Die Startseite war erst irgendeine Suchmaschine, die ich nicht mehr erinnere. Jetzt ist es ASK, nachdem ich irgendeine andere Software runterlud und irrtuemlich auch ASK akzeptierte. Und ich kann die Startseite nicht dauerhaft ändern. Sie springt immer wieder zurueck auf ASK.
Dann öffnen sich immer noch andere Webseiten (in einem neuen Fenster), ohne dass ich dies wuensche oder gar angeklickt habe.
Insgesamt ist alles viel langsamer.
Hier kommen die Files:
defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:22 on 13/11/2013 (SantaClara)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013 01
Ran by SantaClara (administrator) on MELO on 13-11-2013 21:29:16
Running from C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\windows\system32\EscSvc64.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
() C:\Program Files (x86)\Speed Test Analysis\BackgroundHost64.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Farbar) C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe [214360 2011-01-21] (NewSoft Technology Corporation)
HKCU\...\Run: [iMesh] - C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31012720 2013-11-03] (iMesh, Inc)
MountPoints2: {1ed749e8-69f2-11e2-be68-806e6f6e6963} - "D:\InstallNavi.exe"
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074736 2013-10-29] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-10-29] (Iminent)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll [23616 2013-10-10] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll [20032 2013-10-10] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SantaClara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [486464 2013-10-10] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [659008 2013-10-10] () <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {74BFD63A-383B-407D-8AC1-BDD4E79720F3} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n9639-163&apn_uid=4136014975604365&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1911A78D-EEBF-40DB-A918-D8BD7E920A5C&ref=toolbox&q={searchTerms}
BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost64.dll (SpeedAnalysis.com)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\bh\iminent.dll (Iminent)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: coontiinueTosoave - {1DCE63B7-6C05-D920-EC87-68F8A715C19E} - C:\ProgramData\coontiinueTosoave\51a0b97656bd7.dll No File
BHO-x32: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO-x32: EbOoKBrowsoe - {C2AD2A3F-CECC-7692-CE9E-218B032C6887} - C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll (Iminent)
Toolbar: HKLM-x32 - Music Toolbar (Dist. by iMesh, Inc.) - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR Extension: (EbOoKBrowsoe) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobdkjkcffjijahpmjpgipkpdggpmoeo\1
CHR Extension: (Iminent) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.43.4.1_0
CHR Extension: () - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5
CHR Extension: (coontiinueTosoave) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlohpbniocddkjfjaoiemefphfnfjpaf\1
CHR Extension: (Iminent Chrome Toolbar) - C:\Users\SANTAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis\SpeedTestAnalysis.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminent.crx
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3423808 2013-10-10] (iMesh Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2886464 2013-10-29] (Iminent)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)
==================== Drivers (Whitelisted) ====================
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-10-11] (Emsisoft GmbH)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-10-11] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131112.002\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131113.001\ENG64.SYS [126040 2013-11-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131113.001\EX64.SYS [2099288 2013-11-08] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [x]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-13 21:27 - 2013-11-13 21:28 - 00000000 ____D C:\Users\SantaClara\Desktop\Trojaner-Hilfe
2013-11-13 21:22 - 2013-11-13 21:22 - 00000482 _____ C:\Users\SantaClara\Desktop\defogger_disable.log
2013-11-13 21:22 - 2013-11-13 21:22 - 00000000 _____ C:\Users\SantaClara\defogger_reenable
2013-11-13 08:03 - 2013-11-13 08:03 - 00002573 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-13 07:55 - 2013-11-13 07:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-13 01:28 - 2013-11-13 01:28 - 00000000 ____D C:\ProgramData\A3C7
2013-11-13 01:27 - 2013-11-13 01:27 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 01:27 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-13 01:27 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-12 23:31 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-12 23:31 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-12 23:31 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-12 23:31 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-12 23:31 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-11-12 23:31 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-11-12 23:31 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-11-12 23:31 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-11-12 23:31 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-11-12 23:31 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-11-12 23:31 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-12 23:31 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-11-12 23:31 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-11-12 23:31 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-11-12 23:31 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-11-12 23:31 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-11-12 23:31 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-11-12 23:31 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-11-12 23:31 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-12 23:31 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-11-12 23:31 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-11-12 23:31 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-11-12 23:30 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-12 23:30 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-12 23:30 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-12 23:30 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-12 23:30 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-12 23:30 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-12 23:30 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-12 23:30 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-12 23:30 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-12 23:30 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-12 23:30 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-12 23:30 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-12 23:29 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-12 23:29 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-12 23:29 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-12 23:29 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-12 23:29 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-12 23:29 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-12 23:29 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-12 23:29 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-12 23:29 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-12 23:29 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-12 23:29 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\Browser Manager
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-11 01:49 - 2013-11-11 01:49 - 00000000 ____D C:\FRST
2013-11-11 01:43 - 2013-11-11 01:43 - 00001188 _____ C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00001184 _____ C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\Documents\My Received Files
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\MusicNet
2013-11-11 01:26 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Local\iMesh
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\ProgramData\Wincert
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-11 01:25 - 2013-11-13 21:29 - 00000000 ____D C:\ProgramData\Datamngr
2013-11-11 01:25 - 2013-11-11 01:25 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-11-11 01:07 - 2013-11-11 01:07 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Sun
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Oracle
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-11 00:08 - 2013-11-11 00:08 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-11-11 00:07 - 2013-11-11 00:08 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis
2013-11-11 00:07 - 2013-11-11 00:08 - 00000000 ____D C:\Program Files (x86)\Speed Test Analysis
2013-11-11 00:07 - 2013-11-11 00:07 - 00001272 _____ C:\Users\SantaClara\Desktop\SpeedTestAnalysis.lnk
2013-11-11 00:07 - 2013-11-11 00:07 - 00000635 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\ProgramData\Iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\IminentToolbar
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\IN-MEDIAKG
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\HomepageFIX2013
2013-11-10 13:42 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2013-11-10 13:42 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-11-10 13:42 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2013-11-10 13:42 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-11-10 13:42 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2013-11-10 13:42 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2013-11-10 13:41 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2013-11-10 13:41 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2013-11-10 13:41 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2013-11-10 13:41 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2013-11-10 13:41 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2013-11-10 13:41 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2013-11-10 13:41 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2013-11-10 13:41 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2013-11-10 13:41 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-11-10 13:41 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2013-11-10 13:41 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-11-10 13:41 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-11-10 13:41 - 2013-07-31 00:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml
2013-11-10 13:41 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2013-11-10 13:41 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2013-11-08 08:16 - 2013-11-08 08:16 - 00001938 _____ C:\Users\SantaClara\Desktop\Memory Cleaner.lnk
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\KoshyJohn.com
2013-10-22 23:03 - 2013-10-22 23:03 - 00001946 _____ C:\Users\Public\Desktop\SW Update.lnk
2013-10-20 14:10 - 2013-10-20 14:12 - 00010307 _____ C:\Users\SantaClara\Documents\Kontakte ausland.odt
2013-10-14 00:12 - 2013-10-30 08:33 - 00000000 ____D C:\Users\SantaClara\AppData\Local\Thunderbird
2013-10-14 00:12 - 2013-10-14 00:12 - 00002086 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-10-14 00:12 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Thunderbird
2013-10-14 00:11 - 2013-11-09 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-14 00:11 - 2013-11-02 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-14 00:11 - 2013-10-14 00:11 - 00000000 ____D C:\ProgramData\Mozilla
==================== One Month Modified Files and Folders =======
2013-11-13 21:29 - 2013-11-11 01:25 - 00000000 ____D C:\ProgramData\Datamngr
2013-11-13 21:28 - 2013-11-13 21:27 - 00000000 ____D C:\Users\SantaClara\Desktop\Trojaner-Hilfe
2013-11-13 21:22 - 2013-11-13 21:22 - 00000482 _____ C:\Users\SantaClara\Desktop\defogger_disable.log
2013-11-13 21:22 - 2013-11-13 21:22 - 00000000 _____ C:\Users\SantaClara\defogger_reenable
2013-11-13 21:22 - 2013-04-27 18:48 - 00000000 ____D C:\Users\SantaClara
2013-11-13 21:19 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-13 21:17 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-11-13 08:04 - 2013-01-28 18:21 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-13 08:04 - 2013-01-28 18:21 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-13 08:04 - 2013-01-28 18:20 - 00000000 ____D C:\ProgramData\Norton
2013-11-13 08:03 - 2013-11-13 08:03 - 00002573 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-11-13 08:01 - 2013-01-28 18:20 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2013-11-13 08:01 - 2013-01-28 18:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-13 07:55 - 2013-11-13 07:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-13 01:34 - 2013-02-03 03:58 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-11-13 01:34 - 2013-02-03 03:58 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-11-13 01:34 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-13 01:29 - 2013-01-28 18:22 - 00000000 ____D C:\ProgramData\WinClon
2013-11-13 01:28 - 2013-11-13 01:28 - 00000000 ____D C:\ProgramData\A3C7
2013-11-13 01:27 - 2013-11-13 01:27 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-13 01:26 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-13 01:21 - 2013-01-28 17:15 - 01470106 _____ C:\windows\WindowsUpdate.log
2013-11-13 01:21 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-13 01:21 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2013-11-13 01:13 - 2013-08-27 06:13 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 01:09 - 2013-06-04 05:58 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 23:27 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-11-11 02:13 - 2013-04-27 18:52 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-11 02:13 - 2013-04-27 18:52 - 00000000 ___RD C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-11 02:12 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\Browser Manager
2013-11-11 01:56 - 2013-11-11 01:56 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-11 01:49 - 2013-11-11 01:49 - 00000000 ____D C:\FRST
2013-11-11 01:43 - 2013-11-11 01:43 - 00001188 _____ C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00001184 _____ C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\Documents\My Received Files
2013-11-11 01:43 - 2013-11-11 01:43 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\MusicNet
2013-11-11 01:43 - 2013-11-11 01:26 - 00000000 ____D C:\Users\SantaClara\AppData\Local\iMesh
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\ProgramData\Wincert
2013-11-11 01:26 - 2013-11-11 01:26 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-11 01:25 - 2013-11-11 01:25 - 00000000 ____D C:\Program Files (x86)\Music Toolbar
2013-11-11 01:07 - 2013-11-11 01:07 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-11 01:07 - 2013-11-11 01:07 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Sun
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\ProgramData\Oracle
2013-11-11 01:07 - 2013-11-11 01:07 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-11 00:08 - 2013-11-11 00:08 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-11-11 00:08 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\SpeedTestAnalysis
2013-11-11 00:08 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Speed Test Analysis
2013-11-11 00:08 - 2013-04-27 18:50 - 00000000 ____D C:\Users\SantaClara\AppData\Local\VirtualStore
2013-11-11 00:07 - 2013-11-11 00:07 - 00001272 _____ C:\Users\SantaClara\Desktop\SpeedTestAnalysis.lnk
2013-11-11 00:07 - 2013-11-11 00:07 - 00000635 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\ProgramData\Iminent
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\IminentToolbar
2013-11-11 00:07 - 2013-11-11 00:07 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\IN-MEDIAKG
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\mresreg
2013-11-11 00:06 - 2013-11-11 00:06 - 00000000 ____D C:\Program Files (x86)\HomepageFIX2013
2013-11-09 19:41 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-11-09 19:38 - 2013-10-14 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-09 19:38 - 2012-08-05 22:07 - 00030208 _____ C:\windows\PFRO.log
2013-11-09 19:05 - 2013-02-17 17:21 - 00000000 ____D C:\windows\Minidump
2013-11-09 11:43 - 2013-09-14 20:11 - 00000000 ___RD C:\Users\SantaClara\Dropbox
2013-11-09 11:43 - 2013-09-14 20:05 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Dropbox
2013-11-09 11:24 - 2013-08-27 22:45 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\.oit
2013-11-09 11:14 - 2013-06-16 16:33 - 00000000 ____D C:\Users\SantaClara\AppData\Local\CrashDumps
2013-11-08 08:16 - 2013-11-08 08:16 - 00001938 _____ C:\Users\SantaClara\Desktop\Memory Cleaner.lnk
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
2013-11-08 08:16 - 2013-11-08 08:16 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\KoshyJohn.com
2013-11-05 23:58 - 2013-11-13 01:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-13 01:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 22:51 - 2013-05-14 18:27 - 00000000 ____D C:\Users\SantaClara\Documents\Photomuseum
2013-11-02 17:44 - 2013-10-14 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-31 23:08 - 2013-07-14 19:22 - 00014199 _____ C:\Users\SantaClara\Documents\pswd.odt
2013-10-31 07:05 - 2013-07-07 22:21 - 00000000 ____D C:\Users\SantaClara\Documents\Verwaltung - eigene
2013-10-30 08:33 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Local\Thunderbird
2013-10-22 23:03 - 2013-10-22 23:03 - 00001946 _____ C:\Users\Public\Desktop\SW Update.lnk
2013-10-22 23:03 - 2013-01-28 18:25 - 00000000 ____D C:\ProgramData\Samsung
2013-10-21 07:05 - 2013-04-27 18:58 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-182115508-3913688524-3247281400-1001
2013-10-20 14:12 - 2013-10-20 14:10 - 00010307 _____ C:\Users\SantaClara\Documents\Kontakte ausland.odt
2013-10-20 13:16 - 2013-07-07 10:16 - 00000000 ____D C:\Users\SantaClara\Documents\Beruf - Recht - BWL
2013-10-18 22:00 - 2013-05-17 19:01 - 00000000 ____D C:\Users\SantaClara\Documents\yo
2013-10-14 00:12 - 2013-10-14 00:12 - 00002086 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-10-14 00:12 - 2013-10-14 00:12 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Thunderbird
2013-10-14 00:12 - 2013-05-22 19:47 - 00000000 ____D C:\Users\SantaClara\AppData\Roaming\Mozilla
2013-10-14 00:11 - 2013-10-14 00:11 - 00000000 ____D C:\ProgramData\Mozilla
Files to move or delete:
====================
C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Some content of TEMP:
====================
C:\Users\SantaClara\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\SantaClara\AppData\Local\Temp\Delta.exe
C:\Users\SantaClara\AppData\Local\Temp\DeltaTB.exe
C:\Users\SantaClara\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\SantaClara\AppData\Local\Temp\MybabylonTB.exe
C:\Users\SantaClara\AppData\Local\Temp\propsys.dll
C:\Users\SantaClara\AppData\Local\Temp\SpeedTestSetup.exe
C:\Users\SantaClara\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-08 07:36
==================== End Of Log ============================
--- --- ---
Additional
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2013 01
Ran by SantaClara at 2013-11-13 21:30:29
Running from C:\Users\SantaClara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JW3PF89
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Reader X (10.1.3) MUI (x32 Version: 10.1.3)
AllSharePlayLink (x32 Version: 1.0.0)
Anleitung für Epson Connect (x32)
Bitcasa version 0.9.20.4135 (Version: 0.9.20.4135)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
Dropbox (HKCU Version: 2.0.26)
Easy File Share (x32 Version: 1.3.6)
EbOoKBrowsoe (x32 Version: )
Elements 11 Organizer (x32 Version: 11.0)
E-POP (x32 Version: 1.0.1)
Epson Benutzerhandbuch WF-3520 Series (x32)
Epson Event Manager (x32 Version: 3.01.0005)
Epson FAX Utility (x32 Version: 1.30.00)
Epson Netzwerkhandbuch WF-3520 Series (x32)
Epson PC-FAX Driver (x32)
EPSON Scan (x32)
EPSON WF-3520 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.6.0)
ETDWare X64 11.7.5.5_WHQL (Version: 11.7.5.5)
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Help Desk (Version: 1.0.9)
HomepageFIX 2013 (x32 Version: Aktuelle Version)
iMesh (HKCU Version: 12.5.0.134165)
Iminent (x32 Version: 6.44.21.0)
Iminent Toolbar on IE and Chrome (x32 Version: 1.8.26.8)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2963)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Maintenance Service (x32 Version: 24.1.0)
Mozilla Thunderbird 24.1.0 (x86 de) (x32 Version: 24.1.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Music Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (x32 Version: 1.6.2.0)
Norton Internet Security (x32 Version: 20.4.0.40)
Norton Online Backup (x32 Version: 2.2.3.51)
Norton Online Backup ARA (x32 Version: 4.1.0.14)
Nvu 1.0 (x32 Version: 1.0)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PDF24 Creator 5.6.0 (x32)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Plants vs. Zombies (x32)
Presto! PageManager 9.03 SE (x32 Version: 9.03.06)
PSE11 STI Installer (x32 Version: 11.0)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.4.907.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6818)
Recovery (x32 Version: 6.0.9.6)
S Agent (Version: 1.1.45)
Settings (x32 Version: 2.0.1)
Speed Test Analysis (x32 Version: 1.0.0.5)
Support Center (Version: 2.1.100)
Support Center FAQ (x32 Version: 1.0.9)
SW Update (x32 Version: 2.1.21)
User Guide (x32 Version: 1.2.00)
Winamp (x32 Version: 5.64 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
==================== Restore Points =========================
29-10-2013 06:01:11 Geplanter Prüfpunkt
06-11-2013 02:44:06 Geplanter Prüfpunkt
10-11-2013 12:47:10 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0168A4EE-AC81-4967-AAED-CD003A4C6947} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {2CADA547-8CFA-4245-B58A-00D272DB12D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {62FB137C-D70D-49A6-92A8-B7B89BFE0326} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {877A8539-1C1D-46E7-BDBD-81A53099C9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A3DF6F31-43C0-40BC-8842-C0E077EE20F3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC)
Task: {BC0B6D51-68C9-421B-AC14-85B6740BBE1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C4F4FFEC-BFAC-4211-9548-EBE463A7FF4B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {D1AB0C06-FECF-45C8-B2B7-313104E19475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {F7AD3C9F-972C-4709-98DD-F4CF63BED337} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: {FE78C4F4-BA55-4FB6-BA74-F0ABA4D1ED45} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) =============
2013-11-11 01:25 - 2013-10-10 12:55 - 00659008 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
2013-01-03 01:50 - 2012-11-01 06:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-31 12:57 - 2012-10-31 12:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 12:52 - 2012-10-31 12:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 12:55 - 2012-10-31 12:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-09-30 10:32 - 2013-09-30 10:32 - 00333632 _____ () C:\Program Files (x86)\Speed Test Analysis\ButtonSite64.dll
2013-11-11 01:25 - 2013-10-10 12:55 - 00023616 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll
2013-11-11 01:25 - 2013-10-10 12:55 - 00020032 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll
2013-11-11 01:25 - 2013-10-10 12:55 - 00486464 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 08:26 - 2012-11-30 08:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-11-11 01:26 - 2013-11-03 23:11 - 03216240 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll
2013-11-11 01:26 - 2013-11-03 23:11 - 00444784 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avformat-51.dll
2013-11-11 01:26 - 2013-11-03 23:11 - 00030576 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll
2013-11-11 01:26 - 2013-11-03 23:11 - 00800624 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ResourcesLoc.dll
2013-11-11 01:26 - 2013-11-03 23:11 - 01553776 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\nickel.ocx
2013-11-11 01:26 - 2013-11-03 23:11 - 00153456 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ammp3.dll
2013-06-10 23:06 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-01-28 18:08 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-08-15 12:12 - 2011-08-15 12:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-06-14 03:57 - 2012-06-14 03:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 12:12 - 2011-08-15 12:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 12:15 - 2011-08-15 12:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 08:41 - 2011-08-17 08:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 08:48 - 2011-08-17 08:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 08:48 - 2011-08-17 08:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 11:23 - 2011-08-15 11:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-06-14 03:56 - 2012-06-14 03:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-06-14 04:06 - 2012-06-14 04:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-06-14 03:55 - 2012-06-14 03:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 08:05 - 2011-07-19 08:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 12:17 - 2011-08-15 12:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 08:04 - 2011-07-19 08:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2013-05-25 13:31 - 2013-05-25 14:16 - 00112128 _____ () C:\ProgramData\EbOoKBrowsoe\51a0b992c832f.dll
2013-06-10 23:06 - 2012-05-30 07:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/13/2013 09:24:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (11/13/2013 08:44:57 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ccSet.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519abdb0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x659ab88e
ID des fehlerhaften Prozesses: 0x16a8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (11/13/2013 00:25:55 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x2c5c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (11/13/2013 00:25:43 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x1750
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (11/12/2013 11:40:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (11/12/2013 11:36:20 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b50
Startzeit: 01cedff78a190f0f
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID: d7835319-4bea-11e3-be9d-50b7c3fc4b60
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/12/2013 11:35:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x1318
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (11/12/2013 11:21:28 PM) (Source: Application Hang) (User: )
Description: Programm WWAHost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fd4
Startzeit: 01cedff578eb9a10
Endzeit: 4294967295
Anwendungspfad: C:\Windows\System32\WWAHost.exe
Berichts-ID: c04c97fb-4be8-11e3-be9d-50b7c3fc4b60
Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store
Error: (11/12/2013 11:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Melo)
Description: Die App „winstore_cw5n1h2txyewy!Windows.Store“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (11/11/2013 01:20:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x2e20
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
System errors:
=============
Error: (11/13/2013 08:45:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/13/2013 01:41:16 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/11/2013 11:49:19 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/11/2013 08:41:48 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/11/2013 02:35:49 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/11/2013 01:26:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Datamngr Coordinator" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/11/2013 00:07:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/09/2013 06:40:35 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/09/2013 01:10:20 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Error: (11/09/2013 00:28:42 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
Microsoft Office Sessions:
=========================
Error: (11/13/2013 09:24:19 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\SantaClara\Documents\Programme\computerbild_downloader_fuer_pdfcreator .exe
Error: (11/13/2013 08:44:57 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ccSet.dll_unloaded0.0.0.0519abdb0c0000005659ab88e16a801cee03b88eb7b0bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll7d9e540f-4c37-11e3-be9e-50b7c3fc4b60
Error: (11/13/2013 00:25:55 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2c5c01cedffe84b4c98dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllc69e31f7-4bf1-11e3-be9d-50b7c3fc4b60
Error: (11/13/2013 00:25:43 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c175001cedff6d715dc09C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllbf770bb0-4bf1-11e3-be9d-50b7c3fc4b60
Error: (11/12/2013 11:40:47 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c16f401cedff78a144a4cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll7861103e-4beb-11e3-be9d-50b7c3fc4b60
Error: (11/12/2013 11:36:20 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16537b5001cedff78a190f0f4294967295C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd7835319-4bea-11e3-be9d-50b7c3fc4b60
Error: (11/12/2013 11:35:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c131801cedeae8e211f16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dllc011c8a6-4bea-11e3-be9d-50b7c3fc4b60
Error: (11/12/2013 11:21:28 PM) (Source: Application Hang)(User: )
Description: WWAHost.exe6.2.9200.164201fd401cedff578eb9a104294967295C:\Windows\System32\WWAHost.exec04c97fb-4be8-11e3-be9d-50b7c3fc4b60winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store
Error: (11/12/2013 11:21:18 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Melo)
Description: winstore_cw5n1h2txyewy!Windows.Store
Error: (11/11/2013 01:20:59 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c2e2001cede73e4dec321C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll232d7113-4a67-11e3-be9c-50b7c3fc4b60
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3795.53 MB
Available physical RAM: 2286.03 MB
Total Pagefile: 15571.54 MB
Available Pagefile: 13782.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:443.17 GB) (Free:385.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B20F2230)
Partition: GPT Partition Type
==================== End Of Log ============================
GMER
GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-13 21:50:49
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 TOSHIBA_MQ01ABD050 rev.AX002F 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SANTAC~1\AppData\Local\Temp\pxloypog.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\Explorer.EXE[2412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f836d5177a 4 bytes [D5, 36, F8, 07]
.text C:\windows\Explorer.EXE[2412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f836d51782 4 bytes [D5, 36, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [600:632] fffff960008ef5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
--- --- ---