Hallo, ich fürchte ich habe mir einen Virus eingefangen. Seit einer Stunde läuft mein Prozessor mit 100% - der Task Manager zeigt dass ein Programm "Coin-miner (32-bit)" die ganze Last verursacht. Ich bitte um Hilfe, hoffe ich hab das mit den log files richtig gemacht. Gruss mamic Gruss mamic HTML-Code: OTL Extras logfile created on: 15.06.2013 14:43:15 - Run 1 OTL by OldTimer - Version Folder = G:\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,69% Memory free 9,10 Gb Paging File | 6,93 Gb Available in Paging File | 76,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 20,50 Gb Free Space | 27,54% Space Free | Partition Type: NTFS Drive E: | 379,63 Gb Total Space | 11,30 Gb Free Space | 2,98% Space Free | Partition Type: NTFS Drive G: | 75,19 Gb Total Space | 16,79 Gb Free Space | 22,32% Space Free | Partition Type: NTFS Drive H: | 9,77 Gb Total Space | 0,80 Gb Free Space | 8,17% Space Free | Partition Type: NTFS Computer Name: YPS | User Name: Santa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AA2EAD-5274-4D92-9EDD-D49C8061DE85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0A53D4A1-9579-4BC2-B94A-A70C9A0E055A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19FBCE80-5F45-4E38-A25A-7E4FCBC90F1A}" = lport=138 | protocol=17 | dir=in | app=system | "{244C4895-4C76-475A-8613-6FFEC6114CCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{34544656-2DAE-49C1-BAC3-54D53767C889}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A426161-B67B-4454-B706-29AE10C1B108}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4560CD55-5749-404E-A939-5EBC735E61C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52DB5E37-0527-4BB7-A20C-7C7CC57B9A0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5A9ECE9F-4BF2-42D0-9D9A-B9D4F80D60C4}" = rport=139 | protocol=6 | dir=out | app=system | "{782D33FC-6480-4395-8780-8ADA2333039B}" = lport=445 | protocol=6 | dir=in | app=system | "{7A8B0523-3C55-4896-A3C8-C0FBF339F5DB}" = lport=139 | protocol=6 | dir=in | app=system | "{7E6793FA-A50C-4EF9-BB7E-4E1F38E284AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{85F92CF4-C2D8-47DB-9EF0-71E7CD5FA6E5}" = rport=138 | protocol=17 | dir=out | app=system | "{9F208396-A77A-44E3-9C6B-1F0BB54FF12A}" = lport=137 | protocol=17 | dir=in | app=system | "{A0388511-25AA-4D35-9F80-F78ABC20CE71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AC00F4B2-03A0-4162-B5E9-1359D94AECD7}" = rport=445 | protocol=6 | dir=out | app=system | "{B1E4266C-F3A2-4A76-BE67-7E2D01642C09}" = rport=137 | protocol=17 | dir=out | app=system | "{BF853237-B7F5-4A2C-B93D-7F4303032217}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C2EE18AE-FC12-4122-BDC8-177E36D27502}" = lport=10243 | protocol=6 | dir=in | app=system | "{D6A2F78B-C065-48AE-8912-1DFD00F0A5C9}" = lport=2869 | protocol=6 | dir=in | app=system | "{E72414E9-7784-4A30-B89F-05F5C33783BB}" = rport=10243 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027DB729-8992-4FE4-9DD8-58A7AC6BE651}" = dir=in | name=hp printer control | "{0C05591A-9238-4A1D-AED6-9A1AFBB11496}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{0CF432F0-4FFE-4F0B-B651-E3465D500302}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D9D7EF4-DB63-4175-8FF6-D2616FEB69DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{12A6FBCF-1CCD-48FE-9C56-019F98C1FAA0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{14777555-956F-47D7-993A-D472AF732C33}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{1EB804B3-94AD-47AF-9CB0-3764F1ABA454}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{20859E39-FAE7-4EB7-98AC-89F754271DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{21DF9161-2A80-4156-A1EB-2A58D562BE36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2236FC6B-DC1B-4981-9A96-525EA9CEE2A7}" = dir=out | name=markpad | "{22971F3B-30F1-4838-8AC7-924A0FDA7B24}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{28BD4296-755B-412D-BAD9-1DC7904E9B2B}" = protocol=6 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe | "{2BC61803-8966-4177-ADC2-9F35D6EB708D}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{3538CDF3-BDFF-42CB-AF64-E67605FEAAB1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{3A49E9EB-7A1D-42CF-A343-20D7AF2BED14}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{469D8B87-0048-4685-B3A8-303ADE675E51}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{4970466E-478E-4B4B-85B5-5B9869855E68}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{4BB6A9DB-485B-4DAA-B0EB-17269824B4A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4C7F2F77-C433-4E3E-8EFB-887820E110E3}" = dir=out | name=microsoft mahjong | "{4C8F411F-8215-46E9-86A7-89059315C2E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4E70F3BA-40A1-4E8E-8772-3CFFCF96055C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4F024861-4F05-4982-BE65-1207B7809425}" = dir=out | name=zattoo live tv | "{515BF6C9-03CD-41E6-A5CF-097384F10FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{5187ACB3-FF8A-4F15-A69F-CDE17E6571E2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{546A0FEA-EC1D-4819-B3D5-D03A52577106}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{58C20550-7352-46F3-95C2-A49536858BEE}" = protocol=6 | dir=out | app=system | "{5C307656-20D2-40C2-AD79-4A4A156DCFE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{61353486-E23E-48B7-9299-F2C382431FFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{62E92688-C722-49D4-9F83-543CBC6C2E6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68746105-F548-4015-994E-19B030550E14}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{68DE01C1-BC82-488A-88C7-85A9C56BF944}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{712E3597-2DE4-4FFC-909A-27301688F5C4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{71E9C46B-8A1F-4A02-9EE7-6953B2EB06DF}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{77989DFD-C88A-468A-BB31-2DC0DF9A3C2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{791D45AE-0DCC-4087-840E-5760D900E96D}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | "{7F279CB9-8C3B-4A34-90DA-1ABB175A6EED}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{80089ADB-FE50-428D-9C83-5718E7C56EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{8C0B3F93-04A7-4922-9390-028664EF281F}" = dir=out | name=hp printer control | "{8D2B8401-5AA2-4DC6-B1FD-950FA6CD51F8}" = dir=out | name=wortsuche | "{904BE012-DA54-43C3-A0A2-9599278432CA}" = dir=in | name=qool | "{921A3E3E-C41C-4F81-B016-955468619A84}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{923C623D-633C-4DF3-91CA-16C15DED16E2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{92B500F6-C137-4544-BD52-D90D2EF9B44A}" = dir=out | name=google search | "{94C0ED25-AD1F-4955-BCD3-2D1577EAD9FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{97B41FB1-87FA-4AB6-BEC4-9E9EF314BA7B}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{9AF7E8C5-E9BF-4768-90BC-1DC3E7087153}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{9B6CEEBC-48EE-41D3-B2D5-BC81BE29155A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9C2DD098-75D2-4308-B95A-1B27C0EAE1CF}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{A31FE256-F40C-4ACA-8CE4-02B48A42C51A}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{A47A4837-7445-4066-B16A-4CBCAF74C088}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{AA71A175-43CE-40CE-BE0C-CCDDAEF43AAA}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{AEE19888-B76D-4E27-AA48-557420B7DDFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B7B674D5-BA0D-482B-82D7-0DEC5756C9A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B8A76143-4973-4EE3-92CF-11D0A89F09DB}" = dir=out | name=qool | "{BC3A60DD-BC1C-4FAB-8474-F91001C870D1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{C3E6E7A3-EA2B-482B-A2D1-3AD58E668163}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{C4E4853F-3746-4426-A321-92B08BF40EED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C628FA0B-2246-4278-A55B-F5BFF54667CD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | "{CEB3457F-7E41-405F-96CE-EBE76C6FC8D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D1C8F549-2F3B-4D32-8E9B-E6B9F6380A8E}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{D411DE5A-CA04-42A1-B098-BF95E9D2EFCB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D49C1D8E-BEE3-4083-8FD3-7A82DBA9F43B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D6798907-2749-47D7-B694-77731C3EAAB3}" = dir=out | name=bubblebreaker | "{D9887D69-EEB0-4970-8EB3-54AB3A6ADE97}" = dir=out | name=tv-programm | "{DB21E116-0A65-4759-8076-810ECCAF57FD}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E62DB4B0-B75A-4A59-951B-DC6A88A05CDC}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E9428011-4376-4A69-B7FD-0BCC6C63906B}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | "{EA738C74-D371-4CC9-BAEC-14BF865DD34F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{EC4939F6-495F-413F-9F4B-7B7831E7330D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{ED8578FE-9501-417C-A54D-E75A1AF5D38B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9498454-EC8F-4A37-90DD-9E5B6A861F67}" = protocol=17 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe | "{FEEC421E-B699-4007-BA33-939589DE98D3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{FF2802A5-FBC9-4D57-A8A6-7AC6180BAAD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF2AD749-CCB8-4CCD-83B6-DD79B59D25E2}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "TCP Query User{4DB8D40E-2A9D-4DAF-808E-AE1BA667A6EB}C:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{C1FDC4A8-882D-417F-BB9A-4558F902A2AC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{27A6ECDF-C27B-47E7-8E62-37F87BC64E1B}C:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\santa\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{2835BC31-F622-448F-B293-E7E7B03376E8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{088AD1DB-D1D7-469A-AE6C-1EBD766ACB5A}" = Newshosting "{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi-Software "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{2FE46568-5754-43AE-A289-0A8A7E5BCEAE}" = calibre 64bit "{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{7B324AC3-57C3-4701-B023-F54D78546BFA}_is1" = Windows Service-Center 2013 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}" = Classic Shell "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9B3F0A88-790D-3AD9-9F96-B19CF2746452}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Lenovo Bluetooth with Enhanced Data Rate Software "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "BatteryBar" = BatteryBar (remove only) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "KeyLemon" = KeyLemon "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = Lenovo Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "TeraCopy_is1" = TeraCopy 2.27 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3 "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA5009F6-E65C-4DBD-92B8-988F0ADD1E99}" = SlimDrivers "{B78203BF-CF9C-4163-B6C3-B70A27A646EE}" = 8GadgetPack "{DD2FEA6F-5AC2-46B2-0001-C2A0C077FD2C}" = Simply Good Pictures 2 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.22.18.01 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "ArchiCrypt Live 6_is1" = ArchiCrypt Live Version "doubleTwist" = doubleTwist "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Foxit Reader_is1" = Foxit Reader "FreeFileSync" = FreeFileSync 5.12 "Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.1 "Glary Utilities_is1" = Glary Utilities "Google Chrome" = Google Chrome "HandBrake" = HandBrake "ImgBurn" = ImgBurn "IrfanView" = IrfanView (remove only) "ISO Workshop_is1" = ISO Workshop 4.2 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Network Meter_is1" = Network Meter version 9.1 "Notepad++" = Notepad++ "PdaNet_is1" = PdaNet+ for Android 4.12 "Picasa 3" = Picasa 3 "Q-Dir" = Q-Dir "Revo Uninstaller" = Revo Uninstaller 1.94 "Secunia PSI" = Secunia PSI ( "TeamViewer 8" = TeamViewer 8 "TrueCrypt" = TrueCrypt "UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft "uTorrent" = µTorrent "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 2.0.6 "Yahoo! Messenger" = Yahoo! Messenger [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MusicManager" = Music Manager [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 13.06.2013 16:37:15 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: unknown, Version:, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6ea42366 ID des fehlerhaften Prozesses: 0x1f8c Startzeit der fehlerhaften Anwendung: 0x01ce6875c9b2723c Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 07fc5b60-d469-11e2-beb4-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 13.06.2013 16:37:22 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: unknown, Version:, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00001a5 Fehleroffset: 0x00d149b0 ID des fehlerhaften Prozesses: 0x1884 Startzeit der fehlerhaften Anwendung: 0x01ce6875ce919903 Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0c4a10cf-d469-11e2-beb4-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 13.06.2013 16:37:23 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: unknown, Version:, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6ea42366 ID des fehlerhaften Prozesses: 0x1884 Startzeit der fehlerhaften Anwendung: 0x01ce6875ce919903 Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0cd6bd5f-d469-11e2-beb4-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 13.06.2013 17:04:13 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version:, Zeitstempel: 0x4fd1c0c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ebd59 ID des fehlerhaften Prozesses: 0x754 Startzeit der fehlerhaften Anwendung: 0x01ce68480457b5be Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\CxAudMsg64.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: cc2db026-d46c-11e2-beb4-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 14.06.2013 15:19:25 | Computer Name = YpS | Source = Microsoft-Windows-LocationProvider | ID = 2006 Description = There was an error with the Windows Location Provider database Error - 15.06.2013 01:51:58 | Computer Name = YpS | Source = VSS | ID = 8194 Description = Error - 15.06.2013 06:48:17 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000032 ID des fehlerhaften Prozesses: 0x28b4 Startzeit der fehlerhaften Anwendung: 0x01ce69b5cda18bea Pfad der fehlerhaften Anwendung: C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 15eccb3d-d5a9-11e2-beb5-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 15.06.2013 07:48:30 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000002f ID des fehlerhaften Prozesses: 0x3838 Startzeit der fehlerhaften Anwendung: 0x01ce69be2f66f29e Pfad der fehlerhaften Anwendung: C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 7f2c509e-d5b1-11e2-beb5-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 15.06.2013 08:47:38 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: GPhotos.scr, Version:, Zeitstempel: 0x515ae6ae Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000048 ID des fehlerhaften Prozesses: 0x3220 Startzeit der fehlerhaften Anwendung: 0x01ce69c676d7072f Pfad der fehlerhaften Anwendung: C:\WINDOWS\SysWOW64\GPhotos.scr Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: c1be7245-d5b9-11e2-beb5-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 15.06.2013 08:48:25 | Computer Name = YpS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000002f ID des fehlerhaften Prozesses: 0x1e6c Startzeit der fehlerhaften Anwendung: 0x01ce69c6912b3725 Pfad der fehlerhaften Anwendung: C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: ddc9ec21-d5b9-11e2-beb5-cc52afe0f613 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ System Events ] Error - 09.06.2013 03:17:38 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.06.2013 04:16:01 | Computer Name = YpS | Source = Service Control Manager | ID = 7034 Description = Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 09.06.2013 06:44:16 | Computer Name = YpS | Source = DCOM | ID = 10010 Description = Error - 09.06.2013 06:45:01 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.06.2013 12:41:09 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.06.2013 13:08:08 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.06.2013 14:13:45 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.06.2013 11:10:15 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.06.2013 17:04:13 | Computer Name = YpS | Source = Service Control Manager | ID = 7034 Description = Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.06.2013 15:19:08 | Computer Name = YpS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > HTML-Code: OTL logfile created on: 15.06.2013 14:43:15 - Run 1 OTL by OldTimer - Version Folder = G:\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,69% Memory free 9,10 Gb Paging File | 6,93 Gb Available in Paging File | 76,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 20,50 Gb Free Space | 27,54% Space Free | Partition Type: NTFS Drive E: | 379,63 Gb Total Space | 11,30 Gb Free Space | 2,98% Space Free | Partition Type: NTFS Drive G: | 75,19 Gb Total Space | 16,79 Gb Free Space | 22,32% Space Free | Partition Type: NTFS Drive H: | 9,77 Gb Total Space | 0,80 Gb Free Space | 8,17% Space Free | Partition Type: NTFS Computer Name: YPS | User Name: Santa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013.06.15 14:32:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Desktop\OTL.exe PRC - [2013.06.15 12:16:53 | 000,055,296 | ---- | M] (Ufasoft) -- C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe PRC - [2013.06.15 12:16:53 | 000,055,296 | ---- | M] (Ufasoft) -- C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.05.30 01:33:20 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2013.04.12 23:27:48 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe PRC - [2012.11.26 16:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2012.08.24 19:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2012.07.26 05:32:50 | 000,385,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe PRC - [2012.07.26 05:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2011.11.10 10:59:36 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.11.10 10:59:34 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.09.01 16:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2012.12.11 07:22:08 | 000,060,272 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:[b]64bit:[/b] - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2012.07.26 05:05:12 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:[b]64bit:[/b] - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:[b]64bit:[/b] - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2012.06.08 18:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 002,227,992 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport) SRV - [2013.06.11 20:09:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.05.30 16:34:34 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.30 01:33:20 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2013.04.12 23:27:48 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService) SRV - [2012.12.18 13:30:54 | 000,127,120 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.26 16:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.11.26 16:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.11.15 15:51:42 | 000,959,256 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.09.24 17:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.09.24 17:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.09.24 17:02:42 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.09.24 17:02:16 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.08.24 19:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2011.11.10 10:59:36 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.11.10 10:59:34 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.09.01 16:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013.04.24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2013.04.12 17:20:43 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt) DRV:[b]64bit:[/b] - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2013.03.11 02:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone) DRV:[b]64bit:[/b] - [2013.03.04 14:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:[b]64bit:[/b] - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2013.02.14 01:51:32 | 000,109,016 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ACLE1764.sys -- (ACLE6Live) DRV:[b]64bit:[/b] - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2013.02.02 09:24:50 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP) DRV:[b]64bit:[/b] - [2013.02.02 09:24:42 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthHfAud.sys -- (BthHFAud) DRV:[b]64bit:[/b] - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2012.12.11 07:22:08 | 000,042,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:[b]64bit:[/b] - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:[b]64bit:[/b] - [2012.10.18 00:19:22 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2012.10.09 19:48:50 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2012.10.09 19:48:50 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2012.10.09 19:48:48 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort) DRV:[b]64bit:[/b] - [2012.10.09 19:48:48 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub) DRV:[b]64bit:[/b] - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:[b]64bit:[/b] - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2012.07.26 04:30:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2012.07.26 04:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:[b]64bit:[/b] - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:[b]64bit:[/b] - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:[b]64bit:[/b] - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:[b]64bit:[/b] - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2012.07.04 14:39:00 | 000,105,472 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\risdxc64.sys -- (risdxc) DRV:[b]64bit:[/b] - [2012.06.22 06:59:50 | 001,586,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:[b]64bit:[/b] - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:[b]64bit:[/b] - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2011.11.25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pneteth.sys -- (pneteth) DRV:[b]64bit:[/b] - [2011.09.22 10:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2011.07.27 20:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\iPodDrv.sys -- (iPodDrv) DRV:[b]64bit:[/b] - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf.sys -- (PSI) DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,226,680 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,186,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,169,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcbtums.sys -- (bcbtums) DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,161,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwampfl.sys -- (btwampfl) DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2000.01.01 02:00:00 | 000,020,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btwrchid.sys -- (btwrchid) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 7D 4C C7 E0 62 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/" FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod: FF - prefs.js..extensions.enabledAddons: musicplayer%40firemediaplayer.com:2.2 FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1 FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D: FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:18.8 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9 FF - prefs.js..extensions.enabledAddons: %7B677a8f98-fd64-40b0-a883-b8c95d0cbf17%7D:0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version= C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Santa\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Santa\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{59d42255-7f9c-49e5-8e68-a5fd16d06d76}: C:\Program Files\KeyLemon\extension\{59d42255-7f9c-49e5-8e68-a5fd16d06d76} FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.03 21:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\Extensions [2013.06.08 21:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions [2013.05.30 16:55:07 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013.05.30 16:55:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013.05.30 16:55:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Santa\AppData\Roaming\mozilla\Firefox\Profiles\5zat8v2p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.03 21:53:47 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\amznUWL2@amazon.com.xpi [2013.05.30 16:55:07 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\client@anonymox.net.xpi [2013.02.03 21:53:47 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\isreaditlater@ideashower.com.xpi [2013.02.03 21:53:47 | 000,237,521 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\musicplayer@firemediaplayer.com.xpi [2013.02.03 21:53:47 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\SkipScreen@SkipScreen.xpi [2013.02.03 21:53:47 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\translator@zoli.bod.xpi [2013.06.08 21:21:34 | 000,020,949 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2013.05.30 16:10:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.03 21:53:47 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.04.20 22:00:58 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.05.30 16:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.30 16:34:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YOUZEEK Free Music = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0\ CHR - Extension: YouTube = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Google Play Music = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0\ CHR - Extension: Google Mail = C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O4:[b]64bit:[/b] - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe (KeyLemon) O4:[b]64bit:[/b] - HKLM..\Run: [KeyLemon Updater] C:\Programme\KeyLemon\KLUpdater.exe (KeyLemon) O4:[b]64bit:[/b] - HKLM..\Run: [LenovoOptMouseUpdate] C:\Programme\Lenovo\HOTKEY\extapsup.exe (Lenovo Group Limited) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKCU..\Run: [Adobe Flash Updater] C:\ProgramData\svsupdates0\xsytzecrn.exe (Microsoft Corporation) O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [MusicManager] C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O4 - HKCU..\Run: [NPowerTray] G:\Downloads\NPowerTray.exe () O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKCU..\RunOnce: [Adobe Flash Updater] C:\ProgramData\svsupdates0\xsytzecrn.exe (Microsoft Corporation) O4 - Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A283C47B-98AD-4D34-9552-DCD9CEC0DDA1}: DhcpNameServer = O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\mbam.exe: Debugger - mefjb_.exe File not found O27:[b]64bit:[/b] - HKLM IFEO\mbamgui.exe: Debugger - gxwfo_.exe File not found O27:[b]64bit:[/b] - HKLM IFEO\MSASCui.exe: Debugger - moyml_.exe File not found O27:[b]64bit:[/b] - HKLM IFEO\MsMpEng.exe: Debugger - ftdim_.exe File not found O27:[b]64bit:[/b] - HKLM IFEO\msseces.exe: Debugger - xsljq_.exe File not found O27 - HKLM IFEO\mbam.exe: Debugger - mefjb_.exe File not found O27 - HKLM IFEO\mbamgui.exe: Debugger - gxwfo_.exe File not found O27 - HKLM IFEO\MSASCui.exe: Debugger - moyml_.exe File not found O27 - HKLM IFEO\MsMpEng.exe: Debugger - ftdim_.exe File not found O27 - HKLM IFEO\msseces.exe: Debugger - xsljq_.exe File not found O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013.06.15 14:39:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\Desktop\OTL.exe [2013.06.15 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\WindowsLogonS [2013.06.15 11:46:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\svsupdates0 [2013.06.13 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Newshosting [2013.06.13 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\CrashRpt [2013.06.13 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2013.06.13 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Newshosting [2013.06.13 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newshosting [2013.06.13 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Santa\Downloads [2013.06.13 18:30:24 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Newshosting [2013.06.09 12:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes Library Updater [2013.06.09 12:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTLU [2013.06.09 12:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.09 12:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.09 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.09 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.09 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.09 09:44:04 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager [2013.06.09 09:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.08 22:36:28 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth [2013.06.08 22:35:16 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Broadcom [2013.06.08 22:19:32 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll [2013.06.08 22:19:23 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\pcwServiceCenter [2013.06.08 22:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers [2013.06.08 22:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers [2013.06.08 22:16:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers [2013.06.08 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\SlimWare Utilities Inc [2013.06.08 21:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.08 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.06.08 21:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.06.08 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Secunia PSI [2013.06.08 20:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.06.08 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2013.06.08 19:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2013.06.08 19:48:33 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Auslogics [2013.06.08 19:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-WELT-ServiceCenter [2013.06.08 19:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC-WELT-ServiceCenter [2013.06.08 18:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt [2013.06.08 16:46:00 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\Engelmann_Media [2013.06.08 16:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2013.06.08 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\SuperEasy Software [2013.06.08 16:31:13 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Engelmann Media [2013.06.08 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4 [2013.06.08 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engelmann Media [2013.06.08 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Engelmann Media [2013.06.08 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Q-Dir [2013.06.08 16:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir [2013.06.08 16:27:57 | 000,000,000 | ---D | C] -- G:\Documents\Favorites_Q_Dir [2013.06.08 16:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Q-Dir [2013.06.06 22:52:08 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\GlarySoft [2013.06.06 22:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities [2013.06.06 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities [2013.06.05 23:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2013.06.04 20:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2013.06.04 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2013.06.04 19:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluray Decrypter [2013.06.04 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.06.04 19:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [2013.06.04 13:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2013.06.04 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo [2013.06.04 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo [2013.06.04 13:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo [2013.06.03 17:30:43 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\VMLite Workstation [2013.06.03 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMLite Workstation [2013.06.03 17:10:08 | 000,000,000 | ---D | C] -- C:\Users\Santa\VMLites [2013.06.02 12:38:54 | 000,000,000 | ---D | C] -- C:\Users\Santa\.android [2013.05.31 22:26:58 | 000,015,360 | ---- | C] (June Fabrics Technology Inc.) -- C:\WINDOWS\SysNative\drivers\pneteth.sys [2013.05.31 22:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android [2013.05.31 22:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android [2013.05.31 22:25:12 | 000,000,000 | ---D | C] -- G:\Desktop\motochopper [2013.05.31 14:19:48 | 000,000,000 | ---D | C] -- C:\ZOPO [2013.05.31 12:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SP_FT_Logs [2013.05.30 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Local\FreemakeVideoConverter [2013.05.30 20:25:26 | 000,000,000 | ---D | C] -- G:\Documents\Freemake [2013.05.30 20:25:26 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013.05.30 20:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013.05.30 20:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.05.30 20:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013.05.30 19:37:41 | 000,000,000 | ---D | C] -- C:\Users\Santa\AppData\Roaming\HandBrake [2013.05.30 19:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.05.30 16:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.05.30 16:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2013.05.30 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.19 12:54:27 | 000,097,176 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\SysWow64\ElbyCDIO.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013.06.15 14:44:14 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.06.15 14:41:56 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\SlimDrivers Startup.job [2013.06.15 14:37:45 | 000,377,856 | ---- | M] () -- G:\Desktop\gmer_2.1.19163.exe [2013.06.15 14:32:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Desktop\OTL.exe [2013.06.15 14:32:03 | 000,050,477 | ---- | M] () -- G:\Desktop\Defogger.exe [2013.06.15 14:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.15 14:00:00 | 000,015,547 | ---- | M] () -- C:\Users\Santa\Network_Meter_Data.js [2013.06.15 13:48:39 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job [2013.06.15 12:16:57 | 000,001,088 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013.06.15 09:48:00 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job [2013.06.15 09:44:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.14 21:27:29 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.06.14 21:27:29 | 000,753,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.06.14 21:27:29 | 000,710,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.06.14 21:27:29 | 000,155,826 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.06.14 21:27:29 | 000,132,614 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.06.14 21:20:39 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.14 21:19:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2013.06.14 21:18:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.14 21:18:38 | 2502,512,639 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 00:40:10 | 000,000,026 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini [2013.06.13 22:23:58 | 000,000,658 | ---- | M] () -- G:\Documents\Breaking Point (German) (2009) AC3 BDRip.nzb [2013.06.10 18:43:27 | 000,000,853 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini [2013.06.09 12:58:20 | 000,000,748 | ---- | M] () -- G:\Documents\2013-06-09.itlu [2013.06.08 22:34:42 | 000,000,876 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013.06.08 22:20:10 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\SuperEasyDriverUpdater_UPDATES.job [2013.06.08 22:16:04 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2013.06.08 20:59:01 | 000,001,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.08 20:56:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\SysWow64\zlib.dll [2013.06.08 20:56:39 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\dMaintenanceConfig.zip [2013.06.08 20:49:03 | 000,024,576 | ---- | M] () -- C:\WINDOWS\SysNative\FoolishEventLogMsgHelper.dll [2013.06.08 19:47:38 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk [2013.06.08 16:28:09 | 000,010,458 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini [2013.06.08 16:27:57 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Q-Dir.lnk [2013.06.05 23:44:36 | 000,000,562 | ---- | M] () -- G:\Documents\Menu Settings.xml [2013.06.04 20:05:22 | 000,000,021 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini [2013.06.04 19:51:10 | 000,036,446 | ---- | M] () -- G:\Documents\cc_20130604_195103.reg [2013.06.04 19:13:43 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\ISO Workshop.lnk [2013.06.01 09:27:30 | 000,001,048 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.01 09:27:24 | 000,000,930 | ---- | M] () -- G:\Desktop\Dropbox.lnk [2013.05.30 17:19:36 | 000,001,080 | ---- | M] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini [2013.05.30 17:17:46 | 000,310,216 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.05.24 15:21:55 | 000,000,572 | R--- | M] () -- C:\WINDOWS\SysWow64\revolution.2012.118.720p-dimension.nfo [2013.05.19 12:54:27 | 000,097,176 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\SysWow64\ElbyCDIO.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013.06.15 14:37:40 | 000,377,856 | ---- | C] () -- G:\Desktop\gmer_2.1.19163.exe [2013.06.15 14:31:48 | 000,050,477 | ---- | C] () -- G:\Desktop\Defogger.exe [2013.06.15 12:16:57 | 000,001,088 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013.06.15 00:21:50 | 000,000,572 | R--- | C] () -- C:\WINDOWS\SysWow64\revolution.2012.118.720p-dimension.nfo [2013.06.13 22:23:58 | 000,000,658 | ---- | C] () -- G:\Documents\Breaking Point (German) (2009) AC3 BDRip.nzb [2013.06.09 12:58:19 | 000,000,748 | ---- | C] () -- G:\Documents\2013-06-09.itlu [2013.06.09 09:43:45 | 000,000,916 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job [2013.06.09 09:43:45 | 000,000,864 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job [2013.06.09 09:39:34 | 000,001,116 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 09:39:34 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.08 22:34:26 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013.06.08 22:16:04 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2013.06.08 22:12:36 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\SlimDrivers Startup.job [2013.06.08 20:59:01 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.06.08 20:59:01 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.06.08 20:56:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\zlib.dll [2013.06.08 20:56:39 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\dMaintenanceConfig.zip [2013.06.08 20:49:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysNative\FoolishEventLogMsgHelper.dll [2013.06.08 19:47:38 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk [2013.06.08 16:34:10 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\SuperEasyDriverUpdater_UPDATES.job [2013.06.08 16:27:57 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\Q-Dir.lnk [2013.06.08 16:27:46 | 000,010,458 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini [2013.06.06 22:50:51 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2013.06.05 23:44:36 | 000,000,562 | ---- | C] () -- G:\Documents\Menu Settings.xml [2013.06.04 19:51:06 | 000,036,446 | ---- | C] () -- G:\Documents\cc_20130604_195103.reg [2013.06.03 17:30:42 | 000,002,241 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (Secure).lnk [2013.05.30 17:17:43 | 000,310,216 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.05.30 16:03:37 | 000,387,688 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2013.03.31 19:55:28 | 000,006,656 | ---- | C] () -- C:\Users\Santa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.31 01:13:10 | 000,000,026 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini [2013.03.30 17:26:19 | 000,000,368 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Digital Clock_Settings.ini [2013.03.30 17:23:06 | 000,015,547 | ---- | C] () -- C:\Users\Santa\Network_Meter_Data.js [2013.02.10 13:29:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll [2013.02.09 16:08:35 | 000,000,021 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini [2013.02.06 00:00:00 | 000,004,853 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv [2013.02.05 23:11:22 | 000,001,080 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini [2013.02.05 00:41:56 | 000,000,576 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.02.05 00:26:52 | 000,000,853 | ---- | C] () -- C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini [2013.02.05 00:14:24 | 000,727,029 | ---- | C] () -- C:\WINDOWS\unins000.exe [2013.02.05 00:14:24 | 000,044,083 | ---- | C] () -- C:\WINDOWS\unins000.dat [2013.02.04 22:33:22 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2013.02.03 21:00:48 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2013.02.03 20:59:12 | 000,010,597 | ---- | C] () -- C:\Users\Santa\AppData\Local\Application.xml [2013.01.30 20:34:47 | 000,000,000 | ---- | C] () -- C:\Users\Santa\defogger_reenable [2012.12.14 03:42:30 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin [2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2012.12.14 03:42:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin [2012.10.29 16:44:56 | 000,315,392 | ---- | C] () -- C:\WINDOWS\SysWow64\EMRegSys.dll [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013.02.14 01:57:59 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\ACLive5 [2013.02.10 12:14:02 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Amazon [2013.06.08 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Auslogics [2013.06.06 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\BatteryBar [2013.02.16 22:43:12 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\calibre [2013.02.03 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Canneverbe Limited [2013.06.14 21:20:05 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Dropbox [2013.06.08 16:31:13 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Engelmann Media [2013.02.06 22:38:22 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\EurekaLog [2013.05.30 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Foxit Software [2013.02.12 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\FreeFileSync [2013.06.06 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\GlarySoft [2013.04.12 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Greenshot [2013.06.01 12:38:56 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\HandBrake [2013.02.06 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\IrfanView [2013.05.30 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\JAM Software [2013.06.13 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\KeePass [2013.06.13 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Newshosting [2013.06.02 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Notepad++ [2013.02.03 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\pdfforge [2013.06.08 16:28:09 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\Q-Dir [2013.06.08 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\SuperEasy Software [2013.06.04 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\TeamViewer [2013.02.03 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\TeraCopy [2013.06.13 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\UseNeXT [2013.06.04 19:49:39 | 000,000,000 | ---D | M] -- C:\Users\Santa\AppData\Roaming\uTorrent [2013.06.15 12:16:53 | 000,000,000 | ---D | /// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Coin-miner zieht alle ressourcen! Processor 100% Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
![]() | #3 |
![]() | ![]() Coin-miner zieht alle ressourcen! Processor 100% Hallo Schrauber,
die Antwort kam schneller als erwartet! Super. Hier die scan Ergebnisse: Gruss mamic
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Santa (administrator) on 15-06-2013 16:01:13 Running from G:\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe () G:\Downloads\NPowerTray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\System32\WScript.exe (Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe (Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon) HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon) HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation) HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x] HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] () HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google) HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.) HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.) HKCU\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) IMEO\hijackthis.exe: [Debugger] kbvh_.exe IMEO\housecalllauncher.exe: [Debugger] snrm_.exe IMEO\mbam.exe: [Debugger] mefjb_.exe IMEO\mbamgui.exe: [Debugger] gxwfo_.exe IMEO\MSASCui.exe: [Debugger] moyml_.exe IMEO\MsMpEng.exe: [Debugger] ftdim_.exe IMEO\msseces.exe: [Debugger] xsljq_.exe IMEO\rstrui.exe: [Debugger] safp_.exe IMEO\spybotsd.exe: [Debugger] sina_.exe Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: msdaipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default FF SelectedSearchEngine: Web Search FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version= - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi FF Extension: isreaditlater - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\isreaditlater@ideashower.com.xpi FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll () CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0 CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0 CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-15] () R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmpA2D7.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-15 16:01 - 2013-06-15 16:01 - 00000000 ____D C:\FRST 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 12:16 - 2013-06-15 12:16 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:43 - 2013-06-15 15:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-09 09:43 - 2013-06-15 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-09 09:39 - 2013-06-15 15:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-09 09:39 - 2013-06-15 15:10 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll 2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe 2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys 2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-09 12:44 - 00000838 ____A C:\Windows\PFRO.log 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-15 15:10 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-08 22:12 - 2013-06-15 15:10 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:50 - 2013-06-15 15:10 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll 2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll 2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll 2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll 2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys 2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys 2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll 2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml 2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi 2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi 2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll 2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll 2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== One Month Modified Files and Folders ======= 2013-06-15 16:01 - 2013-06-15 16:01 - 00000000 ____D C:\FRST 2013-06-15 16:00 - 2013-03-30 17:23 - 00015614 ____A C:\Users\Santa\Network_Meter_Data.js 2013-06-15 16:00 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype 2013-06-15 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-15 15:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-15 15:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-15 15:19 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-15 15:19 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-15 15:19 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-15 15:11 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox 2013-06-15 15:10 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-15 15:10 - 2013-06-08 22:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-15 15:10 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-15 15:10 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-15 15:10 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 15:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-15 12:16 - 2013-06-15 12:16 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc 2013-06-14 00:40 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini 2013-06-14 00:40 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT 2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing 2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:44 - 2013-06-08 22:20 - 00000838 ____A C:\Windows\PFRO.log 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google 2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper 2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar 2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell 2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent 2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer 2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media 2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++ 2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software 2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software 2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll 2013-05-16 00:37 - 2013-06-12 21:51 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-05-16 00:36 - 2013-06-12 21:51 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 00:35 - 2013-06-12 21:51 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 00:35 - 2013-06-12 21:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-05-16 00:35 - 2013-06-11 19:21 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 20:03 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013 Ran by Santa at 2013-06-15 16:02:23 Run: Running from G:\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (Version: 7-Zip 9.20 (x64 edition) (Version: 8GadgetPack (Version: 5.0.0) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Anzeige am Bildschirm (Version: 6.67.05) Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: Apple Software Update (Version: ArchiCrypt Live Version (Version: Auslogics Disk Defrag (Version: 3.6) BatteryBar (remove only) Bonjour (Version: calibre 64bit (Version: 0.9.27) CCleaner (Version: 4.02) CDBurnerXP (Version: Classic Shell (Version: 3.6.7) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) Conexant HD Audio (Version: doubleTwist (Version: Dropbox (Version: 2.0.22) ffdshow [rev 2527] [2008-12-19] (Version: 1.0) Foxit Reader (Version: FreeFileSync 5.12 (Version: 5.12) Freemake Video Converter Version 4.0.1 (Version: 4.0.1) Glary Utilities (Version: Google Chrome (Version: 27.0.1453.110) Google Earth (Version: Google Talk (remove only) Google Update Helper (Version: HandBrake (Version: ImgBurn (Version: Intel PROSet Wireless Intel(R) Management Engine Components (Version: Intel(R) Processor Graphics (Version: Intel(R) WiDi (Version: Intel® PROSet/Wireless WiFi-Software (Version: 15.05.6000.1657) IrfanView (remove only) (Version: 4.35) ISO Workshop 4.2 iTunes (Version: iTunes Library Updater (Version: 1.2.2) Java 7 Update 21 (64-bit) (Version: 7.0.210) Java 7 Update 21 (Version: 7.0.210) KeePass Password Safe 2.22 KeyLemon (Version: 2.7.1) Lenovo Bluetooth with Enhanced Data Rate Software (Version: Lenovo Patch Utility (Version: Lenovo Patch Utility 64 bit (Version: Lenovo Power Management Driver (Version: Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) Music Manager Network Meter version 9.1 (Version: 9.1) Newshosting (Version: 1.4.0) Notepad++ (Version: 6.3.2) Paint.NET v3.5.10 (Version: 3.60.0) PdaNet+ for Android 4.12 PDFCreator (Version: 1.6.2) Picasa 3 (Version: 3.9) Q-Dir Revo Uninstaller 1.94 (Version: 1.94) RICOH_Media_Driver_v2.22.18.01 (Version: SAMSUNG USB Driver for Mobile Phones (Version: Secunia PSI ( (Version: Simply Good Pictures 2 (Version: Skype™ 6.3 (Version: 6.3.105) SlimDrivers (Version: 2.2.30085) TeamViewer 8 (Version: 8.0.18930) TeraCopy 2.27 ThinkPad UltraNav Driver (Version: TrueCrypt (Version: 7.1a) UseNeXT by Tangysoft VirtualCloneDrive VLC media player 2.0.6 (Version: 2.0.6) Windows Service-Center 2013 Yahoo! Messenger ==================== Restore Points ========================= 03-06-2013 15:06:36 Installed VMLite Workstation 05-06-2013 21:50:11 Installed Classic Shell 08-06-2013 14:31:03 Installed Simply Good Pictures 2 08-06-2013 20:17:39 SlimDrivers Installing Drivers 08-06-2013 20:32:26 SlimDrivers Installing Drivers 12-06-2013 20:22:52 Windows Update 15-06-2013 05:51:58 Windows Defender Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2013 03:12:02 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000002e ID des fehlerhaften Prozesses: 0x1064 Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5 Error: (06/15/2013 03:11:07 PM) (Source: Perflib) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (06/15/2013 03:03:09 PM) (Source: Picasa3) (User: ) Description: Google Photos Screensaver ist abgestürzt. Eine Dump-Datei wurde generiert: C:\Users\Santa\AppData\Local\Temp\Photos_Screensaver_130615-150144.dmp Error: (06/15/2013 02:48:25 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000002f ID des fehlerhaften Prozesses: 0x1e6c Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5 Error: (06/15/2013 02:47:38 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GPhotos.scr, Version:, Zeitstempel: 0x515ae6ae Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000048 ID des fehlerhaften Prozesses: 0x3220 Startzeit der fehlerhaften Anwendung: 0xGPhotos.scr0 Pfad der fehlerhaften Anwendung: GPhotos.scr1 Pfad des fehlerhaften Moduls: GPhotos.scr2 Berichtskennung: GPhotos.scr3 Vollständiger Name des fehlerhaften Pakets: GPhotos.scr4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GPhotos.scr5 Error: (06/15/2013 01:48:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000002f ID des fehlerhaften Prozesses: 0x3838 Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5 Error: (06/15/2013 00:48:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version:, Zeitstempel: 0x4f3c6d6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000032 ID des fehlerhaften Prozesses: 0x28b4 Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0 Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1 Pfad des fehlerhaften Moduls: GoogleUpdate.exe2 Berichtskennung: GoogleUpdate.exe3 Vollständiger Name des fehlerhaften Pakets: GoogleUpdate.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GoogleUpdate.exe5 Error: (06/15/2013 07:51:58 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {a8aee6a7-3469-42e0-bc55-75ae02fddfd4} Error: (06/14/2013 09:19:25 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (06/13/2013 11:04:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: CxAudMsg64.exe, Version:, Zeitstempel: 0x4fd1c0c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ebd59 ID des fehlerhaften Prozesses: 0x754 Startzeit der fehlerhaften Anwendung: 0xCxAudMsg64.exe0 Pfad der fehlerhaften Anwendung: CxAudMsg64.exe1 Pfad des fehlerhaften Moduls: CxAudMsg64.exe2 Berichtskennung: CxAudMsg64.exe3 Vollständiger Name des fehlerhaften Pakets: CxAudMsg64.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CxAudMsg64.exe5 System errors: ============= Error: (06/15/2013 03:10:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/15/2013 03:10:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%2147944153 Error: (06/15/2013 03:10:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/15/2013 03:10:15 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?15.?06.?2013 um 14:38:40 unerwartet heruntergefahren. Error: (06/14/2013 09:19:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/13/2013 11:04:13 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2013 05:10:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/12/2013 08:13:45 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/11/2013 07:08:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/10/2013 06:41:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (06/15/2013 03:12:02 PM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000002e106401ce69c9d0546b24C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dll2ab81968-d5bd-11e2-beb7-cc52afe0f613 Error: (06/15/2013 03:11:07 PM) (Source: Perflib)(User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (06/15/2013 03:03:09 PM) (Source: Picasa3)(User: ) Description: Google Photos Screensaver ist abgestürzt. Eine Dump-Datei wurde generiert: C:\Users\Santa\AppData\Local\Temp\Photos_Screensaver_130615-150144.dmp Error: (06/15/2013 02:48:25 PM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000002f1e6c01ce69c6912b3725C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dllddc9ec21-d5b9-11e2-beb5-cc52afe0f613 Error: (06/15/2013 02:47:38 PM) (Source: Application Error)(User: ) Description: GPhotos.scr3.9.136.20515ae6aentdll.dll6.2.9200.16578515fac6ec000000500000048322001ce69c676d7072fC:\WINDOWS\SysWOW64\GPhotos.scrC:\WINDOWS\SYSTEM32\ntdll.dllc1be7245-d5b9-11e2-beb5-cc52afe0f613 Error: (06/15/2013 01:48:30 PM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000002f383801ce69be2f66f29eC:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dll7f2c509e-d5b1-11e2-beb5-cc52afe0f613 Error: (06/15/2013 00:48:17 PM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.2.9200.16578515fac6ec00000050000003228b401ce69b5cda18beaC:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exeC:\WINDOWS\SYSTEM32\ntdll.dll15eccb3d-d5a9-11e2-beb5-cc52afe0f613 Error: (06/15/2013 07:51:58 AM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {a8aee6a7-3469-42e0-bc55-75ae02fddfd4} Error: (06/14/2013 09:19:25 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT-AUTORITÄT) Description: -2147024883 Error: (06/13/2013 11:04:13 PM) (Source: Application Error)(User: ) Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.2.9200.1657951637f77c000037400000000000ebd5975401ce68480457b5beC:\WINDOWS\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dllcc2db026-d46c-11e2-beb4-cc52afe0f613 ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8103.23 MB Available physical RAM: 6085.42 MB Total Pagefile: 16295.23 MB Available Pagefile: 14240.36 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:74.43 GB) (Free:13.19 GB) NTFS (Disk=1 Partition=2) Drive e: (Volume) (Fixed) (Total:379.63 GB) (Free:11.3 GB) NTFS (Disk=0 Partition=4) Drive g: (DATA) (Fixed) (Total:75.19 GB) (Free:16.78 GB) NTFS (Disk=0 Partition=2) Drive h: (W8_Recovery) (Fixed) (Total:9.77 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 9D286FA3) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=380 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 9F478B1E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
![]() | #4 |
Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
ATTFilter IMEO\hijackthis.exe: [Debugger] kbvh_.exe IMEO\housecalllauncher.exe: [Debugger] snrm_.exe IMEO\mbam.exe: [Debugger] mefjb_.exe IMEO\mbamgui.exe: [Debugger] gxwfo_.exe IMEO\MSASCui.exe: [Debugger] moyml_.exe IMEO\MsMpEng.exe: [Debugger] ftdim_.exe IMEO\msseces.exe: [Debugger] xsljq_.exe IMEO\rstrui.exe: [Debugger] safp_.exe IMEO\spybotsd.exe: [Debugger] sina_.exe R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmpA2D7.tmp [x] 2013-06-15 12:16 - 2013-06-15 12:16 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | #5 |
Ausgeführt! Gruss Manfred
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013 Ran by Santa at 2013-06-15 17:20:28 Run:1 Running from G:\Desktop Boot Mode: Normal ============================================== HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. WinRing0_1_2_0 => Service deleted successfully. "C:\Users\Santa\AppData\Roaming\WindowsLogonS" directory move: C:\Users\Santa\AppData\Roaming\WindowsLogonS\coinutil.dll => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\killer.bat => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\miner.dll => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\openssl.dll => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\phatk.cl => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\phatk.ptx => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\puts.vbs => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.dll => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\compile.bat => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part2 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part3 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part4 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part5 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\shel\shell.exe_part6 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\compile.bat => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part10 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part11 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part12 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part13 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part14 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part15 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part16 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part17 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part18 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part19 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part2 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part20 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part21 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part22 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part23 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part24 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part25 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part26 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part27 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part28 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part29 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part3 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part30 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part31 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part32 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part33 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part34 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part35 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part4 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part5 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part6 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part7 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part8 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\min\miner.dll_part9 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\compile.bat => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part2 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part3 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part4 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part5 => Moved successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS\macro\macromedia.exe_part6 => Moved successfully. Could not move "C:\Users\Santa\AppData\Roaming\WindowsLogonS" directory. => Scheduled to move on reboot. "C:\ProgramData\svsupdates0" directory move: Could not move C:\ProgramData\svsupdates0\xsytzecrn.exe. => Scheduled to move on reboot. Could not move "C:\ProgramData\svsupdates0" directory. => Scheduled to move on reboot. =========== Result of Scheduled Files to move =========== C:\Users\Santa\AppData\Roaming\WindowsLogonS => Moved successfully. C:\ProgramData\svsupdates0\xsytzecrn.exe => File could not move. C:\ProgramData\svsupdates0 => Directory could not move. ==== End of Fixlog ==== |
Downloade Dir bitte
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte ![]()
Coin-miner zieht alle ressourcen! Processor 100%
Good evening! Alles wie angewiesen durchgeführt, hier die log files! Gruss Manfred Code:
ATTFilter # AdwCleaner v2.303 - Datei am 15/06/2013 um 19:39:10 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 8 Pro with Media Center (64 bits) # Benutzer : Santa - YPS # Bootmodus : Normal # Ausgeführt unter : G:\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\Santa\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\prefs.js Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] -\\ Google Chrome v27.0.1453.110 Datei : C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [10552 octets] - [15/06/2013 19:39:10] ########## EOF - C:\AdwCleaner[S1].txt - [10613 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 8 Pro with Media Center x64 Ran by Santa on 15.06.2013 at 19:43:34,33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1236658316-3132239065-196456727-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] "C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\extensions\isreaditlater@ideashower.com.xpi" Successfully deleted the following from C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\prefs.js user_pref("extensions.webbooster@iminent.com.install-event-fired", true); Emptied folder: C:\Users\Santa\AppData\Roaming\mozilla\firefox\profiles\5zat8v2p.default\minidumps [3 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.06.2013 at 19:47:13,78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Santa (administrator) on 15-06-2013 19:47:42 Running from G:\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\System32\LocationNotifications.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe (Google Inc.) C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\System32\WScript.exe (Ufasoft) C:\FRST\Quarantine\shell.exe (Ufasoft) C:\FRST\Quarantine\macromedia.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon) HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon) HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation) HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x] HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] () HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google) HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.) HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.) HKCU\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) IMEO\hijackthis.exe: [Debugger] iuznf_.exe IMEO\housecalllauncher.exe: [Debugger] wtdar_.exe IMEO\rstrui.exe: [Debugger] bjrwz_.exe IMEO\spybotsd.exe: [Debugger] wfoqk_.exe Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> C:\FRST\Quarantine\usft_ext.exe.vbs () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: msdaipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File FireFox: ======== FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version= - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll () CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0 CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0 CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp786C.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT 2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 16:01 - 2013-06-15 17:21 - 00000000 ____D C:\FRST 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:43 - 2013-06-15 19:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-09 09:43 - 2013-06-15 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-09 09:39 - 2013-06-15 19:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-09 09:39 - 2013-06-15 19:40 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll 2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe 2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys 2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-15 17:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-15 19:42 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:50 - 2013-06-15 19:40 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll 2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll 2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll 2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll 2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys 2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys 2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll 2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml 2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi 2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi 2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll 2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll 2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== One Month Modified Files and Folders ======= 2013-06-15 19:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 19:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT 2013-06-15 19:42 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-15 19:41 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype 2013-06-15 19:41 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox 2013-06-15 19:40 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-15 19:40 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-15 19:40 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 19:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-15 19:00 - 2013-03-30 17:23 - 00015713 ____A C:\Users\Santa\Network_Meter_Data.js 2013-06-15 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-15 17:29 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-15 17:29 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-15 17:29 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-15 17:21 - 2013-06-15 16:01 - 00000000 ____D C:\FRST 2013-06-15 17:20 - 2013-06-08 22:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-15 17:20 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini 2013-06-15 17:20 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc 2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT 2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing 2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google 2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper 2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar 2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell 2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent 2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer 2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media 2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++ 2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software 2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software 2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll 2013-05-16 00:37 - 2013-06-12 21:51 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-05-16 00:36 - 2013-06-12 21:51 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 00:35 - 2013-06-12 21:51 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 00:35 - 2013-06-12 21:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-05-16 00:35 - 2013-06-11 19:21 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 20:03 ==================== End Of Log ============================ --- --- --- Hallo Schrauber, ich musste inzwischen den Laptop neu starten um den Defender wieder zu aktivieren. Vor Neustart war es nicht möglich oder ich hab mich zu dumm angestellt. Hoffe das verursacht kein weiteres Problem. Prozessor ist noch immer auf 100% |
Coin-miner zieht alle ressourcen! Processor 100% Supi, noch ein Onlinescan dann sollte es gut sein. ESET Online Scanner
Downloade Dir bitte
und ein frisches FRST Log. noch Probleme?
gruß, schrauber Proud Member of UNITE and ASAP since 2009
Coin-miner zieht alle ressourcen! Processor 100% Guten Morgen Schrauber, deine letzten Worte von Gestern "noch Probleme?" Ja, und es wird eher schlimmer! Eset scan dauerte Stunden da die Platte voll ist und der Virus den grössten Teil der Ressourcen beansprucht. Ich bin dann um 1 ins Bett und habe heute morgen auf deinstallieren gedrückt. Leider war das log file dann auch weg. Sorry, mein Fehler ich hab mich nicht genau an die ANweisung gehalten. Die Funde hatte ich vorher noch gesichert: Code:
ATTFilter C:\FRST\Quarantine\puts.vbs VBS/CoinMiner.O trojan C:\FRST\Quarantine\usft_ext.exe.vbs VBS/CoinMiner.O trojan C:\Users\Santa\AppData\Local\Temp\bjrwzmzisdj.exe VBS/CoinMiner.O trojan C:\Users\Santa\AppData\Local\Temp\edvldqbrrua.exe VBS/CoinMiner.O trojan C:\Users\Santa\AppData\Roaming\WindowsLogonS\puts.vbs VBS/CoinMiner.O trojan C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs VBS/CoinMiner.O trojan E:\TempT\Revolution.2012.S01E18.720p.HDTV.X264-DIMENSION\Revolution.2012.S01E18.720p.HDTV.X264-DIMENSION.part01.exe.1 a variant of Win32/Injector.Autoit.MB trojan H:\Galaxy S2\2012-05\clockworkmod\backup\2012-04-30-16.59.33\data.ext4.tar Android/Exploit.Lotoor.AN trojan Security check läuft nicht bis zum Ende durch, stoppt bei "Performing System Health Check". egal ob als user oder admin gestartet. Ich kann den Windows-Securitycenter Dienst nicht mehr aktivieren und wenn ich den Status des Defenders prüfen möchte sagt mir Win dass es die MSASCui.exe nicht finden kann. Ich hoffe du hast noch ein paar gute Ideen? Gruss Manfred |
Downloade dir bitte

Poste bitte den Inhalt hier.
Poste bitte den Inhalt hier.
![]() | #11 |
![]() | ![]() Coin-miner zieht alle ressourcen! Processor 100% Hallo Schrauber, du scheinst Tag und Nacht hier zu sein! Vielen Dank! Als ich am Handy gesehen habe was du geantwortet hast habe ich den Eset abgebrochen und den fss scan gestartet. So wie ich das verstehe läuft inzwischen bei mir gar nix mehr (Firewall, Defender,...) Code:
ATTFilter Farbar Service Scanner Version: 13-06-2013 Ran by Santa (administrator) on 16-06-2013 at 10:13:01 Running from "G:\Downloads" Windows 8 Pro with Media Center (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist. MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is set to Disabled. The default start type is Auto. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Disabled. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is set to Disabled. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"". Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2013-06-13 19:15] - [2013-05-04 09:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll [2013-05-30 16:03] - [2013-04-09 06:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2013-04-12 21:56] - [2013-03-02 04:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2013-06-13 18:11] - [2013-04-24 00:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945 C:\Program Files\Windows Defender\MpSvc.dll [2013-03-28 14:10] - [2013-01-29 01:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1 C:\Program Files\Windows Defender\MsMpEng.exe [2013-03-28 14:10] - [2013-01-29 03:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561 C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Santa (administrator) on 16-06-2013 10:22:59 Running from G:\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe (Google Inc.) C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe (Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\shell.exe (Ufasoft) C:\Users\Santa\AppData\Roaming\WindowsLogonS\macromedia.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon) HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon) HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation) HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x] HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] () HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google) HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.) HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.) HKCU\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) IMEO\hijackthis.exe: [Debugger] cxyqahc_.exe IMEO\housecalllauncher.exe: [Debugger] sbvhynp_.exe IMEO\mbam.exe: [Debugger] qs_.exe IMEO\mbamgui.exe: [Debugger] vf_.exe IMEO\MSASCui.exe: [Debugger] qs_.exe IMEO\MsMpEng.exe: [Debugger] zt_.exe IMEO\msseces.exe: [Debugger] hw_.exe IMEO\rstrui.exe: [Debugger] xsytzec_.exe IMEO\spybotsd.exe: [Debugger] ltoazty_.exe Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> C:\Users\Santa\AppData\Roaming\WindowsLogonS\usft_ext.exe.vbs () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: msdaipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version= - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll () CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0 CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0 CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-16] () R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp6282.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-15 21:47 - 2013-06-16 10:10 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT 2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 16:01 - 2013-06-15 17:21 - 00000000 ____D C:\FRST 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:43 - 2013-06-16 09:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-09 09:43 - 2013-06-16 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-09 09:39 - 2013-06-16 09:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-09 09:39 - 2013-06-16 09:44 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll 2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe 2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys 2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-15 17:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-16 09:13 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-08 22:12 - 2013-06-16 09:13 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:50 - 2013-06-16 09:13 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll 2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll 2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll 2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll 2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys 2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys 2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll 2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml 2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi 2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi 2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll 2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll 2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== One Month Modified Files and Folders ======= 2013-06-16 10:10 - 2013-06-15 21:47 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-16 10:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:00 - 2013-03-30 17:23 - 00015975 ____A C:\Users\Santa\Network_Meter_Data.js 2013-06-16 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-16 09:51 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype 2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-16 09:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-16 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-16 09:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:44 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 09:21 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-16 09:21 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-16 09:21 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-16 09:14 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox 2013-06-16 09:13 - 2013-06-08 22:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-16 09:13 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-16 09:13 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-16 09:13 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini 2013-06-16 09:13 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 09:13 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT 2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 17:21 - 2013-06-15 16:01 - 00000000 ____D C:\FRST 2013-06-15 17:20 - 2013-06-08 22:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-15 11:46 - 2013-06-15 11:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc 2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT 2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing 2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google 2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper 2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar 2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell 2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent 2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer 2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media 2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++ 2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software 2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software 2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 20:03 ==================== End Of Log ============================ Gruss Mamic |
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
![]() | ![]() Coin-miner zieht alle ressourcen! Processor 100% Ok, hat geklappt, hier das log: ![]() FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by SYSTEM on 16-06-2013 11:24:54 Running from E:\ Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon) HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon) HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) HKU\Santa\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x] HKU\Santa\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\Santa\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] () HKU\Santa\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google) HKU\Santa\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.) HKU\Santa\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.) HKU\Santa\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) IMEO\hijackthis.exe: [Debugger] cxyqahc_.exe IMEO\housecalllauncher.exe: [Debugger] sbvhynp_.exe IMEO\mbam.exe: [Debugger] qs_.exe IMEO\mbamgui.exe: [Debugger] vf_.exe IMEO\MSASCui.exe: [Debugger] qs_.exe IMEO\MsMpEng.exe: [Debugger] zt_.exe IMEO\msseces.exe: [Debugger] hw_.exe IMEO\rstrui.exe: [Debugger] xsytzec_.exe IMEO\spybotsd.exe: [Debugger] ltoazty_.exe Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) S2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) S2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) S1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-16] () S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp6282.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-16 11:22 - 2013-06-16 11:22 - 00000000 ____A C:\Recovery.txt 2013-06-16 08:49 - 2013-06-16 08:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-15 20:47 - 2013-06-16 09:10 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-15 18:47 - 2013-06-15 18:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\JRT 2013-06-15 18:39 - 2013-06-15 18:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 15:01 - 2013-06-15 16:21 - 00000000 ____D C:\FRST 2013-06-15 14:09 - 2013-06-15 14:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-14 23:21 - 2013-05-24 14:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-06-13 18:15 - 2013-05-04 08:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 17:30 - 2013-06-13 17:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 17:11 - 2013-04-24 00:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 17:11 - 2013-04-24 00:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 17:11 - 2013-04-24 00:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 17:11 - 2013-04-23 23:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 17:11 - 2013-04-23 23:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 17:11 - 2013-04-23 23:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 17:11 - 2013-04-23 23:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 16:11 - 2013-04-27 06:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 21:23 - 2013-04-03 00:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 21:23 - 2013-04-03 00:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 20:51 - 2013-05-15 23:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 20:51 - 2013-05-15 23:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 20:51 - 2013-05-15 23:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 20:51 - 2013-05-15 23:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 20:51 - 2013-05-14 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 20:51 - 2013-05-14 10:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 20:51 - 2013-04-28 23:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 20:51 - 2013-04-28 23:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 20:51 - 2013-04-28 23:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 20:51 - 2013-04-28 23:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 20:51 - 2013-04-28 23:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 20:51 - 2013-04-28 23:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 20:51 - 2013-04-28 23:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 20:51 - 2013-04-28 23:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 20:51 - 2013-04-28 23:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 20:51 - 2013-04-28 23:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 20:51 - 2013-04-28 23:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 20:51 - 2013-04-28 23:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 20:51 - 2013-04-28 23:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 20:51 - 2013-04-28 23:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 20:51 - 2013-04-28 23:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 20:51 - 2013-04-28 23:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 18:21 - 2013-05-15 23:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll 2013-06-09 11:54 - 2013-06-09 11:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 08:43 - 2013-06-16 09:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-09 08:43 - 2013-06-16 08:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-09 08:39 - 2013-06-16 09:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-09 08:39 - 2013-06-16 08:44 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 21:35 - 2000-01-01 01:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys 2013-06-08 21:34 - 2000-01-01 01:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll 2013-06-08 21:34 - 2000-01-01 01:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe 2013-06-08 21:34 - 2000-01-01 01:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys 2013-06-08 21:34 - 2000-01-01 01:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys 2013-06-08 21:34 - 2000-01-01 01:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys 2013-06-08 21:34 - 2000-01-01 01:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys 2013-06-08 21:34 - 2000-01-01 01:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys 2013-06-08 21:28 - 2013-06-08 21:34 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 21:28 - 2013-06-08 21:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 21:20 - 2013-06-15 16:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-08 21:19 - 2013-06-08 21:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 21:19 - 2000-01-01 01:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2013-06-08 21:16 - 2013-06-08 21:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 21:16 - 2013-06-08 21:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 21:12 - 2013-06-16 10:18 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-08 21:12 - 2013-06-16 08:13 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-08 21:12 - 2013-06-08 21:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 20:02 - 2013-06-08 20:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 20:02 - 2013-06-08 20:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 20:02 - 2013-06-08 20:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 20:01 - 2013-06-08 20:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 20:01 - 2013-06-08 20:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 20:01 - 2013-06-08 20:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 20:01 - 2013-06-08 20:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 20:01 - 2013-06-08 20:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 19:59 - 2013-06-15 12:07 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 19:56 - 2013-06-08 19:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 19:56 - 2013-06-08 19:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 19:49 - 2013-06-08 19:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 18:54 - 2013-06-08 18:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 18:48 - 2013-06-08 18:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 18:47 - 2013-06-08 18:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 18:46 - 2013-06-08 18:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 17:32 - 2013-06-08 17:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 15:46 - 2013-06-08 15:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 15:40 - 2013-06-08 15:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 15:34 - 2013-06-08 21:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 15:34 - 2013-06-08 15:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 15:27 - 2013-06-08 15:28 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 15:27 - 2013-06-08 15:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 15:27 - 2013-06-08 15:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 15:27 - 2013-06-08 15:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 21:52 - 2013-06-06 22:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 21:50 - 2013-06-16 08:13 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-06 21:50 - 2013-06-06 21:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-04 19:02 - 2013-06-04 19:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 18:22 - 2013-06-04 18:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 18:07 - 2013-06-04 18:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 12:52 - 2013-05-24 18:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-06-04 12:51 - 2013-06-04 12:56 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-03 16:30 - 2013-06-03 16:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-03 16:10 - 2013-06-08 17:29 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-02 11:38 - 2013-06-02 11:38 - 00000000 ____D C:\Users\Santa\.android 2013-05-31 21:26 - 2013-05-31 21:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 21:26 - 2011-11-25 00:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys 2013-05-31 13:19 - 2013-05-31 13:19 - 00000000 ____D C:\ZOPO 2013-05-30 19:59 - 2013-05-30 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 18:37 - 2013-06-04 18:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-05-30 18:37 - 2013-06-01 11:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-30 16:17 - 2013-05-30 16:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 16:13 - 2013-06-04 23:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-30 16:13 - 2013-06-04 23:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-30 15:57 - 2013-05-30 15:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 15:34 - 2013-06-06 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-30 15:04 - 2013-04-08 22:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2013-05-30 15:04 - 2013-04-08 22:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-30 15:04 - 2013-04-08 22:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-30 15:04 - 2013-04-08 22:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-30 15:04 - 2013-04-08 22:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-30 15:04 - 2013-04-08 22:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll 2013-05-30 15:04 - 2013-03-15 23:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2013-05-30 15:03 - 2013-04-09 06:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2013-05-30 15:03 - 2013-04-09 06:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2013-05-30 15:03 - 2013-04-09 06:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2013-05-30 15:03 - 2013-04-09 06:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-05-30 15:03 - 2013-04-09 06:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll 2013-05-30 15:03 - 2013-04-09 06:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll 2013-05-30 15:03 - 2013-04-09 06:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll 2013-05-30 15:03 - 2013-04-09 06:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-05-30 15:03 - 2013-04-09 05:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe 2013-05-30 15:03 - 2013-04-09 05:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe 2013-05-30 15:03 - 2013-04-09 05:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe 2013-05-30 15:03 - 2013-04-09 05:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe 2013-05-30 15:03 - 2013-04-09 05:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe 2013-05-30 15:03 - 2013-04-09 05:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-05-30 15:03 - 2013-04-09 05:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-05-30 15:03 - 2013-04-09 05:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll 2013-05-30 15:03 - 2013-04-09 05:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll 2013-05-30 15:03 - 2013-04-09 05:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll 2013-05-30 15:03 - 2013-04-09 05:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-30 15:03 - 2013-04-09 05:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2013-05-30 15:03 - 2013-04-09 05:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-05-30 15:03 - 2013-04-09 05:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2013-05-30 15:03 - 2013-04-09 03:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-30 15:03 - 2013-04-09 03:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys 2013-05-30 15:03 - 2013-04-09 03:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-05-30 15:03 - 2013-04-09 03:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-05-30 15:03 - 2013-04-09 03:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-05-30 15:03 - 2013-04-09 03:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys 2013-05-30 15:03 - 2013-04-09 03:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys 2013-05-30 15:03 - 2013-04-09 03:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-05-30 15:03 - 2013-04-09 03:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys 2013-05-30 15:03 - 2013-04-09 00:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2013-05-30 15:03 - 2013-04-09 00:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-05-30 15:03 - 2013-04-09 00:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2013-05-30 15:03 - 2013-04-09 00:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2013-05-30 15:03 - 2013-04-08 22:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-05-30 15:03 - 2013-04-08 22:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-30 15:03 - 2013-04-08 22:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 15:03 - 2013-04-08 22:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-30 15:03 - 2013-04-08 22:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-30 15:03 - 2013-04-08 22:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-05-30 15:03 - 2013-04-08 22:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2013-05-30 15:03 - 2013-04-08 22:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2013-05-30 15:03 - 2013-04-05 00:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll 2013-05-30 15:03 - 2013-04-02 23:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml 2013-05-30 15:03 - 2013-03-30 19:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi 2013-05-30 15:03 - 2013-03-30 19:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2013-05-30 15:03 - 2013-03-28 23:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi 2013-05-30 15:03 - 2013-03-28 23:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2013-05-30 15:03 - 2013-03-15 23:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll 2013-05-30 15:03 - 2012-12-13 05:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-30 15:03 - 2012-12-13 04:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-05-30 15:01 - 2013-04-16 03:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-30 15:01 - 2013-04-11 07:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-05-30 14:59 - 2013-03-22 04:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2013-05-30 14:59 - 2013-03-21 23:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll 2013-05-30 14:59 - 2013-03-15 01:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-05-30 14:59 - 2013-03-06 08:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-30 14:59 - 2013-03-06 07:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-30 14:59 - 2013-03-06 07:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-30 14:59 - 2013-03-06 07:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-30 14:59 - 2013-03-06 06:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-30 14:59 - 2013-03-06 06:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== One Month Modified Files and Folders ======= 2013-06-16 11:22 - 2013-06-16 11:22 - 00000000 ____A C:\Recovery.txt 2013-06-16 10:20 - 2012-07-26 06:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-06-16 10:19 - 2012-07-26 11:27 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-16 10:19 - 2012-07-26 11:27 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-16 10:19 - 2012-07-26 08:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-16 10:18 - 2013-06-08 21:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-16 10:18 - 2013-03-31 00:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini 2013-06-16 10:09 - 2013-03-28 13:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:00 - 2013-03-30 16:23 - 00016009 ____A C:\Users\Santa\Network_Meter_Data.js 2013-06-16 10:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-16 09:48 - 2013-06-09 08:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-16 09:44 - 2013-06-09 08:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:10 - 2013-06-15 20:47 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-16 08:51 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype 2013-06-16 08:49 - 2013-06-16 08:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-16 08:48 - 2013-06-09 08:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-16 08:44 - 2013-06-09 08:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 08:14 - 2013-02-03 20:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox 2013-06-16 08:13 - 2013-06-08 21:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-16 08:13 - 2013-06-06 21:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-16 08:13 - 2012-07-26 08:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-15 18:47 - 2013-06-15 18:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 18:43 - 2013-06-15 18:43 - 00000000 ____D C:\JRT 2013-06-15 18:39 - 2013-06-15 18:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 16:21 - 2013-06-15 15:01 - 00000000 ____D C:\FRST 2013-06-15 16:20 - 2013-06-08 21:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-15 14:09 - 2013-06-15 14:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 12:07 - 2013-06-08 19:59 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 01:29 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache 2013-06-14 23:18 - 2013-02-09 15:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc 2013-06-13 21:24 - 2013-02-03 21:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT 2013-06-13 21:09 - 2013-02-03 20:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 17:32 - 2013-06-13 17:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 17:32 - 2013-02-03 19:59 - 00000000 ____D C:\users\Santa 2013-06-13 17:30 - 2013-06-13 17:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 16:31 - 2013-02-04 21:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 19:19 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-11 23:22 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\servicing 2013-06-10 17:43 - 2013-02-04 23:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini 2013-06-09 11:54 - 2013-06-09 11:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 11:28 - 2013-06-09 11:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 08:44 - 2013-02-03 21:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google 2013-06-09 08:39 - 2013-02-03 21:16 - 00000000 ____D C:\Program Files (x86)\Google 2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 21:34 - 2013-06-08 21:28 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 21:34 - 2013-02-11 00:19 - 00000000 ____D C:\Program Files\Lenovo 2013-06-08 21:28 - 2013-06-08 21:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 21:20 - 2013-06-08 15:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 21:19 - 2013-06-08 21:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 21:19 - 2013-02-03 20:15 - 00000000 ____D C:\Program Files (x86)\Intel 2013-06-08 21:16 - 2013-06-08 21:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 21:16 - 2013-06-08 21:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 21:12 - 2013-06-08 21:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 20:02 - 2013-06-08 20:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 20:02 - 2013-06-08 20:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 20:02 - 2013-06-08 20:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 20:02 - 2013-06-08 20:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 20:02 - 2013-04-12 15:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 20:02 - 2013-04-12 15:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 20:01 - 2013-06-08 20:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 20:01 - 2013-06-08 20:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 20:01 - 2013-06-08 20:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 20:01 - 2013-06-08 20:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 20:01 - 2013-06-08 20:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 20:01 - 2013-02-03 21:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-08 20:01 - 2013-02-03 21:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 19:59 - 2013-06-08 19:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 19:56 - 2013-06-08 19:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 19:56 - 2013-06-08 19:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 19:49 - 2013-06-08 19:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 18:54 - 2013-06-08 18:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 18:48 - 2013-06-08 18:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 18:47 - 2013-06-08 18:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 18:47 - 2013-06-08 18:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 17:32 - 2013-06-08 17:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 17:29 - 2013-06-03 16:10 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-08 16:48 - 2013-02-03 20:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore 2013-06-08 15:46 - 2013-06-08 15:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 15:40 - 2013-06-08 15:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 15:34 - 2013-06-08 15:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 15:31 - 2013-06-08 15:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 15:28 - 2013-06-08 15:27 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 15:28 - 2013-06-08 15:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 15:27 - 2013-06-08 15:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 15:27 - 2013-06-08 15:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 22:32 - 2013-02-11 00:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-06 22:09 - 2013-06-06 21:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 21:55 - 2013-05-30 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-06 21:55 - 2013-02-04 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar 2013-06-06 21:50 - 2013-06-06 21:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-06 17:09 - 2012-01-07 17:24 - 00000000 ____D C:\Users\Santa\dwhelper 2013-06-06 13:16 - 2013-02-04 23:09 - 00000000 ____D C:\Program Files\BatteryBar 2013-06-05 22:50 - 2013-02-03 21:16 - 00000000 ____D C:\Program Files\Classic Shell 2013-06-04 23:09 - 2013-05-30 16:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-04 23:09 - 2013-05-30 16:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 19:05 - 2013-02-09 15:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini 2013-06-04 19:02 - 2013-06-04 19:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 18:49 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-04 18:49 - 2013-02-03 21:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent 2013-06-04 18:48 - 2013-02-04 23:10 - 00000000 ____D C:\Program Files\CCleaner 2013-06-04 18:22 - 2013-06-04 18:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 18:13 - 2013-02-04 23:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk 2013-06-04 18:07 - 2013-06-04 18:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 18:07 - 2013-05-30 18:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-06-04 15:20 - 2013-02-11 00:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer 2013-06-04 13:04 - 2013-02-11 00:19 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-06-04 12:56 - 2013-06-04 12:51 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 12:51 - 2013-06-04 12:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-04 12:51 - 2012-07-26 09:12 - 00000000 __RSD C:\Windows\Media 2013-06-03 18:08 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-06-03 16:30 - 2013-06-03 16:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-02 11:38 - 2013-06-02 11:38 - 00000000 ____D C:\Users\Santa\.android 2013-06-02 11:36 - 2013-02-03 21:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++ 2013-06-01 11:38 - 2013-05-30 18:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-31 21:26 - 2013-05-31 21:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 13:19 - 2013-05-31 13:19 - 00000000 ____D C:\ZOPO 2013-05-30 19:59 - 2013-05-30 19:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 19:25 - 2013-05-30 19:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 16:24 - 2013-02-06 19:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software 2013-05-30 16:19 - 2013-02-05 22:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini 2013-05-30 16:17 - 2013-05-30 16:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 16:12 - 2013-02-03 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-30 16:12 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData 2013-05-30 16:12 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore 2013-05-30 15:57 - 2013-05-30 15:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 15:57 - 2013-02-12 11:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software 2013-05-24 18:05 - 2013-06-04 12:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-05-24 14:21 - 2013-06-14 23:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-05-19 11:54 - 2013-05-19 11:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-03 16:06:42 Restore point made on: 2013-06-05 20:20:13 Restore point made on: 2013-06-05 22:50:16 Restore point made on: 2013-06-08 15:31:09 Restore point made on: 2013-06-08 18:51:01 Restore point made on: 2013-06-08 21:17:44 Restore point made on: 2013-06-08 21:32:32 Restore point made on: 2013-06-12 21:22:58 Restore point made on: 2013-06-15 06:52:02 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8103.23 MB Available physical RAM: 7279.2 MB Total Pagefile: 8103.23 MB Available Pagefile: 7287.05 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:74.43 GB) (Free:12.1 GB) NTFS (Disk=1 Partition=2) Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive e: (T_094432277) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 (Disk=2 Partition=1) Drive f: (Volume) (Fixed) (Total:379.63 GB) (Free:11.3 GB) NTFS (Disk=0 Partition=4) Drive g: (DATA) (Fixed) (Total:75.19 GB) (Free:16.83 GB) NTFS (Disk=0 Partition=2) Drive h: (W8_Recovery) (Fixed) (Total:9.77 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=3) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.82 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 9D286FA3) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=380 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 9F478B1E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 96BD01E5) Partition 1: (Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-06-11 19:03 ==================== End Of Log ============================ |
![]() | #14 |
ATTFilter HKU\Santa\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [745472 2013-06-15] (Microsoft Corporation) IMEO\hijackthis.exe: [Debugger] cxyqahc_.exe IMEO\housecalllauncher.exe: [Debugger] sbvhynp_.exe IMEO\mbam.exe: [Debugger] qs_.exe IMEO\mbamgui.exe: [Debugger] vf_.exe IMEO\MSASCui.exe: [Debugger] qs_.exe IMEO\MsMpEng.exe: [Debugger] zt_.exe IMEO\msseces.exe: [Debugger] hw_.exe IMEO\rstrui.exe: [Debugger] xsytzec_.exe IMEO\spybotsd.exe: [Debugger] ltoazty_.exe S3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp6282.tmp [x] 2013-06-15 20:47 - 2013-06-16 09:10 - 00000000 ____D C:\Users\Santa\AppData\Roaming\WindowsLogonS 2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0 2013-06-15 10:46 - 2013-06-15 10:46 - 00000000 __SHD C:\ProgramData\svsupdates0
Reboot in den normalen Modus und von dort nen frischen FRST Scan bitte.
![]() | #15 |
![]() | ![]() Coin-miner zieht alle ressourcen! Processor 100% Hallo Schrauber, nein, das war's leider noch nicht. ![]() Ein paar Sekunden nach dem Hochfahren waren alle Prozessoren wieder auf 100% Hier die beiden logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013 Ran by SYSTEM at 2013-06-16 11:57:57 Run:2 Running from E:\ Boot Mode: Recovery ============================================== HKU\Santa\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Flash Updater => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\housecalllauncher.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. WinRing0_1_2_0 => Service deleted successfully. C:\Users\Santa\AppData\Roaming\WindowsLogonS => Moved successfully. C:\ProgramData\svsupdates0 => Moved successfully. C:\ProgramData\svsupdates0 => File/Directory not found. ==== End of Fixlog ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Santa (administrator) on 16-06-2013 12:00:47 Running from G:\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AddGadgets) G:\Downloads\Gadgets\PCMeter\PCMeterV0.3.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\System32\LocationNotifications.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\WINDOWS\System32\WScript.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Ufasoft) C:\FRST\Quarantine\WindowsLogonS\WindowsLogonS\shell.exe (Ufasoft) C:\FRST\Quarantine\WindowsLogonS\WindowsLogonS\macromedia.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KeyLemon LemonScreen] C:\Program Files\KeyLemon\KLLockEngine.exe atstartup [1004984 2012-12-17] (KeyLemon) HKLM\...\Run: [KeyLemon Updater] C:\Program Files\KeyLemon\KLUpdater.exe [705464 2012-12-17] (KeyLemon) HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1371648 2012-05-19] (Microsoft Corporation) HKCU\...\Run: [NPowerTray] G:\Downloads\NPowerTray.exe [x] HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] () HKCU\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-21] (Google) HKCU\...\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-06-09] (Google Inc.) HKCU\...\Run: [MusicManager] "C:\Users\Santa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-24] (Google Inc.) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" [x] Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Santa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Santa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> C:\FRST\Quarantine\WindowsLogonS\WindowsLogonS\usft_ext.exe.vbs () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: msdaipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default FF Homepage: hxxp://web.de/|hxxp://www.google.com/ig?hl=de|https://ksab.kroschu.com/webaccess/index.php|hxxp://www.gizmodo.de/|hxxp://www.focus.de/|hxxp://www.myliveshopping.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version= - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF Extension: Flagfox - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: DownloadHelper - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: amznUWL2 - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\amznUWL2@amazon.com.xpi FF Extension: client - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\client@anonymox.net.xpi FF Extension: musicplayer - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\musicplayer@firemediaplayer.com.xpi FF Extension: SkipScreen - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\SkipScreen@SkipScreen.xpi FF Extension: translator - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\translator@zoli.bod.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: No Name - C:\Users\Santa\AppData\Roaming\Mozilla\Firefox\Profiles\5zat8v2p.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll () CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (Java Deployment Toolkit - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YOUZEEK Free Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0 CHR Extension: (YouTube) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (Google Play Music) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0 CHR Extension: (Gmail) - C:\Users\Santa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2000-01-01] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-30] (Freemake) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R1 ACLE6Live; C:\WINDOWS\system32\Drivers\ACLE1764.sys [109016 2013-02-14] (Softwareentwicklung Remus - ArchiCrypt - ) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2000-01-01] (Broadcom Corporation.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-06-16] () R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) R3 WinRing0_1_2_0; \??\C:\Users\Santa\AppData\Local\Temp\tmp568C.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT 2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 16:01 - 2013-06-15 17:21 - 00000000 ____D C:\FRST 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 00:21 - 2013-05-24 15:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-06-13 19:15 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 18:11 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 18:11 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 18:11 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 18:11 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 18:11 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 17:11 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 22:23 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:23 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 21:51 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2013-06-12 21:51 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 21:51 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll 2013-06-12 21:51 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 21:51 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 21:51 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:51 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:51 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:51 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 21:51 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 19:21 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:43 - 2013-06-16 10:48 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-09 09:43 - 2013-06-16 09:48 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-09 09:39 - 2013-06-16 11:59 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-09 09:39 - 2013-06-16 10:44 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:35 - 2000-01-01 02:00 - 00161144 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 02231064 ____A (Broadcom Corporation.) C:\Windows\System32\BcmBtRSupport.dll 2013-06-08 22:34 - 2000-01-01 02:00 - 02227992 ____A (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe 2013-06-08 22:34 - 2000-01-01 02:00 - 00226680 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00186136 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00169240 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00040248 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys 2013-06-08 22:34 - 2000-01-01 02:00 - 00020856 ____A (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys 2013-06-08 22:28 - 2013-06-08 22:34 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-15 17:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2000-01-01 02:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-16 11:59 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-08 22:12 - 2013-06-16 11:59 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 20:59 - 2013-06-15 13:07 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:46 - 2013-06-08 19:47 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 22:20 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:27 - 2013-06-08 16:28 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:27 - 2013-06-08 16:28 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 22:52 - 2013-06-06 23:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:50 - 2013-06-16 11:59 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 13:52 - 2013-05-24 19:05 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-06-04 13:51 - 2013-06-04 13:56 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-03 17:10 - 2013-06-08 18:29 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 22:26 - 2011-11-25 01:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 19:37 - 2013-06-04 19:07 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-05-30 19:37 - 2013-06-01 12:38 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:13 - 2013-06-05 00:09 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-30 17:13 - 2013-06-05 00:09 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:34 - 2013-06-06 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-30 16:04 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2013-05-30 16:04 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:04 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll 2013-05-30 16:04 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2013-05-30 16:03 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2013-05-30 16:03 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys 2013-05-30 16:03 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll 2013-05-30 16:03 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll 2013-05-30 16:03 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll 2013-05-30 16:03 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-05-30 16:03 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-05-30 16:03 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-05-30 16:03 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll 2013-05-30 16:03 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll 2013-05-30 16:03 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2013-05-30 16:03 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl 2013-05-30 16:03 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2013-05-30 16:03 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-05-30 16:03 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2013-05-30 16:03 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys 2013-05-30 16:03 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2013-05-30 16:03 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys 2013-05-30 16:03 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2013-05-30 16:03 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2013-05-30 16:03 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-30 16:03 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-30 16:03 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-30 16:03 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2013-05-30 16:03 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2013-05-30 16:03 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2013-05-30 16:03 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll 2013-05-30 16:03 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml 2013-05-30 16:03 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi 2013-05-30 16:03 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe 2013-05-30 16:03 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi 2013-05-30 16:03 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe 2013-05-30 16:03 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll 2013-05-30 16:03 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-30 16:03 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-05-30 16:01 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-30 16:01 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-05-30 15:59 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2013-05-30 15:59 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll 2013-05-30 15:59 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2013-05-30 15:59 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-30 15:59 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-30 15:59 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-30 15:59 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-30 15:59 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== One Month Modified Files and Folders ======= 2013-06-16 12:00 - 2013-03-30 17:23 - 00016041 ____A C:\Users\Santa\Network_Meter_Data.js 2013-06-16 12:00 - 2013-02-03 22:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Skype 2013-06-16 12:00 - 2013-02-03 21:35 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Dropbox 2013-06-16 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru 2013-06-16 11:59 - 2013-06-09 09:39 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 11:59 - 2013-06-08 22:12 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2013-06-16 11:59 - 2013-06-08 22:12 - 00000418 ____A C:\Windows\Tasks\SlimDrivers Startup.job 2013-06-16 11:59 - 2013-06-06 22:50 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-16 11:59 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 11:20 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-06-16 11:19 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat 2013-06-16 11:19 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat 2013-06-16 11:19 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-16 11:18 - 2013-03-31 01:13 - 00000026 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Usage.ini 2013-06-16 11:09 - 2013-03-28 14:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:48 - 2013-06-09 09:43 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000UA.job 2013-06-16 10:44 - 2013-06-09 09:39 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:49 - 2013-06-16 09:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-16 09:48 - 2013-06-09 09:43 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236658316-3132239065-196456727-1000Core.job 2013-06-15 19:47 - 2013-06-15 19:47 - 00001842 ____A C:\Users\Santa\Desktop\JRT.txt 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\Windows\ERUNT 2013-06-15 19:43 - 2013-06-15 19:43 - 00000000 ____D C:\JRT 2013-06-15 19:39 - 2013-06-15 19:39 - 00010597 ____A C:\AdwCleaner[S1].txt 2013-06-15 17:21 - 2013-06-15 16:01 - 00000000 ____D C:\FRST 2013-06-15 17:20 - 2013-06-08 22:20 - 00001174 ____A C:\Windows\PFRO.log 2013-06-15 15:09 - 2013-06-15 15:09 - 862801894 ____A C:\Windows\MEMORY.DMP 2013-06-15 13:07 - 2013-06-08 20:59 - 01083791 ____A C:\Windows\WindowsUpdate.log 2013-06-15 02:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache 2013-06-15 00:18 - 2013-02-09 16:59 - 00000000 ____D C:\Users\Santa\AppData\Roaming\vlc 2013-06-13 22:24 - 2013-02-03 22:01 - 00000000 ____D C:\Users\Santa\AppData\Roaming\UseNeXT 2013-06-13 22:09 - 2013-02-03 21:45 - 00000000 ____D C:\Users\Santa\AppData\Roaming\KeePass 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\Newshosting 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Users\Santa\AppData\Local\CrashRpt 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\ProgramData\Caphyon 2013-06-13 18:32 - 2013-06-13 18:32 - 00000000 ____D C:\Program Files\Newshosting 2013-06-13 18:32 - 2013-02-03 20:59 - 00000000 ____D C:\users\Santa 2013-06-13 18:30 - 2013-06-13 18:30 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Newshosting 2013-06-13 17:31 - 2013-02-04 22:44 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 20:19 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-06-12 00:22 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing 2013-06-10 18:43 - 2013-02-05 00:26 - 00000853 ____A C:\Users\Santa\AppData\Roaming\Drives Meter_Settings.ini 2013-06-09 12:54 - 2013-06-09 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes Library Updater 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iTunes 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files\iPod 2013-06-09 12:28 - 2013-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-09 09:44 - 2013-02-03 22:16 - 00000000 ____D C:\Users\Santa\AppData\Local\Google 2013-06-09 09:39 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files (x86)\Google 2013-06-08 22:35 - 2013-06-08 22:35 - 00000000 ____D C:\Users\Santa\AppData\Local\Broadcom 2013-06-08 22:34 - 2013-06-08 22:28 - 00000433 ____A C:\Windows\setupact.log 2013-06-08 22:34 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files\Lenovo 2013-06-08 22:28 - 2013-06-08 22:28 - 00000000 ____A C:\Windows\setuperr.log 2013-06-08 22:20 - 2013-06-08 16:34 - 00000334 ____A C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job 2013-06-08 22:19 - 2013-06-08 22:19 - 00000000 ____D C:\Users\Santa\AppData\Local\pcwServiceCenter 2013-06-08 22:19 - 2013-02-03 21:15 - 00000000 ____D C:\Program Files (x86)\Intel 2013-06-08 22:16 - 2013-06-08 22:16 - 00002467 ____A C:\Users\Public\Desktop\SlimDrivers.lnk 2013-06-08 22:16 - 2013-06-08 22:16 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-08 22:12 - 2013-06-08 22:12 - 00000000 ____D C:\Users\Santa\AppData\Local\SlimWare Utilities Inc 2013-06-08 21:02 - 2013-06-08 21:02 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-08 21:02 - 2013-04-12 16:38 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-08 21:02 - 2013-04-12 16:38 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-08 21:01 - 2013-06-08 21:01 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-08 21:01 - 2013-06-08 21:01 - 00001168 ____A C:\Users\Santa\Desktop\Google Talk.lnk 2013-06-08 21:01 - 2013-02-03 22:14 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-08 21:01 - 2013-02-03 22:14 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\Secunia PSI 2013-06-08 20:59 - 2013-06-08 20:59 - 00000000 ____D C:\Program Files (x86)\Secunia 2013-06-08 20:56 - 2013-06-08 20:56 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-08 20:56 - 2013-06-08 20:56 - 00000749 ____A C:\Users\Public\Desktop\dMaintenanceConfig.zip 2013-06-08 20:49 - 2013-06-08 20:49 - 00024576 ____A C:\Windows\System32\FoolishEventLogMsgHelper.dll 2013-06-08 19:54 - 2013-06-08 19:54 - 00000000 ____D C:\Program Files (x86)\Auslogics 2013-06-08 19:48 - 2013-06-08 19:48 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Auslogics 2013-06-08 19:47 - 2013-06-08 19:47 - 00000946 ____A C:\Users\Public\Desktop\PC-WELT-ServiceCenter.lnk 2013-06-08 19:47 - 2013-06-08 19:46 - 00000000 ____D C:\Program Files\PC-WELT-ServiceCenter 2013-06-08 18:32 - 2013-06-08 18:32 - 00000000 ____D C:\Windows\System32\appmgmt 2013-06-08 18:29 - 2013-06-03 17:10 - 00000000 ____D C:\Users\Santa\VMLites 2013-06-08 17:48 - 2013-02-03 21:03 - 00000000 ____D C:\Users\Santa\AppData\Local\VirtualStore 2013-06-08 16:46 - 2013-06-08 16:46 - 00000000 ____D C:\Users\Santa\AppData\Local\Engelmann_Media 2013-06-08 16:40 - 2013-06-08 16:40 - 00000000 ____D C:\ProgramData\Licenses 2013-06-08 16:34 - 2013-06-08 16:34 - 00000000 ____D C:\Users\Santa\AppData\Roaming\SuperEasy Software 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Engelmann Media 2013-06-08 16:31 - 2013-06-08 16:31 - 00000000 ____D C:\Program Files (x86)\Engelmann Media 2013-06-08 16:28 - 2013-06-08 16:27 - 00010458 ____A C:\Windows\Q-Dir.ini 2013-06-08 16:28 - 2013-06-08 16:27 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Q-Dir 2013-06-08 16:27 - 2013-06-08 16:27 - 00001832 ____A C:\Users\Public\Desktop\Q-Dir.lnk 2013-06-08 16:27 - 2013-06-08 16:27 - 00000000 ____D C:\Program Files (x86)\Q-Dir 2013-06-06 23:32 - 2013-02-11 01:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-06 23:09 - 2013-06-06 22:52 - 00000000 ____D C:\Users\Santa\AppData\Roaming\GlarySoft 2013-06-06 22:55 - 2013-05-30 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-06 22:55 - 2013-02-05 00:09 - 00000000 ____D C:\Users\Santa\AppData\Roaming\BatteryBar 2013-06-06 22:50 - 2013-06-06 22:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-06-06 18:09 - 2012-01-07 18:24 - 00000000 ____D C:\Users\Santa\dwhelper 2013-06-06 14:16 - 2013-02-05 00:09 - 00000000 ____D C:\Program Files\BatteryBar 2013-06-05 23:50 - 2013-02-03 22:16 - 00000000 ____D C:\Program Files\Classic Shell 2013-06-05 00:09 - 2013-05-30 17:13 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-05 00:09 - 2013-05-30 17:13 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-04 20:05 - 2013-02-09 16:08 - 00000021 ____A C:\Users\Santa\AppData\Roaming\ISOWorkshop.ini 2013-06-04 20:02 - 2013-06-04 20:02 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2013-06-04 19:49 - 2013-02-03 22:17 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-06-04 19:49 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\uTorrent 2013-06-04 19:48 - 2013-02-05 00:10 - 00000000 ____D C:\Program Files\CCleaner 2013-06-04 19:22 - 2013-06-04 19:22 - 00000000 ____D C:\ProgramData\Bluray Decrypter 2013-06-04 19:13 - 2013-02-05 00:37 - 00001198 ____A C:\Users\Public\Desktop\ISO Workshop.lnk 2013-06-04 19:07 - 2013-06-04 19:07 - 00000000 ____D C:\Program Files\Handbrake 2013-06-04 19:07 - 2013-05-30 19:37 - 00000827 ____A C:\Users\Santa\Desktop\Handbrake.lnk 2013-06-04 16:20 - 2013-02-11 01:20 - 00000000 ____D C:\Users\Santa\AppData\Roaming\TeamViewer 2013-06-04 14:04 - 2013-02-11 01:19 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-06-04 13:56 - 2013-06-04 13:51 - 00000000 ____D C:\ProgramData\Lenovo 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Windows\Downloaded Installations 2013-06-04 13:51 - 2013-06-04 13:51 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-06-04 13:51 - 2012-07-26 10:12 - 00000000 __RSD C:\Windows\Media 2013-06-03 19:08 - 2013-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-06-03 17:30 - 2013-06-03 17:30 - 00000000 ____D C:\Users\Santa\AppData\Local\VMLite Workstation 2013-06-02 12:38 - 2013-06-02 12:38 - 00000000 ____D C:\Users\Santa\.android 2013-06-02 12:36 - 2013-02-03 22:15 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Notepad++ 2013-06-01 12:38 - 2013-05-30 19:37 - 00000000 ____D C:\Users\Santa\AppData\Roaming\HandBrake 2013-05-31 22:26 - 2013-05-31 22:26 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android 2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\ZOPO 2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\Santa\AppData\Local\FreemakeVideoConverter 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\ProgramData\Freemake 2013-05-30 20:25 - 2013-05-30 20:25 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-05-30 17:24 - 2013-02-06 20:07 - 00000000 ____D C:\Users\Santa\AppData\Roaming\JAM Software 2013-05-30 17:19 - 2013-02-05 23:11 - 00001080 ____A C:\Users\Santa\AppData\Roaming\Network Meter_Settings.ini 2013-05-30 17:17 - 2013-05-30 17:17 - 00310216 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-30 17:12 - 2013-02-03 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2013-05-30 17:12 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore 2013-05-30 16:57 - 2013-05-30 16:57 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2013-05-30 16:57 - 2013-02-12 12:51 - 00000000 ____D C:\Users\Santa\AppData\Roaming\Foxit Software 2013-05-24 19:05 - 2013-06-04 13:52 - 02366320 ____A (Microsoft Corporation) C:\Windows\System32\WudfUpdate_01011.dll 2013-05-24 15:21 - 2013-06-15 00:21 - 00000572 ___RA C:\Windows\SysWOW64\revolution.2012.118.720p-dimension.nfo 2013-05-19 12:54 - 2013-05-19 12:54 - 00097176 ____A (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-11 20:03 ==================== End Of Log ============================ Gruss mamic |
![]() |
Themen zu Coin-miner zieht alle ressourcen! Processor 100% |
7-zip, android/exploit.lotoor.an, application/pdf:, askbar, autorun, bonjour, coin-miner, converter, flash player, homepage, iexplore.exe, install.exe, ntdll.dll, plug-in, programm, prozessor 100%, revo uninstaller, secunia psi, software, svchost.exe, usenext, vbs/coinminer.o, win 8, win32/injector.autoit.mb, windows, windows xp |