12:58 - 2014-08-30 12:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-30 12:58 - 2014-08-30 12:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-30 12:58 - 2014-08-30 12:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Users\User\AppData\Local\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-30 12:57 - 2014-08-30 12:58 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-30 12:55 - 2014-08-30 12:56 - 113492816 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes64Setup.exe
2014-08-30 12:46 - 2014-08-30 14:40 - 00002076 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 11:48 - 2014-09-04 22:34 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-08-29 17:13 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 23:39 - 2014-08-27 23:42 - 00000000 ____D () C:\Users\User\Documents\Bilder Rezepte
2014-08-27 23:28 - 2014-08-27 23:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-19 14:27 - 2014-08-19 14:27 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-08-19 10:47 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 10:47 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 10:47 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-19 10:47 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 10:47 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 10:47 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 10:47 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 10:47 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-16 13:54 - 2014-09-06 18:32 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-16 12:59 - 2014-08-29 19:58 - 00355848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 12:46 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-08-16 12:46 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-08-16 12:45 - 2014-08-16 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 12:45 - 2014-08-16 12:45 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\ProgramData\ATI
2014-08-15 15:53 - 2014-08-30 11:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-14 16:45 - 2014-08-14 16:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 16:38 - 2014-07-12 06:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 16:38 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 16:38 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 16:38 - 2014-07-12 06:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 16:38 - 2014-07-12 02:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 16:38 - 2014-07-12 02:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-08-14 16:38 - 2014-07-09 00:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-08-14 16:38 - 2014-07-09 00:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-08-14 16:38 - 2014-07-09 00:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-08-14 16:38 - 2014-07-09 00:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-08-14 16:38 - 2014-07-07 07:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-08-14 16:38 - 2014-07-07 07:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-08-14 16:38 - 2014-07-04 12:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-08-14 16:38 - 2014-07-03 03:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 16:38 - 2014-07-03 02:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 16:38 - 2014-06-28 09:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-08-14 16:38 - 2014-06-28 08:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-08-14 16:38 - 2014-06-28 08:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-08-14 16:38 - 2014-06-28 01:09 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-08-14 16:38 - 2014-06-27 05:42 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-08-14 16:38 - 2014-06-27 05:41 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-08-14 16:38 - 2014-06-25 09:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-08-14 16:38 - 2014-06-25 09:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 16:38 - 2014-06-18 01:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-14 16:38 - 2014-06-18 01:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-14 16:38 - 2014-06-13 01:35 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 16:38 - 2014-06-13 01:34 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 16:38 - 2014-06-13 01:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 16:38 - 2014-06-13 01:29 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 16:38 - 2014-06-13 01:29 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 16:38 - 2014-06-13 01:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 16:38 - 2014-06-11 16:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-14 16:38 - 2014-06-11 06:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-14 16:38 - 2014-06-11 00:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-14 16:38 - 2014-05-30 01:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-14 16:38 - 2014-05-30 01:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-14 16:38 - 2014-02-04 12:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-14 15:47 - 2014-08-16 13:48 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-08-14 15:47 - 2014-08-14 15:47 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-08-14 15:45 - 2014-08-14 15:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-14 15:44 - 2014-08-14 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-14 15:42 - 2014-08-14 15:42 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-14 15:39 - 2014-08-14 16:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:39 - 2014-08-14 15:42 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-14 15:39 - 2014-08-14 15:39 - 00000000 __RHD () C:\MSOCache
2014-08-14 15:34 - 2014-08-14 15:34 - 00000000 ____D () C:\Users\User\Documents\Symantec
2014-08-14 15:32 - 2014-09-02 22:25 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-14 15:32 - 2014-08-16 12:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-14 15:32 - 2014-08-14 15:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-14 15:32 - 2014-08-14 15:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-14 15:30 - 2014-09-02 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-08-14 15:30 - 2014-09-02 22:25 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-08-14 15:30 - 2014-08-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-08-14 15:29 - 2014-08-14 15:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-14 15:27 - 2014-09-05 19:53 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214894856-3182142478-1087394404-1001
2014-08-14 15:21 - 2014-08-02 02:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 15:21 - 2014-08-02 02:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 15:08 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 15:06 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:06 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 14:59 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 14:59 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 14:59 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 14:59 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 14:59 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 14:59 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 14:59 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 14:59 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 14:59 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 14:59 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 14:59 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 14:59 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 14:59 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 14:59 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 14:59 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 14:59 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 14:59 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 14:59 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 14:59 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 14:59 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-14 14:58 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 14:58 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 14:58 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 14:58 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 14:58 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 14:58 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 14:58 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 15:36 - 2013-11-06 10:05 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 09:34 - 2013-11-06 10:05 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-09-06 18:38 - 2014-09-06 18:38 - 00016841 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-06 18:38 - 2014-09-05 19:12 - 00000000 ____D () C:\FRST
2014-09-06 18:35 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 18:34 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-06 18:32 - 2014-08-16 13:54 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-09-06 18:30 - 2014-07-09 18:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2014-09-06 18:22 - 2014-09-04 22:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-06 17:42 - 2014-09-05 18:51 - 00105072 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 11:22 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-06 11:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-05 19:53 - 2014-08-14 15:27 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3214894856-3182142478-1087394404-1001
2014-09-05 19:48 - 2014-09-05 19:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 19:25 - 2014-09-05 19:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 19:25 - 2014-09-05 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 19:25 - 2014-09-05 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 19:25 - 2014-09-05 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 19:12 - 2014-09-05 19:12 - 02104832 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-09-05 19:08 - 2013-11-06 18:32 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 19:08 - 2013-11-06 18:32 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 19:08 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 19:04 - 2014-09-05 19:04 - 00002058 _____ () C:\Windows\PFRO.log
2014-09-05 19:03 - 2014-09-05 19:02 - 00000000 ____D () C:\AdwCleaner
2014-09-05 19:01 - 2014-09-05 19:01 - 01370467 _____ () C:\Users\User\Downloads\adwcleaner_3.309.exe
2014-09-04 22:34 - 2014-08-30 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-09-04 22:32 - 2014-09-04 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-04 22:32 - 2014-09-04 22:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-04 22:32 - 2014-07-09 18:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-04 22:30 - 2014-09-04 22:30 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-04 21:48 - 2014-09-04 21:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-04 21:48 - 2014-09-04 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-04 21:47 - 2014-09-04 21:47 - 00000000 ____D () C:\Program Files\Java
2014-09-04 21:47 - 2014-07-09 18:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-04 21:37 - 2014-09-04 21:35 - 01101648 _____ () C:\Users\User\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe
2014-09-04 21:09 - 2013-10-09 15:00 - 00000000 ____D () C:\Windows\Panther
2014-09-04 21:04 - 2014-09-04 21:04 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-04 21:04 - 2014-09-04 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-04 21:03 - 2014-09-04 21:03 - 03826912 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup417_slim.exe
2014-09-02 23:57 - 2014-09-02 23:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\RHEng
2014-09-02 23:56 - 2014-09-02 23:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 23:56 - 2014-08-30 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 23:54 - 2014-09-02 23:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2014-09-02 23:52 - 2014-09-02 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-02 23:52 - 2014-09-02 23:49 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-02 23:48 - 2014-09-02 23:47 - 29605200 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter3.12.44.820.exe
2014-09-02 23:15 - 2014-09-02 22:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Songbird2
2014-09-02 22:57 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-02 22:56 - 2014-07-09 18:10 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-09-02 22:34 - 2014-09-02 22:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-02 22:33 - 2014-09-02 22:33 - 00000000 ____D () C:\Users\User\AppData\Local\Songbird2
2014-09-02 22:30 - 2014-09-02 21:59 - 00006190 _____ () C:\Users\User\Documents\iDumpClassic2013.txt
2014-09-02 22:25 - 2014-08-14 15:32 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-02 22:25 - 2014-08-14 15:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-09-02 22:25 - 2014-08-14 15:30 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\EscSoft
2014-09-02 21:59 - 2014-09-02 21:59 - 00000000 ____D () C:\Users\User\AppData\Local\SkinSoft
2014-09-02 17:08 - 2014-09-02 17:07 - 00004286 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 20:29 - 2014-08-30 14:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WindSolutions
2014-08-31 20:29 - 2014-08-30 14:26 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-08-31 20:02 - 2014-08-31 19:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.3 Release 1
2014-08-31 19:59 - 2014-08-31 19:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Music Liberator 10.2 Release 1
2014-08-30 14:40 - 2014-08-30 12:46 - 00002076 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2014-08-30 13:02 - 2014-08-30 12:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-08-30 12:59 - 2014-08-30 12:59 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer
2014-08-30 12:59 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\iTunes
2014-08-30 12:59 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-30 12:58 - 2014-08-30 12:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Users\User\AppData\Local\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-30 12:58 - 2014-08-30 12:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-30 12:58 - 2014-08-30 12:57 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-30 12:57 - 2014-08-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-30 12:56 - 2014-08-30 12:55 - 113492816 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes64Setup.exe
2014-08-30 12:46 - 2014-07-10 17:15 - 00002230 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-08-30 11:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-30 11:11 - 2014-08-15 15:53 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-29 19:58 - 2014-08-16 12:59 - 00355848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 19:04 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-29 17:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 23:42 - 2014-08-27 23:39 - 00000000 ____D () C:\Users\User\Documents\Bilder Rezepte
2014-08-27 23:28 - 2014-08-27 23:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-23 08:47 - 2014-08-29 17:13 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 14:27 - 2014-08-19 14:27 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2014-08-16 21:43 - 2014-07-09 18:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-08-16 13:49 - 2014-07-09 18:09 - 00000000 ____D () C:\Users\User\AppData\Local\Packages
2014-08-16 13:48 - 2014-08-14 15:47 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2014-08-16 12:59 - 2014-08-14 15:32 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-16 12:48 - 2014-08-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 12:47 - 2014-08-16 12:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-08-16 12:47 - 2014-08-16 12:46 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-08-16 12:45 - 2014-08-16 12:45 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-16 12:45 - 2014-08-16 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-08-15 18:05 - 2014-08-15 18:05 - 00000000 ____D () C:\ProgramData\ATI
2014-08-14 16:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-14 16:48 - 2014-08-14 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 16:45 - 2014-08-14 16:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 16:44 - 2014-08-14 16:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-14 16:23 - 2014-08-14 16:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-14 16:03 - 2014-07-09 20:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 16:01 - 2014-07-09 20:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:47 - 2014-08-14 15:47 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2014-08-14 15:45 - 2014-08-14 15:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-14 15:45 - 2014-08-14 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-14 15:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-14 15:42 - 2014-08-14 15:42 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-14 15:42 - 2014-08-14 15:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-14 15:40 - 2014-08-14 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-14 15:40 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew
2014-08-14 15:39 - 2014-08-14 15:39 - 00000000 __RHD () C:\MSOCache
2014-08-14 15:34 - 2014-08-14 15:34 - 00000000 ____D () C:\Users\User\Documents\Symantec
2014-08-14 15:33 - 2013-11-06 10:25 - 00000000 ____D () C:\ProgramData\Norton
2014-08-14 15:32 - 2014-08-14 15:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-14 15:32 - 2014-08-14 15:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-14 15:32 - 2014-08-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-14 15:30 - 2014-08-14 15:30 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-08-14 15:29 - 2014-08-14 15:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-14 15:21 - 2013-10-09 14:42 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:04 - 2013-11-06 10:25 - 00000000 ____D () C:\ProgramData\boost_interprocess

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-29 18:23

==================== End Of Log ============================
--- --- ---

--- --- ---

deeprybka 06.09.2014 18:12
Prima gemacht! :daumenhoc

Zum Abschluss:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

MarieClara 07.09.2014 12:21
Ich hab den letzten Schritt jetzt nicht mehr ausgeführt, aber die blau unterstrichenen Wörter sind schon weg!!! :) :) :)
Soll ich den letzten Schritt dennoch ausführen?

deeprybka 07.09.2014 12:59
Hi,
ja bitte! Wir sind ja noch nicht fertig. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27